Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Virus PlusHD und Bluescreen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 23.02.2014, 12:08   #1
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Liebes Trojaner-Board-Team,

ich habe mehrere Probleme mit dem Computer eines Bekannten.

Betriebssystem Windows 8.1 Pro 64Bit
  • Norton Antivirus hat einen Virus von dem Programm "PlusHD" gefunden.
    Das Programm konnte ich aus der Softwareliste mit IOUninstaller entfernen.
  • In der Softwareliste waren diverse Programmeinträge von Windows LiveMesh in sehr vielen Sprachen (Siehe Screenshot). Diese habe ich bereits deinstalliert.
  • Aufruf von diversen Internetseite im Firefox
    Es werden während dem Surfen Seiten von Fastdailyfind.com und Akamaihd.net in neuen Fenstern geöffnet.
  • Bluescreen "Driver_Power_State_Failure"
    Hierzu gab es im Ereignisprotokoll noch Fehler mit dem ControlCenter von AMD. Dies habe ich auf die aktuelle Version aktualisiert. Trotzdem gibt es immer noch Bluescreens.
    Allerdings kommen diese nur wenn der Rechner nach ca. 5h wieder angeschaltet wird.

Anbei die Logfiles von MBAM, Spybot Search&Destroy, GMER und FRST.

Bei dem Suchlauf von GMER kam die Meldung "GMER has found system modification caused by ROOTKIT activity."

Was kann ich tun? Ist der Befall groß?

Grüße
Nico
Miniaturansicht angehängter Grafiken
Virus PlusHD und Bluescreen-software-screenshot.jpg  

Alt 23.02.2014, 12:11   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.


So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 23.02.2014, 12:38   #3
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Hier nochmal die Logfiles. Sorry für das zip-file.
FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-02-2014 01
Ran by Jürgen (administrator) on PC on 23-02-2014 11:34:59
Running from C:\Users\******\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - {10CB5879-4004-446E-BECA-76215B663C16} URL = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1
SearchScopes: HKCU - {AD182D6B-24FA-45BF-B54E-ABBBA51F035F} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKCU - {CD806F30-CF0D-4FC1-A3A9-22CF48A30D64} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho64.dll No File
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.250

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.6 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com [2014-02-02]
FF Extension: Amazon-Icon - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\amazon-icon@winload.de [2013-07-03]
FF Extension: pricealarm - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-07-03]
FF Extension: Spartipps von SparPilot.com - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\sparpilot@sparpilot.com [2013-07-03]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013-10-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]
CHR Extension: (No Name) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-07-03]
CHR Extension: (Amazon-Icon) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-10-30]
CHR Extension: (Plus-HD-2.6) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\******\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-07-03]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S4 MZCCntrl; C:\Program Files (x86)\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2007-01-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140222.007\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140222.007\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-06] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-23 11:34 - 2014-02-23 11:35 - 00016917 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-23 11:34 - 2014-02-23 11:34 - 00000000 ____D () C:\FRST
2014-02-23 11:33 - 2014-02-23 11:33 - 02154496 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:33 - 2014-02-22 11:34 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:36 - 2014-02-23 11:01 - 529532575 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-22 08:36 - 2014-02-22 08:37 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-22 08:36 - 2014-02-22 08:36 - 00013356 _____ () C:\WINDOWS\PFRO.log
2014-02-21 17:46 - 2014-02-23 11:18 - 00078182 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:08 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-21 16:08 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-21 16:08 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-21 16:08 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-21 16:08 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-21 16:08 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-21 16:08 - 2014-01-03 00:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-21 16:08 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-21 16:08 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-21 16:08 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-21 16:08 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-21 16:08 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-21 16:08 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-21 16:08 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-21 16:08 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-21 16:08 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-21 16:08 - 2013-12-27 11:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-27 09:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-21 16:08 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-21 16:08 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-21 16:08 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-21 16:08 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-21 16:08 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-21 16:08 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-21 16:08 - 2013-12-09 04:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 18:58 - 2014-02-21 16:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:28 - 2014-02-18 18:29 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-17 11:02 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-17 11:02 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-17 11:02 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-17 11:02 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-17 11:02 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-17 11:02 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-17 11:02 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-17 11:02 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-17 11:02 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-17 11:02 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-17 11:02 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-17 11:02 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-17 11:02 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-17 11:02 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-17 11:02 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-17 11:02 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-17 11:02 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-17 11:02 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-17 11:02 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-17 11:02 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-17 11:02 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-17 11:02 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-17 11:02 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-17 11:02 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-17 11:02 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 23:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 23:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 23:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 23:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 23:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 23:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 23:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 23:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 23:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 23:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 23:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 23:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 23:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 23:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 23:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 23:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 23:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 23:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 23:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 23:00 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 23:00 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 23:00 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 23:00 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 23:00 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 23:00 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 22:57 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 22:57 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 22:57 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 22:57 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 22:57 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 22:57 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 22:56 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 22:56 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 22:56 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 22:56 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 22:56 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 22:56 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 22:55 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 22:55 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 22:55 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-08 09:49 - 2014-02-08 09:49 - 00000000 ____D () C:\Users\******\AppData\Local\{7BEC04E0-2E30-4038-A41F-C6EB86E24E70}
2014-02-08 09:48 - 2014-02-08 09:48 - 00000000 ____D () C:\Users\******\AppData\Local\{C29C408A-93E8-4C83-B865-547302F6A83F}

==================== One Month Modified Files and Folders =======

2014-02-23 11:35 - 2014-02-23 11:34 - 00016917 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-23 11:34 - 2014-02-23 11:34 - 00000000 ____D () C:\FRST
2014-02-23 11:33 - 2014-02-23 11:33 - 02154496 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-23 11:18 - 2014-02-21 17:46 - 00078182 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-23 11:12 - 2013-12-06 16:31 - 00005116 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Jürgen PC
2014-02-23 11:06 - 2012-11-24 18:00 - 00000000 ____D () C:\Users\******\Documents\Outlook-Dateien
2014-02-23 11:06 - 2012-11-16 22:47 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-801751274-2948684052-609766611-1002
2014-02-23 11:06 - 2008-01-01 08:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-23 11:05 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-23 11:05 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-23 11:05 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-23 11:02 - 2012-12-04 15:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-23 11:01 - 2014-02-22 08:36 - 529532575 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-23 11:01 - 2013-12-07 19:31 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-23 11:01 - 2013-12-06 10:11 - 00000000 ____D () C:\Users\******
2014-02-23 11:01 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-22 17:40 - 2012-12-04 15:58 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-22 17:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:34 - 2014-02-22 11:33 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:37 - 2014-02-22 08:36 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-22 08:36 - 2014-02-22 08:36 - 00013356 _____ () C:\WINDOWS\PFRO.log
2014-02-21 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-21 17:35 - 2012-12-04 15:58 - 00004110 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-21 17:35 - 2012-12-04 15:58 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 17:02 - 2013-12-06 10:06 - 00000000 ___DC () C:\WINDOWS\Panther
2014-02-21 17:01 - 2013-10-17 09:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\IObit
2014-02-21 17:01 - 2013-10-17 09:45 - 00000000 ____D () C:\ProgramData\IObit
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-21 16:49 - 2013-08-22 15:44 - 00423712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-21 16:49 - 2012-11-17 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files\Google
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-21 16:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:13 - 2014-02-18 18:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-21 16:00 - 2012-12-04 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 22:07 - 2008-01-01 08:31 - 00003742 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-19 09:11 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 19:02 - 2012-07-19 00:00 - 00000000 ____D () C:\ProgramData\AMD
2014-02-18 19:02 - 2012-07-18 23:59 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-18 18:59 - 2013-12-06 10:08 - 00000000 ____D () C:\Program Files\AMD
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:29 - 2014-02-18 18:28 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-18 13:04 - 2012-11-16 22:41 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 13:03 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-16 10:26 - 2013-08-14 08:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 10:25 - 2011-07-18 21:31 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-09 11:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-08 09:49 - 2014-02-08 09:49 - 00000000 ____D () C:\Users\******\AppData\Local\{7BEC04E0-2E30-4038-A41F-C6EB86E24E70}
2014-02-08 09:48 - 2014-02-08 09:48 - 00000000 ____D () C:\Users\******\AppData\Local\{C29C408A-93E8-4C83-B865-547302F6A83F}
2014-02-06 13:16 - 2014-02-12 23:00 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 23:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 23:00 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 23:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:00 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 23:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-12 23:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 23:00 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 23:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 23:00 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 23:00 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 23:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 23:00 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 23:00 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 23:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 23:00 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-12 23:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 23:00 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 23:00 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 23:00 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 23:00 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 23:00 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 23:00 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 23:00 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 23:00 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 23:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 23:00 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 23:00 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-30 22:24 - 2014-01-05 16:56 - 00109937 _____ () C:\Users\******\Documents\Eumex 050114.800
2014-01-30 08:59 - 2012-12-17 17:43 - 00000000 ____D () C:\Users\******\Desktop\FeWo

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-22 17:03

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---


FRST Additional Logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-02-2014 01
Ran by Jürgen at 2014-02-23 11:35:37
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton AntiVirus Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton AntiVirus Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.3.0.3670 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.3.0.3670 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD AVIVO64 Codecs (Version: 12.2.0.20504 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.70504.1544 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio (HKLM-x32\...\Ashampoo Burning Studio_is1) (Version: 10.0.10 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Commander (HKLM-x32\...\Ashampoo Photo Commander_is1) (Version: 9.2.0 - Ashampoo GmbH & Co. KG)
Ashampoo Photo Optimizer (HKLM-x32\...\Ashampoo Photo Optimizer_is1) (Version: 4.0.0 - Ashampoo GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.1.0.18 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.24 - Piriform)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.5.5310 - CyberLink Corp.)
CyberLink PowerRecover (x32 Version: 5.5.5310 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Eumex 800 V1.30 (HKLM-x32\...\InstallShield_{FACE9D51-E374-4DDB-857C-816FCB1D6B40}) (Version: 1.30.0000 - T-Home)
Eumex 800 V1.30 (x32 Version: 1.30.0000 - T-Home) Hidden
Eumex RNDIS64 Treiber V1.02 (HKLM\...\{293C4FDD-FB80-48F8-8B40-F085392FDAA1}) (Version: 1.02.0000 - Deutsche Telekom)
Fotogalerija Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galeria fotografii usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.117 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
iTunes (HKLM\...\{F73A118B-8271-47E2-8790-0C636B2539C5}) (Version: 11.1.0.126 - Apple Inc.)
Java Auto Updater (x32 Version: 2.1.6.0 - Sun Microsystems, Inc.) Hidden
Java(TM) 7 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417005FF}) (Version: 7.0.50 - Oracle)
Java(TM) 7 Update 5 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217005FF}) (Version: 7.0.50 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave (HKLM-x32\...\{CA227A9D-09BE-4BFB-9764-48FED2DA5454}) (Version: 15.4.5722.2 - Microsoft Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Norton AntiVirus (HKLM-x32\...\NAV) (Version: 20.4.0.40 - Symantec Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Poczta usługi Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Podstawowe programy Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Pošta Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6591 - Realtek Semiconductor Corp.)
RecImg Manager (HKLM-x32\...\{544D7506-6582-46D9-A849-5F7C92E3D642}) (Version: 1.1.21813 - SlimWare Utilities, Inc.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
SDK Debuggers (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
Spelling Dictionaries Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-A00000000004}) (Version: 10.0.0 - Adobe Systems Incorporated)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Telekom Fotoservice (HKLM-x32\...\Telekom Fotoservice) (Version:  - )
T-Online 6.0 (HKLM-x32\...\{B1275E23-717A-4D52-997A-1AD1E24BC7F3}) (Version:  - )
T-Online WLAN-Access Finder (HKLM-x32\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version:  - )
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalleri (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotoğraf Galerisi (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotótár (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Temel Parçalar (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven asennustyökalu (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven sähköposti (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Liven valokuvavalikoima (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{2fc72c67-2837-46c2-b20a-9acb0d3cb2b2}) (Version: 8.100.25984 - Microsoft Corporation)
Windows Utils (HKLM-x32\...\Windows Utils) (Version:  - )
Windows-Treiberpaket - T-Home Net  (06/30/2010 6.0.6000.16384) (HKLM\...\7B73EBFEF26F2C40D3AA9D389F5CF2C77121106C) (Version: 06/30/2010 6.0.6000.16384 - T-Home)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

13-02-2014 15:42:34 Windows Update
18-02-2014 13:32:14 Windows Update
21-02-2014 14:59:56 Quitado Control ActiveX de Windows Live Mesh para conexiones remotas

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {07E9BD33-E9E7-4A46-A312-C15526D31961} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {097C36B8-81DC-4BEA-919A-FD1C4C233811} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2A03E9E7-5B10-4BF3-9CA5-E4F9D91865A3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {30B25811-B7CF-4972-BD47-424BD1D69CFD} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-10-24] (Piriform Ltd)
Task: {3446EA76-378A-4B46-8441-C7319AC87A07} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37FC10D9-27AA-4E8E-BBD5-80CBD7367629} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-02-16] (Microsoft Corporation)
Task: {3B6A2309-D4C0-4A87-B670-CF5B8479F344} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {45B409AD-034D-4F23-A99B-072DEF830C85} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {554002F1-C59E-41E7-B095-2704A2AA9947} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {582CE772-BC1A-4AAE-95A9-612E3F71F407} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {6524A4EF-EF7F-4DBB-B6A6-621F7BD6EE51} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {6FC619F5-0DE2-4110-A3D6-86EDE4E56054} - System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Jürgen PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-01-15] (Microsoft Corporation)
Task: {72BBEF92-3230-482B-BB2E-2D66919CAE87} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {803D698F-2E53-48EF-875C-2278DF667F47} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {81C9863B-7FA7-4B5B-8724-6D0B80E88929} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8B06F82D-A2F9-4620-B1CD-9FE4061DC117} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8D8A17FE-9F17-4BFA-9CA3-A649D0B569CB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-20] (Adobe Systems Incorporated)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD7FAB58-15DC-4E7D-A4E1-60EE5974B9B7} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {AF420AC6-CA29-4854-8452-097F3807D77A} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {B5F353CE-6293-49C1-8158-8E7C22EB387F} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {BD2B3A81-5556-404C-80F1-DD22E14AB662} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {BDBDC914-38F2-46FF-BD95-416907B1EE4B} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {BE89A169-F752-466B-9744-B68228488F01} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {BF2A6B90-63B6-4C35-BE73-AC9153A9062E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {C3B6AFE9-1276-490F-B3CC-84D1C5AF103B} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C563629E-5497-4215-BC3B-DD04C07296C4} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {CCD1963F-9C59-4686-AC1B-2DCDF36F512C} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D24F4A6C-D68F-4228-A0D3-396DBF5E0385} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {D6BDD73A-E61D-4BC5-A3B1-DDEA50ADEDA0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E0A2C520-6FE9-4E4E-95C8-33B4BE9805D0} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {E6127866-8945-4453-B377-341872E47C62} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC0DA98B-3FE6-4847-90BE-763EEFBABD06} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-04] (Google Inc.)
Task: {EDCBC82A-6F80-4802-BADA-9E31595766CC} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {F0BD0592-FDCA-4385-84FC-E0BD7AFC8AA7} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-15 14:07 - 2013-08-23 14:45 - 00386216 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-15 14:07 - 2013-10-31 09:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-15 14:07 - 2013-10-31 09:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 20:44 - 2013-04-21 20:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-01-15 14:08 - 2014-01-15 14:08 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-01-15 14:08 - 2014-01-15 14:08 - 00359592 _____ () C:\Program Files\Microsoft Office 15\root\office15\c2r32.dll
2014-02-20 22:11 - 2014-02-20 22:11 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\******\AppData\Roaming\Kommagetrennte Werte (DOS).EML:OECustomProperty
AlternateDataStreams: C:\Users\******\AppData\Roaming\Kommagetrennte Werte (Windows).EML:OECustomProperty

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: MemeoBackgroundService => 2
MSCONFIG\Services: MZCCntrl => 2

==================== Faulty Device Manager Devices =============

Name: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Description: Realtek RTL8191SU Wireless LAN 802.11n USB 2.0-Netzwerkadapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek Semiconductor Corp.
Service: RTL8192su
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (02/22/2014 05:06:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/22/2014 11:47:37 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/22/2014 11:46:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/22/2014 08:49:49 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/21/2014 06:26:08 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/21/2014 06:24:57 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/21/2014 04:00:05 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (02/20/2014 05:12:01 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest.
Komponente 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest.

Error: (02/18/2014 07:02:12 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9600.16384, Zeitstempel: 0x52158c02
Name des fehlerhaften Moduls: MSI5633.tmp, Version: 2.0.0.9, Zeitstempel: 0x4d4b089c
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00019d88
ID des fehlerhaften Prozesses: 0xd6c
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Vollständiger Name des fehlerhaften Pakets: MsiExec.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsiExec.exe5

Error: (02/18/2014 07:02:07 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9600.16384, Zeitstempel: 0x52158c02
Name des fehlerhaften Moduls: MSI4B5C.tmp, Version: 2.0.0.9, Zeitstempel: 0x4d4b089c
Ausnahmecode: 0xc000000d
Fehleroffset: 0x00019d88
ID des fehlerhaften Prozesses: 0x4a8
Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0
Pfad der fehlerhaften Anwendung: MsiExec.exe1
Pfad des fehlerhaften Moduls: MsiExec.exe2
Berichtskennung: MsiExec.exe3
Vollständiger Name des fehlerhaften Pakets: MsiExec.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsiExec.exe5


System errors:
=============
Error: (02/23/2014 11:06:30 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT-AUTORITÄTLokaler DienstS-1-5-19LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (02/23/2014 11:01:24 AM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe000028b8060, 0xfffff801579307c0, 0xffffe00000c924f0)C:\WINDOWS\MEMORY.DMP022314-19953-01

Error: (02/23/2014 11:01:24 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎22.‎02.‎2014 um 17:32:54 unerwartet heruntergefahren.

Error: (02/23/2014 00:07:59 AM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (02/23/2014 00:07:59 AM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/22/2014 05:53:30 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (02/22/2014 05:53:30 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error: (02/22/2014 04:52:55 PM) (Source: BugCheck) (User: )
Description: 0x0000009f (0x0000000000000003, 0xffffe0000289e060, 0xfffff8032e1307c0, 0xffffe00004c959a0)C:\WINDOWS\MEMORY.DMP022214-18531-01

Error: (02/22/2014 04:52:54 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎22.‎02.‎2014 um 12:13:49 unerwartet heruntergefahren.

Error: (02/22/2014 04:31:22 PM) (Source: disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.


Microsoft Office Sessions:
=========================
Error: (02/22/2014 05:06:20 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/22/2014 11:47:37 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/22/2014 11:46:49 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/22/2014 08:49:49 AM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/21/2014 06:26:08 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/21/2014 06:24:57 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/21/2014 04:00:05 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (02/20/2014 05:12:01 PM) (Source: SideBySide)(User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe

Error: (02/18/2014 07:02:12 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.9600.1638452158c02MSI5633.tmp2.0.0.94d4b089cc000000d00019d88d6c01cf2cd38b4390f3C:\Windows\syswow64\MsiExec.exeC:\WINDOWS\Installer\MSI5633.tmpca49de73-98c6-11e3-8354-00094f000001

Error: (02/18/2014 07:02:07 PM) (Source: Application Error)(User: )
Description: MsiExec.exe5.0.9600.1638452158c02MSI4B5C.tmp2.0.0.94d4b089cc000000d00019d884a801cf2cd33b85422bC:\Windows\syswow64\MsiExec.exeC:\WINDOWS\Installer\MSI4B5C.tmpc6f8dfce-98c6-11e3-8354-00094f000001


CodeIntegrity Errors:
===================================
  Date: 2014-02-21 18:30:08.259
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:08.150
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:08.087
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:08.025
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:07.947
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:07.884
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\msdatasrc.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:02.103
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:30:01.228
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:26:52.569
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.stdformat.dll that did not meet the Microsoft signing level requirements.

  Date: 2014-02-21 18:26:52.475
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\adodb.dll that did not meet the Microsoft signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 51%
Total physical RAM: 3545.07 MB
Available physical RAM: 1706.06 MB
Total Pagefile: 7129.07 MB
Available Pagefile: 5247.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (Boot) (Fixed) (Total:830.41 GB) (Free:783.11 GB) NTFS
Drive d: (Recover) (Fixed) (Total:100 GB) (Free:53.27 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 17AA74B7)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=830 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=100 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=1 GB) - (Type=12)

==================== End Of Log ============================
         

MBAM Logfile:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2014.02.21.08

Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Jürgen :: PC [Administrator]

21.02.2014 17:35:10
MBAM-log-2014-02-21 (19-25-25).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395293
Laufzeit: 40 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 6
HKCR\CrossriderApp0033440.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0033440.BHO.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0033440.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\Software\Crossrider (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt.
HKCU\Software\AppDataLow\Software\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 4
C:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard (1).exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
C:\Users\******\Downloads\SoftonicDownloader_fuer_ibm-spss-statistics-standard.exe (PUP.Optional.Softonic) -> Keine Aktion durchgeführt.
C:\Users\******\Downloads\SoftonicDownloader_fuer_repair-my-word.exe (PUP.Optional.Softonic.A) -> Keine Aktion durchgeführt.
D:\Apps\Windows 8 Tools\windows-start-menu4002-vistart.exe (Adware.Bundler) -> Keine Aktion durchgeführt.

(Ende)
         
Spybot Search&Destroy Logfile:

Code:
ATTFilter
Search results from Spybot - Search & Destroy

21.02.2014 17:35:02
Scan took 00:28:22.
45 items found.

iCrossRider: [SBI $5AF10FA5] Settings (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\AppDataLow\Software\Crossrider

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\cdn.flashtalking.com\FT_cookie.sol
  Properties.size=43
  Properties.md5=B36E1847615191796283CCC5FD9777EA
  Properties.filedate=1392553253
  Properties.filedatetext=2014-02-16 13:20:53

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\de-uim.cdn.videoplaza.tv\com.videoplaza.adplayer.sol
  Properties.size=132
  Properties.md5=46129E47CEAE0BF39EC30010D8618662
  Properties.filedate=1392930512
  Properties.filedatetext=2014-02-20 22:08:32

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\de-uim.cdn.videoplaza.tv\com.videoplaza.bootloader.sol
  Properties.size=121
  Properties.md5=CAD622E9D192AC1E7170D964E5A52053
  Properties.filedate=1392930526
  Properties.filedatetext=2014-02-20 22:08:45

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\secureinclude.ebaystatic.com\ebayLSO.sol
  Properties.size=131
  Properties.md5=218F538641C6020D982C58D7DFC5E6FD
  Properties.filedate=1391336660
  Properties.filedatetext=2014-02-02 11:24:20

Macromedia.FlashPlayer.Cookies: [SBI $6AA61750]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\secureinclude.ebaystatic.com\ebayT.sol
  Properties.size=39
  Properties.md5=B43F43445AA3414DDC22EC80FBB22871
  Properties.filedate=1391336660
  Properties.filedatetext=2014-02-02 11:24:20

Macromedia.FlashPlayer.Cookies: [SBI $1EF45977]  Text file (File, nothing done)
  C:\Users\******\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\GHDP7NL9\www.ajaxcdn.org\swf.swf\dm_cookie.sol
  Properties.size=416
  Properties.md5=859CCD215968813B3D0275B8DE3586F6
  Properties.filedate=1392998939
  Properties.filedatetext=2014-02-21 17:08:59

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

WebTrends live: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

Tradedoubler: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

MediaPlex: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

Statcounter: [SBI $4E2AF2AC] Tracking cookie (Firefox: PE_C_PUBLIC (default)) (Browser: Cookie, nothing done)
  

7-Zip: [SBI $12C3A52C] Folder history (Registry Value, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\7-ZIP\FM\FolderHistory

Internet Explorer: [SBI $1E8157BE] Typed URL list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Internet Explorer\TypedURLs

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Microsoft Management Console\Recent File List

MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Microsoft Management Console\Recent File List

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
  HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows.OpenWith: [SBI $691C1B44] Open with list - .BIN extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BIN\OpenWithList

Windows.OpenWith: [SBI $C92C6763] Open with list - .BUP extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList

Windows.OpenWith: [SBI $ECC28BDF] Open with list - .CSV extension (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CSV\OpenWithList

Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
  HKEY_USERS\S-1-5-21-801751274-2948684052-609766611-1002\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\.DEFAULT\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
  HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (30) (Browser: Cookie, nothing done)
  

History: [SBI $49804B54] Browser: History (1720) (Browser: History, nothing done)
  

Cookie: [SBI $49804B54] Browser: Cookie (1072) (Browser: Cookie, nothing done)
  


--- Spybot - Search & Destroy version: 2.1.18.131  DLL (build: 20130516) ---

2013-09-20 SDBootCD.exe (2.2.18.109)
2013-09-20 SDCleaner.exe (2.2.18.110)
2013-09-20 SDDelFile.exe (2.2.18.94)
2013-06-18 SDDisableProxy.exe
2013-10-15 SDFSSvc.exe (2.2.25.211)
2013-09-20 SDFileScanHelper.exe (2.2.16.1)
2013-09-20 SDFiles.exe (2.2.18.135)
2013-10-10 SDHookHelper.exe (2.3.30.2)
2013-10-10 SDHookInst32.exe (2.3.30.2)
2013-09-20 SDImmunize.exe (2.2.18.130)
2013-05-16 SDLogReport.exe (2.1.18.107)
2013-10-14 SDOnAccess.exe (2.2.25.4)
2013-09-20 SDPESetup.exe (2.2.18.3)
2013-09-20 SDPEStart.exe (2.2.18.86)
2013-09-20 SDPRE.exe (2.2.18.22)
2013-09-20 SDPhoneScan.exe (2.2.18.28)
2013-09-20 SDPrepPos.exe (2.2.18.10)
2013-09-20 SDQuarantine.exe (2.2.18.103)
2013-09-20 SDRootAlyzer.exe (2.2.18.116)
2013-09-20 SDSBIEdit.exe (2.2.18.39)
2013-09-20 SDScan.exe (2.2.18.177)
2013-09-20 SDScript.exe (2.2.18.53)
2013-10-15 SDSettings.exe (2.2.25.138)
2013-09-20 SDShell.exe (2.2.18.2)
2013-09-20 SDShred.exe (2.2.18.107)
2013-09-20 SDSysRepair.exe (2.2.18.101)
2013-09-20 SDTools.exe (2.2.18.150)
2013-07-25 SDTray.exe (2.1.21.129)
2013-09-20 SDUpdSvc.exe (2.2.18.76)
2013-09-20 SDUpdate.exe (2.2.18.91)
2013-09-13 SDWSCSvc.exe (2.2.22.2)
2013-09-20 SDWelcome.exe (2.2.21.129)
2013-09-20 blindman.exe (2.2.18.151)
2013-09-20 explorer.exe (2.2.18.177)
2013-06-19 spybotsd2-translation-frx.exe
2013-10-19 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-09-05 DelZip190.dll (1.9.0.107)
2013-05-16 SDAV.dll
2013-05-16 SDAdvancedCheckLibrary.dll (2.1.18.98)
2013-05-16 SDECon32.dll (2.1.18.113)
2013-04-05 SDEvents.dll (2.1.16.2)
2013-10-14 SDFileScanLibrary.dll (2.2.25.14)
2013-10-10 SDHook32.dll (2.3.30.2)
2013-05-16 SDImmunizeLibrary.dll (2.1.18.2)
2013-05-16 SDLicense.dll (2.1.18.0)
2013-05-16 SDLists.dll (2.1.18.4)
2013-05-16 SDResources.dll (2.1.18.7)
2013-05-16 SDScanLibrary.dll (2.1.18.131)
2013-05-16 SDTasks.dll (2.1.18.15)
2013-05-16 SDWinLogon.dll (2.1.18.0)
2013-05-16 Tools.dll (2.1.18.36)
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2014-01-13 Includes\Adware.sbi (*)
2014-01-13 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2014-01-13 Includes\Dialer.sbi (*)
2014-01-13 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2014-01-13 Includes\Hijackers.sbi (*)
2014-01-13 Includes\HijackersC.sbi (*)
2014-01-13 Includes\Keyloggers.sbi (*)
2014-01-13 Includes\KeyloggersC.sbi (*)
2014-01-13 Includes\Malware.sbi (*)
2013-12-23 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2014-01-07 Includes\PUPSC.sbi (*)
2014-01-21 Includes\Security.sbi (*)
2014-01-21 Includes\SecurityC.sbi (*)
2014-01-21 Includes\Spyware.sbi (*)
2014-01-21 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2014-01-09 Includes\Trojans.sbi (*)
2014-01-16 Includes\TrojansC-02.sbi (*)
2014-01-16 Includes\TrojansC-03.sbi (*)
2014-01-16 Includes\TrojansC-04.sbi (*)
2014-01-16 Includes\TrojansC-05.sbi (*)
2014-01-09 Includes\TrojansC.sbi (*)
2014-01-08 Includes\iPhone.sbi (*)
2014-01-08 Includes\Adware-000.sbi (*)
2014-01-08 Includes\Adware-001.sbi (*)
2014-02-19 Includes\Adware-C.sbi (*)
2014-01-08 Includes\Dialer-000.sbi (*)
2014-01-08 Includes\Dialer-001.sbi (*)
2014-01-08 Includes\Dialer-C.sbi (*)
2014-01-08 Includes\Hijackers-000.sbi (*)
2014-01-08 Includes\Hijackers-001.sbi (*)
2014-01-08 Includes\Hijackers-C.sbi (*)
2014-01-08 Includes\iPhone-000.sbi (*)
2014-01-08 Includes\Keyloggers-000.sbi (*)
2014-01-08 Includes\Keyloggers-C.sbi (*)
2014-01-09 Includes\Malware-001.sbi (*)
2014-01-09 Includes\Malware-002.sbi (*)
2014-02-05 Includes\Malware-003.sbi (*)
2014-01-28 Includes\Malware-004.sbi (*)
2014-01-09 Includes\Malware-005.sbi (*)
2014-01-09 Includes\Malware-006.sbi (*)
2014-01-09 Includes\Malware-007.sbi (*)
2014-02-19 Includes\Malware-C.sbi (*)
2014-01-15 Includes\PUPS-000.sbi (*)
2014-01-15 Includes\PUPS-001.sbi (*)
2014-01-15 Includes\PUPS-002.sbi (*)
2014-02-19 Includes\PUPS-C.sbi (*)
2014-01-08 Includes\Security-000.sbi (*)
2014-01-08 Includes\Security-C.sbi (*)
2014-01-08 Includes\Spyware-000.sbi (*)
2014-01-08 Includes\Spyware-001.sbi (*)
2014-01-08 Includes\Spyware-C.sbi (*)
2014-01-15 Includes\Trojans-000.sbi (*)
2014-01-15 Includes\Trojans-001.sbi (*)
2014-01-15 Includes\Trojans-002.sbi (*)
2014-01-15 Includes\Trojans-003.sbi (*)
2014-01-15 Includes\Trojans-004.sbi (*)
2014-01-15 Includes\Trojans-005.sbi (*)
2014-01-15 Includes\Trojans-006.sbi (*)
2014-01-15 Includes\Trojans-007.sbi (*)
2014-01-15 Includes\Trojans-008.sbi (*)
2014-01-15 Includes\Trojans-009.sbi (*)
2014-02-19 Includes\Trojans-C.sbi (*)
2014-01-16 Includes\TrojansC-01.sbi (*)
2014-01-15 Includes\Trojans-OG-000.sbi (*)
2014-01-15 Includes\Trojans-TD-000.sbi (*)
2014-01-15 Includes\Trojans-VM-000.sbi (*)
2014-01-15 Includes\Trojans-VM-001.sbi (*)
2014-01-15 Includes\Trojans-VM-002.sbi (*)
2014-01-15 Includes\Trojans-VM-003.sbi (*)
2014-01-15 Includes\Trojans-VM-004.sbi (*)
2014-01-15 Includes\Trojans-VM-005.sbi (*)
2014-01-15 Includes\Trojans-VM-006.sbi (*)
2014-01-15 Includes\Trojans-VM-007.sbi (*)
2014-01-15 Includes\Trojans-VM-008.sbi (*)
2014-01-15 Includes\Trojans-VM-009.sbi (*)
2014-01-15 Includes\Trojans-VM-010.sbi (*)
2014-01-15 Includes\Trojans-VM-011.sbi (*)
2014-01-15 Includes\Trojans-VM-012.sbi (*)
2014-01-15 Includes\Trojans-VM-013.sbi (*)
2014-01-15 Includes\Trojans-VM-014.sbi (*)
2014-01-15 Includes\Trojans-VM-015.sbi (*)
2014-01-15 Includes\Trojans-VM-016.sbi (*)
2014-01-15 Includes\Trojans-VM-017.sbi (*)
2014-01-15 Includes\Trojans-VM-018.sbi (*)
2014-01-15 Includes\Trojans-VM-019.sbi (*)
2014-01-15 Includes\Trojans-VM-020.sbi (*)
2014-01-15 Includes\Trojans-VM-021.sbi (*)
2014-01-15 Includes\Trojans-VM-022.sbi (*)
2014-01-15 Includes\Trojans-VM-023.sbi (*)
2014-01-15 Includes\Trojans-VM-024.sbi (*)
2014-01-15 Includes\Trojans-ZB-000.sbi (*)
2014-01-15 Includes\Trojans-ZL-000.sbi (*)
         
__________________

Alt 23.02.2014, 12:40   #4
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



GMER Logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-23 11:46:44
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000028 ST1000DM rev.CC4G 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\JRGENS~1\AppData\Local\Temp\fgtdapow.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                                                                                          fffff9600011cb00 15 bytes [00, 7E, 0F, 02, C0, 70, 70, ...]
.text    C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16                                                                                                                     fffff9600011cb10 11 bytes [00, DB, FB, FF, 80, DC, DF, ...]

---- User code sections - GMER 2.1 ----

.text    C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atiesrxx.exe[908] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[352] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\atieclxx.exe[352] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1376] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\System32\spoolsv.exe[1376] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                         00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                         00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                            00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe[1644] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                            00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\svchost.exe[1768] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                             00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\svchost.exe[1768] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                             00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\svchost.exe[1768] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\system32\svchost.exe[1768] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\Explorer.EXE[3412] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                                                                     00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\Explorer.EXE[3412] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                                                                     00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\Explorer.EXE[3412] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                                                                        00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\WINDOWS\Explorer.EXE[3412] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                                                                        00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[3484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                         00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[3484] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                         00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[3484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                            00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe[3484] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                            00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[4476] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506                                         00007ff9e7d9169a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[4476] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514                                         00007ff9e7d916a2 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[4476] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118                                            00007ff9e7d9181a 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe[4476] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142                                            00007ff9e7d91832 4 bytes [D9, E7, F9, 7F]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4012] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194                                                                00007ff9dcc01f6a 4 bytes [C0, DC, F9, 7F]
.text    C:\Program Files\Windows Media Player\wmpnetwk.exe[4012] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218                                                                00007ff9dcc01f82 4 bytes [C0, DC, F9, 7F]

---- Threads - GMER 2.1 ----

Thread   C:\WINDOWS\system32\csrss.exe [568:620]                                                                                                                                  fffff960009bf4d0
---- Processes - GMER 2.1 ----

Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016]       000000006d420000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016]  00000000680a0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016]    0000000067f80000
Library  C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1031\MSMAPI32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016]         000000006cf90000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE [2016]        0000000060fe0000

---- Services - GMER 2.1 ----

Service  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140221.009\ENG64.SYS (*** hidden *** )                                [MANUAL] NAVENG                                                                                                               <-- ROOTKIT !!!
Service  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140221.009\EX64.SYS (*** hidden *** )                                 [MANUAL] NAVEX15                                                                                                              <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime                                                                                                        0x5D 0x72 0x1C 0x22 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime                                                                                                    0x83 0xE1 0x8B 0x8D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime                                                                                                           0xB3 0xF6 0x21 0x22 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime                                                                                                       0x9D 0x08 0x93 0x8D ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE                                                                                                    212
Reg      HKLM\SYSTEM\CurrentControlSet\Control\CrashControl@LastCrashTime                                                                                                         0x23 0xF5 0xFC 0x21 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\MED3689V240LZ315118_28_07DC_BE^44A315BA7DF4CDAFB25365C46ABF4946@Timestamp                            0xAB 0x25 0x1C 0x99 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid                                                                                                                         628
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{9A0D2D6F-45C2-40D6-A760-3B3A2DE13BD7}\Connection@Name                              Reusable ISATAP Interface {9A0D2D6F-45C2-40D6-A760-3B3A2DE13BD7}
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                        -751040189
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID                                                                                                         e429b281-ba43-4bea-bd7d-0ef8105
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId                                                                                                     2
Reg      HKLM\SYSTEM\CurrentControlSet\Control\WDI\Config@ServerName                                                                                                              \BaseNamedObjects\WDI_{08dcf951-294f-42fb-a9c7-bb8f9eef98e7}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\AmdPPM\Parameters\Wdf@TimeOfLastSqmLog                                                                                            0xD1 0x8A 0xF5 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\cdrom\Parameters\Wdf@TimeOfLastSqmLog                                                                                             0x08 0xB9 0xC2 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\CompositeBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                      0xB2 0xE2 0x6C 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{371bc3c4-b9c3-4f87-9c49-cd9e06a4a80d}@LastProbeTime                                                    1393087993
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{b2d946c8-409f-4faf-a389-3986b9462023}@LastProbeTime                                                    1393087986
Reg      HKLM\SYSTEM\CurrentControlSet\Services\HDAudBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                          0xEF 0x57 0x82 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9A0D2D6F-45C2-40D6-A760-3B3A2DE13BD7}@InterfaceName                                                   Reusable ISATAP Interface {9A0D2D6F-45C2-40D6-A760-3B3A2DE13BD7}
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{9A0D2D6F-45C2-40D6-A760-3B3A2DE13BD7}@ReusableType                                                    2
Reg      HKLM\SYSTEM\CurrentControlSet\Services\monitor\Parameters\Wdf@TimeOfLastSqmLog                                                                                           0xCA 0xED 0x1C 0xD7 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\MsLldp\Parameters\Wdf@TimeOfLastSqmLog                                                                                            0x6C 0x92 0xE1 0xE5 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAVENG@ImagePath                                                                                                                  \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140221.009\ENG64.SYS
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAVENG                                                                                                                            
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAVEX15@ImagePath                                                                                                                 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140221.009\EX64.SYS
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NAVEX15                                                                                                                           
Reg      HKLM\SYSTEM\CurrentControlSet\Services\NdisVirtualBus\Parameters\Wdf@TimeOfLastSqmLog                                                                                    0xD1 0x8A 0xF5 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\PEAUTH\Parameters\Wdf@TimeOfLastSqmLog                                                                                            0x33 0x14 0xE8 0xE3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@ReadyBootPlanAge                                                                                              1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime                                                                                          ?Sa?, ?Feb ?22 ?14, 05:43:53???????????????????????????????????
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                          2440
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                         904
Reg      HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence                                                                                                   214
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpDomain                                                                                                       fritz.box
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer                                                                                                   192.168.100.1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B8C410-9468-4627-9556-DC9732435F00}@LeaseObtainedTime                                              1393087976
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B8C410-9468-4627-9556-DC9732435F00}@T1                                                             1393089776
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B8C410-9468-4627-9556-DC9732435F00}@T2                                                             1393091126
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{24B8C410-9468-4627-9556-DC9732435F00}@LeaseTerminatesTime                                            1393091576
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52644A92-0CA2-468A-83B2-071A6838CF8B}@LeaseObtainedTime                                              1393110485
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52644A92-0CA2-468A-83B2-071A6838CF8B}@T1                                                             1393542485
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52644A92-0CA2-468A-83B2-071A6838CF8B}@T2                                                             1393866485
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{52644A92-0CA2-468A-83B2-071A6838CF8B}@LeaseTerminatesTime                                            1393974485
Reg      HKLM\SYSTEM\CurrentControlSet\Services\UCX01000\Parameters\Wdf@TimeOfLastSqmLog                                                                                          0x08 0x5E 0x25 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\umbus\Parameters\Wdf@TimeOfLastSqmLog                                                                                             0xB2 0xE2 0x6C 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\USBHUB3\Parameters\Wdf@TimeOfLastSqmLog                                                                                           0x5B 0x60 0x6D 0xD4 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\USBXHCI\Parameters\Wdf@TimeOfLastSqmLog                                                                                           0x0B 0x31 0x9A 0xD3 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\WpdUpFltr\Parameters\Wdf@TimeOfLastSqmLog                                                                                         0xDC 0x64 0xD2 0xE8 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@TaskbarAnimations                                                                                       1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-0000-0000-0000-000000000000}\iexplore@Count                                                           78
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore@Count                                                           1666
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2670000A-7350-4F3C-8081-5663EE0C6C49}\iexplore@Blocked                                                         1666
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore@Count                                                           383
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}\iexplore@Blocked                                                         382
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\iexplore@Count                                                           8482
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6D53EC84-6AAE-4787-AEEE-F4628F01010C}\iexplore@Blocked                                                         6035
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Count                                                           8482
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore@Blocked                                                         6035
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore@Count                                                           1666
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}\iexplore@Blocked                                                         1666
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Count                                                           8251
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\iexplore@Blocked                                                         8251
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}\iexplore@Count                                                           980
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D27CDB6E-AE6D-11CF-96B8-444553540000}\iexplore@Count                                                           172654
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Count                                                           8482
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore@Blocked                                                         6035
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Store@LastTileRefresh                                                                                                     0xFD 0x07 0x1F 0xBC ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Store\RefreshBannedAppList@BannedAppsLastModified                                                                         0x00 0x31 0x96 0x19 ...
Reg      HKCU\Software\Microsoft\Windows\Windows Error Reporting\Debug@StoreLocation                                                                                              C:\ProgramData\Microsoft\Windows\WER\ReportArchive\Kernel_9f_1e5699f78f10ef9d9ea2e96686645558ffb1399_00000000_cab_0b8d1cf9

---- Disk sectors - GMER 2.1 ----

Disk     \Device\Harddisk0\DR0                                                                                                                                                    unknown MBR code

---- EOF - GMER 2.1 ----
         
--- --- ---

Alt 24.02.2014, 15:07   #5
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



MBAM Funde löschen lassen.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 25.02.2014, 07:01   #6
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



AdwCleaner Logfile:
Code:
ATTFilter
# AdwCleaner v3.019 - Bericht erstellt am 24/02/2014 um 19:15:25
# Aktualisiert 17/02/2014 von Xplode
# Betriebssystem : Windows 8.1 Pro  (64 bits)
# Benutzername : Jürgen - PC
# Gestartet von : C:\Users\******\Downloads\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\WINDOWS\System32\Tasks\NCH Software
Ordner Gefunden C:\ProgramData\Partner

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\NCH Software
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\installedbrowserextensions
Schlüssel Gefunden : [x64] HKCU\Software\NCH Software
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\NCH Software
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (de)

-\\ Google Chrome v33.0.1750.117

*************************

AdwCleaner[R0].txt - [1960 octets] - [24/02/2014 19:15:25]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2020 octets] ##########
         
--- --- ---

JRT Logfile:
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 8.1 Pro x64
Ran by Jrgen on 24.02.2014 at 19:32:21,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341140}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\******\AppData\Roaming\getrighttogo"
Successfully deleted: [Folder] "C:\Users\******\AppData\Roaming\pdfforge"
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{04AAC29B-DEE2-48D3-97FC-9B8A2601343F}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{060A54D5-D1C2-406B-8BDD-A15E0C53B567}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{1CDC1BC0-ABF2-4C8A-BED8-C182BDC4DCC6}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{28F5A2DB-8F85-4BAD-94A6-75CBCAB6C576}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{49E1A014-FACC-45A4-B889-33C931006763}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{560FAF7A-22C5-448F-9373-C66FF08E0073}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{5A5DED22-757D-415A-9036-05E99F90C36C}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{5CCDB990-091B-46B8-9593-1B2711D8BB2C}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{6E1A1654-3FFC-4AA5-A170-75285EB52742}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{7BEC04E0-2E30-4038-A41F-C6EB86E24E70}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{7FA404CE-0F45-4EEE-8190-70DD6E65735C}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{87AF4508-4E53-424B-B59D-81F6EC0A6F83}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{A27C7F9A-8D98-48C3-86A7-BEF99E4C769B}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{B60D6F79-93D4-4D1F-9EE2-5FB454340D80}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{C1B88BA7-9B99-43EA-A935-441550914799}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{C29C408A-93E8-4C83-B865-547302F6A83F}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{E87D5D14-7343-4D0F-8540-3DF4355AB737}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{ED3629D5-2512-4ED7-AE2A-45753E182E1A}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{F453E83A-473A-4DBD-A55D-F231AF442547}
Successfully deleted: [Empty Folder] C:\Users\******\appdata\local\{FE5DB233-71DE-42DE-9140-197E51598555}



~~~ FireFox

Successfully deleted the following from C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\smqfk137.default\prefs.js

user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_meta.value", "%7B%22tmp/lightbox.css%22%3A%7B%22id%2
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.__GAM__gam_domains.value", "%7B%22gambling%22%3A%22casino.will
user_pref("extensions.crossrider.bic", "1410c605a43b4c29f4a945174f7f01d5");
Emptied folder: C:\Users\******\AppData\Roaming\mozilla\firefox\profiles\smqfk137.default\minidumps [43 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.02.2014 at 19:37:36,38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
--- --- ---
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-02-2014 02
Ran by Jürgen (administrator) on PC on 24-02-2014 19:39:42
Running from C:\Users\******\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - {10CB5879-4004-446E-BECA-76215B663C16} URL = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1
SearchScopes: HKCU - {AD182D6B-24FA-45BF-B54E-ABBBA51F035F} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKCU - {CD806F30-CF0D-4FC1-A3A9-22CF48A30D64} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.100.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.6 - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com [2014-02-02]
FF Extension: Amazon-Icon - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\amazon-icon@winload.de [2013-07-03]
FF Extension: pricealarm - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM [2013-07-03]
FF Extension: Spartipps von SparPilot.com - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\sparpilot@sparpilot.com [2013-07-03]
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013-10-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]
CHR Extension: (No Name) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-07-03]
CHR Extension: (Amazon-Icon) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-10-30]
CHR Extension: (Plus-HD-2.6) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\******\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-07-03]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S4 MZCCntrl; C:\Program Files (x86)\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2007-01-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140224.001\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140224.001\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-06] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-24 19:39 - 2014-02-24 19:39 - 00016301 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-24 19:39 - 2014-02-24 19:39 - 00000000 ____D () C:\Users\******\Downloads\FRST-OlderVersion
2014-02-24 19:37 - 2014-02-24 19:37 - 00004018 _____ () C:\Users\******\Desktop\2014-02-24_JRT.txt
2014-02-24 19:32 - 2014-02-24 19:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-24 19:31 - 2014-02-24 19:31 - 01037734 _____ (Thisisu) C:\Users\******\Downloads\JRT.exe
2014-02-24 19:17 - 2014-02-24 19:17 - 00002124 _____ () C:\Users\******\Desktop\2014-02-24_AdwCleaner[R0].txt
2014-02-24 19:15 - 2014-02-24 19:17 - 00000000 ____D () C:\AdwCleaner
2014-02-24 19:14 - 2014-02-24 19:15 - 01241834 _____ () C:\Users\******\Downloads\adwcleaner.exe
2014-02-24 17:53 - 2014-02-24 17:53 - 01078368 _____ () C:\WINDOWS\Minidump\022414-21859-01.dmp
2014-02-24 06:55 - 2014-02-24 06:55 - 00948504 _____ () C:\WINDOWS\Minidump\022414-21390-01.dmp
2014-02-23 17:46 - 2014-02-23 17:47 - 01007000 _____ () C:\WINDOWS\Minidump\022314-20093-01.dmp
2014-02-23 16:44 - 2014-02-23 16:44 - 00950136 _____ () C:\WINDOWS\Minidump\022314-19093-01.dmp
2014-02-23 11:38 - 2014-02-23 11:38 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-02-23 11:34 - 2014-02-24 19:39 - 00000000 ____D () C:\FRST
2014-02-23 11:33 - 2014-02-24 19:39 - 02155520 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:33 - 2014-02-22 11:34 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:36 - 2014-02-24 18:49 - 00014674 _____ () C:\WINDOWS\PFRO.log
2014-02-22 08:36 - 2014-02-24 17:52 - 540788383 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-22 08:36 - 2014-02-22 08:37 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-21 17:46 - 2014-02-24 17:50 - 00111462 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:08 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-21 16:08 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-21 16:08 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-21 16:08 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-21 16:08 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-21 16:08 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-21 16:08 - 2014-01-03 00:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-21 16:08 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-21 16:08 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-21 16:08 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-21 16:08 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-21 16:08 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-21 16:08 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-21 16:08 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-21 16:08 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-21 16:08 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-21 16:08 - 2013-12-27 11:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-27 09:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-21 16:08 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-21 16:08 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-21 16:08 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-21 16:08 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-21 16:08 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-21 16:08 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-21 16:08 - 2013-12-09 04:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 18:58 - 2014-02-21 16:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:28 - 2014-02-18 18:29 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-17 11:02 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-17 11:02 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-17 11:02 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-17 11:02 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-17 11:02 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-17 11:02 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-17 11:02 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-17 11:02 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-17 11:02 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-17 11:02 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-17 11:02 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-17 11:02 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-17 11:02 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-17 11:02 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-17 11:02 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-17 11:02 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-17 11:02 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-17 11:02 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-17 11:02 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-17 11:02 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-17 11:02 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-17 11:02 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-17 11:02 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-17 11:02 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-17 11:02 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 23:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 23:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 23:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 23:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 23:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 23:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 23:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 23:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 23:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 23:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 23:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 23:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 23:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 23:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 23:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 23:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 23:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 23:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 23:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 23:00 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 23:00 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 23:00 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 23:00 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 23:00 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 23:00 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 22:57 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 22:57 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 22:57 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 22:57 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 22:57 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 22:57 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 22:56 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 22:56 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 22:56 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 22:56 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 22:56 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 22:56 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 22:55 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 22:55 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 22:55 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

==================== One Month Modified Files and Folders =======

2014-02-24 19:40 - 2012-12-04 15:58 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-24 19:39 - 2014-02-24 19:39 - 00016301 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-24 19:39 - 2014-02-24 19:39 - 00000000 ____D () C:\Users\******\Downloads\FRST-OlderVersion
2014-02-24 19:39 - 2014-02-23 11:34 - 00000000 ____D () C:\FRST
2014-02-24 19:39 - 2014-02-23 11:33 - 02155520 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-24 19:37 - 2014-02-24 19:37 - 00004018 _____ () C:\Users\******\Desktop\2014-02-24_JRT.txt
2014-02-24 19:32 - 2014-02-24 19:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-24 19:31 - 2014-02-24 19:31 - 01037734 _____ (Thisisu) C:\Users\******\Downloads\JRT.exe
2014-02-24 19:30 - 2012-11-24 18:00 - 00000000 ____D () C:\Users\******\Documents\Outlook-Dateien
2014-02-24 19:29 - 2013-12-06 16:31 - 00005116 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Jürgen PC
2014-02-24 19:24 - 2012-11-16 22:47 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-801751274-2948684052-609766611-1002
2014-02-24 19:22 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-24 19:22 - 2013-09-30 04:56 - 00764340 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-24 19:22 - 2013-09-30 04:56 - 00159160 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-24 19:18 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-24 19:18 - 2012-12-04 15:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-24 19:17 - 2014-02-24 19:17 - 00002124 _____ () C:\Users\******\Desktop\2014-02-24_AdwCleaner[R0].txt
2014-02-24 19:17 - 2014-02-24 19:15 - 00000000 ____D () C:\AdwCleaner
2014-02-24 19:15 - 2014-02-24 19:14 - 01241834 _____ () C:\Users\******\Downloads\adwcleaner.exe
2014-02-24 19:06 - 2008-01-01 08:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-24 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-24 18:49 - 2014-02-22 08:36 - 00014674 _____ () C:\WINDOWS\PFRO.log
2014-02-24 18:48 - 2013-12-06 10:11 - 00000000 ____D () C:\Users\******
2014-02-24 17:53 - 2014-02-24 17:53 - 01078368 _____ () C:\WINDOWS\Minidump\022414-21859-01.dmp
2014-02-24 17:53 - 2013-12-07 19:31 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-24 17:52 - 2014-02-22 08:36 - 540788383 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-24 17:50 - 2014-02-21 17:46 - 00111462 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-24 06:55 - 2014-02-24 06:55 - 00948504 _____ () C:\WINDOWS\Minidump\022414-21390-01.dmp
2014-02-23 17:47 - 2014-02-23 17:46 - 01007000 _____ () C:\WINDOWS\Minidump\022314-20093-01.dmp
2014-02-23 17:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-23 16:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-23 16:44 - 2014-02-23 16:44 - 00950136 _____ () C:\WINDOWS\Minidump\022314-19093-01.dmp
2014-02-23 16:39 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-23 11:38 - 2014-02-23 11:38 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:34 - 2014-02-22 11:33 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:37 - 2014-02-22 08:36 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-21 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-21 17:35 - 2012-12-04 15:58 - 00004110 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-21 17:35 - 2012-12-04 15:58 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 17:02 - 2013-12-06 10:06 - 00000000 ___DC () C:\WINDOWS\Panther
2014-02-21 17:01 - 2013-10-17 09:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\IObit
2014-02-21 17:01 - 2013-10-17 09:45 - 00000000 ____D () C:\ProgramData\IObit
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-21 16:49 - 2013-08-22 15:44 - 00423712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-21 16:49 - 2012-11-17 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files\Google
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-21 16:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:13 - 2014-02-18 18:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-21 16:00 - 2012-12-04 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 22:07 - 2008-01-01 08:31 - 00003742 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 19:02 - 2012-07-19 00:00 - 00000000 ____D () C:\ProgramData\AMD
2014-02-18 19:02 - 2012-07-18 23:59 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-18 18:59 - 2013-12-06 10:08 - 00000000 ____D () C:\Program Files\AMD
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:29 - 2014-02-18 18:28 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-18 13:04 - 2012-11-16 22:41 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 10:26 - 2013-08-14 08:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 10:25 - 2011-07-18 21:31 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-06 13:16 - 2014-02-12 23:00 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 23:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 23:00 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 23:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:00 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 23:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-12 23:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 23:00 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 23:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 23:00 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 23:00 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 23:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 23:00 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 23:00 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 23:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 23:00 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-12 23:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 23:00 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 23:00 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 23:00 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 23:00 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 23:00 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 23:00 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 23:00 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 23:00 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 23:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 23:00 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 23:00 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-01-30 22:24 - 2014-01-05 16:56 - 00109937 _____ () C:\Users\******\Documents\Eumex 050114.800
2014-01-30 08:59 - 2012-12-17 17:43 - 00000000 ____D () C:\Users\******\Desktop\FeWo

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-24 19:03

==================== End Of Log ============================
         
--- --- ---

Alt 25.02.2014, 20:01   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 26.02.2014, 18:48   #8
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Probleme sind nach den Scans erst mal nicht mehr aufgetreten. Allerdings muss ich sagen, dass ich noch im Firefox das Addon von PlusHD deinstalliert habe. Es sind nun keine zusätzlichen Seiten im Firefox geöffnet worden.

BlueScreens kommen immer noch. Da werde ich nochmal alle Treiber neuinstallieren, falls die Ursache kein Virus ist.

Ich habe noch gesehen, dass Adobe Reader und Java nicht mehr aktuell sind. Ich werde diese noch aktualisieren. Findest du sonst noch was in den Logfiles?

ESET Logfile:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ffe3341c1f710144bf83eeedbeaa17c8
# engine=17238
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-02-26 05:27:15
# local_time=2014-02-26 06:27:15 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT 
# compatibility_mode=3590 16777213 100 87 11336715 212453821 0 0
# compatibility_mode=5893 16776574 100 94 12920981 18316928 0 0
# scanned=221891
# found=0
# cleaned=0
# scan_time=3469
         
--- --- ---

SecurityCheck Logfile:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.79  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Windows Defender          
Norton AntiVirus Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 Java(TM) 7 Update 5  
 Java version out of Date! 
 Adobe Flash Player 	12.0.0.70  
 Adobe Reader 10.1.9 Adobe Reader out of Date!  
 Mozilla Firefox (27.0.1) 
 Google Chrome 32.0.1700.107  
 Google Chrome 33.0.1750.117  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
 Norton AntiVirus Engine 20.4.0.40 ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log``````````````````````
         
--- --- ---
FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-02-2014 01
Ran by Jürgen (administrator) on PC on 26-02-2014 18:36:31
Running from C:\Users\******\Downloads
Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\HPNetworkCommunicator.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452968 2012-03-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-09-17] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [BrowserChoice] - C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Run: [HP Officejet 6600 (NET)] - C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-801751274-2948684052-609766611-1002\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.t-online.de/
SearchScopes: HKCU - {10CB5879-4004-446E-BECA-76215B663C16} URL = hxxp://www.wetter.com/suche/?search={searchTerms}&search_type_weather=1&search_type_site=1
SearchScopes: HKCU - {AD182D6B-24FA-45BF-B54E-ABBBA51F035F} URL = hxxp://suche.t-online.de/fast-cgi/tsc?q={searchTerms}&sr=searchbar
SearchScopes: HKCU - {CD806F30-CF0D-4FC1-A3A9-22CF48A30D64} URL = hxxp://dict.leo.org/ende?lp=ende&lang=de&searchLoc=0&cmpType=relaxed&sectHdr=on&spellToler=on&chinese=both&pinyin=diacritic&search={searchTerms}&relink=on
BHO: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho64.dll No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.250

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default
FF Homepage: hxxp://www.t-online.de
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.5.0 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.5.0 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\smqfk137.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-17]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\IPSFF [2013-10-10]

Chrome: 
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Extension: (Docs) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-30]
CHR Extension: (No Name) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-07-03]
CHR Extension: (Amazon-Icon) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-10-30]
CHR Extension: (Plus-HD-2.6) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl [2013-09-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\******\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-07-03]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S4 MZCCntrl; C:\Program Files (x86)\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2007-01-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S0 amdkmafd; C:\Windows\System32\drivers\amdkmafd.sys [21160 2012-09-23] (Advanced Micro Devices, Inc.)
R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-24] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-18] (Symantec Corporation)
R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-21] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\IPSDefs\20140225.001\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-09-30] (Microsoft Corporation)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [22544 2009-11-02] (Kaspersky Lab)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140226.001\ENG64.SYS [126040 2014-01-31] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.0.24\Definitions\VirusDefs\20140226.001\EX64.SYS [2099288 2014-01-31] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\NAVx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-12-06] (Microsoft Corporation)
R0 SymDS; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NAVx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-06-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NAVx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S1 UimBus; C:\Windows\System32\drivers\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
U3 idsvc; 

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-26 18:35 - 2014-02-26 18:35 - 00001044 _____ () C:\Users\******\Desktop\2014-02-26_SecurityCheck_checkup.txt
2014-02-26 18:33 - 2014-02-26 18:33 - 00987425 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2014-02-26 17:23 - 2014-02-26 17:23 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_enu.exe
2014-02-26 17:19 - 2014-02-26 17:20 - 00949880 _____ () C:\WINDOWS\Minidump\022614-25031-01.dmp
2014-02-26 08:49 - 2014-02-26 08:49 - 00949864 _____ () C:\WINDOWS\Minidump\022614-24078-01.dmp
2014-02-25 17:18 - 2014-02-25 17:18 - 00000000 ____D () C:\Users\******\AppData\Local\{F003AC38-ACCE-4BDB-BE8F-F49E7FB0099E}
2014-02-25 17:07 - 2014-02-25 17:07 - 00949992 _____ () C:\WINDOWS\Minidump\022514-23468-01.dmp
2014-02-25 12:06 - 2014-02-25 12:06 - 00977848 _____ () C:\WINDOWS\Minidump\022514-20265-01.dmp
2014-02-25 07:06 - 2014-02-25 07:06 - 00969528 _____ () C:\WINDOWS\Minidump\022514-23515-01.dmp
2014-02-24 19:46 - 2014-02-24 19:46 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-02-24 19:39 - 2014-02-26 18:36 - 00015574 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-24 19:39 - 2014-02-26 18:36 - 00000000 ____D () C:\Users\******\Downloads\FRST-OlderVersion
2014-02-24 19:32 - 2014-02-24 19:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-24 19:31 - 2014-02-24 20:00 - 01037734 _____ (Thisisu) C:\Users\******\Downloads\JRT.exe
2014-02-24 19:15 - 2014-02-24 19:17 - 00000000 ____D () C:\AdwCleaner
2014-02-24 19:14 - 2014-02-24 19:15 - 01241834 _____ () C:\Users\******\Downloads\adwcleaner.exe
2014-02-24 17:53 - 2014-02-24 17:53 - 01078368 _____ () C:\WINDOWS\Minidump\022414-21859-01.dmp
2014-02-24 06:55 - 2014-02-24 06:55 - 00948504 _____ () C:\WINDOWS\Minidump\022414-21390-01.dmp
2014-02-23 17:46 - 2014-02-23 17:47 - 01007000 _____ () C:\WINDOWS\Minidump\022314-20093-01.dmp
2014-02-23 16:44 - 2014-02-23 16:44 - 00950136 _____ () C:\WINDOWS\Minidump\022314-19093-01.dmp
2014-02-23 11:38 - 2014-02-23 11:38 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-02-23 11:34 - 2014-02-26 18:36 - 00000000 ____D () C:\FRST
2014-02-23 11:33 - 2014-02-26 18:36 - 02155008 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:33 - 2014-02-22 11:34 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:36 - 2014-02-26 17:19 - 795485855 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-22 08:36 - 2014-02-24 18:49 - 00014674 _____ () C:\WINDOWS\PFRO.log
2014-02-22 08:36 - 2014-02-22 08:37 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-21 17:46 - 2014-02-26 17:18 - 00684620 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:10 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:08 - 2014-01-08 02:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-21 16:08 - 2014-01-08 02:41 - 01530712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-21 16:08 - 2014-01-08 02:41 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-21 16:08 - 2014-01-04 16:54 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 16:08 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-21 16:08 - 2014-01-04 15:08 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-21 16:08 - 2014-01-04 14:53 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-21 16:08 - 2014-01-03 00:54 - 00461312 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:48 - 00336896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-21 16:08 - 2014-01-03 00:40 - 05770752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-02-21 16:08 - 2014-01-03 00:38 - 06640640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-02-21 16:08 - 2014-01-01 02:55 - 01720560 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2014-02-21 16:08 - 2014-01-01 02:52 - 00481944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 01:56 - 01472048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2014-02-21 16:08 - 2014-01-01 01:55 - 00381168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-02-21 16:08 - 2014-01-01 00:59 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-02-21 16:08 - 2014-01-01 00:57 - 01214976 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-02-21 16:08 - 2014-01-01 00:56 - 00960512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-02-21 16:08 - 2013-12-31 00:34 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sti.dll
2014-02-21 16:08 - 2013-12-31 00:33 - 00770560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-02-21 16:08 - 2013-12-31 00:32 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\sti.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00947712 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-02-21 16:08 - 2013-12-31 00:31 - 00914944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-02-21 16:08 - 2013-12-27 16:09 - 00419160 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2014-02-21 16:08 - 2013-12-27 11:38 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00842752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 09:57 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 09:23 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-27 09:16 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2014-02-21 16:08 - 2013-12-27 08:03 - 00478208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-21 16:08 - 2013-12-27 07:37 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-21 16:08 - 2013-12-21 08:21 - 00376320 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnrpsvc.dll
2014-02-21 16:08 - 2013-12-17 08:21 - 00408576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2014-02-21 16:08 - 2013-12-14 07:31 - 13949440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-14 07:19 - 18576384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-21 16:08 - 2013-12-13 11:54 - 00131160 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2014-02-21 16:08 - 2013-12-13 07:36 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2014-02-21 16:08 - 2013-12-13 06:32 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2014-02-21 16:08 - 2013-12-09 09:05 - 21199256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-21 16:08 - 2013-12-09 05:51 - 18643560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-21 16:08 - 2013-12-09 04:25 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 18:58 - 2014-02-21 16:13 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:28 - 2014-02-18 18:29 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-17 11:02 - 2013-12-09 01:34 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-17 11:02 - 2013-12-09 01:04 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-17 11:02 - 2013-11-27 16:34 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 16:27 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 15:00 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-17 11:02 - 2013-11-27 14:47 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-17 11:02 - 2013-11-27 13:02 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-17 11:02 - 2013-11-27 11:24 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:46 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-17 11:02 - 2013-11-27 10:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-17 11:02 - 2013-11-27 10:17 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-17 11:02 - 2013-11-27 10:10 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 09:58 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-17 11:02 - 2013-11-27 09:56 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-17 11:02 - 2013-11-27 05:01 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-17 11:02 - 2013-11-26 14:22 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-17 11:02 - 2013-11-26 14:20 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-17 11:02 - 2013-11-26 12:50 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-17 11:02 - 2013-11-26 12:44 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-17 11:02 - 2013-11-25 02:45 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-17 11:02 - 2013-11-25 02:32 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-17 11:02 - 2013-11-25 00:30 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-17 11:02 - 2013-11-25 00:28 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-17 11:02 - 2013-11-23 13:47 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-17 11:02 - 2013-11-23 08:13 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-17 11:02 - 2013-11-23 08:08 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-17 11:02 - 2013-11-23 05:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-17 11:02 - 2013-11-23 04:19 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-17 11:02 - 2013-11-23 04:15 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-17 11:02 - 2013-11-21 07:58 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-17 11:02 - 2013-11-21 07:26 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-17 11:02 - 2013-11-16 06:11 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 19:19 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-17 11:02 - 2013-11-15 15:59 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:25 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-17 11:02 - 2013-11-15 15:08 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-17 11:02 - 2013-11-15 14:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-17 11:02 - 2013-11-05 21:12 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-17 11:02 - 2013-10-31 01:29 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-17 11:02 - 2013-10-31 00:41 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-12 23:00 - 2014-02-06 13:16 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-12 23:00 - 2014-02-06 12:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 12:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-12 23:00 - 2014-02-06 12:12 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-12 23:00 - 2014-02-06 12:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-12 23:00 - 2014-02-06 12:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 11:57 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 11:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-12 23:00 - 2014-02-06 11:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 11:48 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 11:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-12 23:00 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-12 23:00 - 2014-02-06 11:32 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-12 23:00 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-12 23:00 - 2014-02-06 11:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-12 23:00 - 2014-02-06 11:11 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-12 23:00 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-12 23:00 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-12 23:00 - 2014-02-06 10:57 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-12 23:00 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-12 23:00 - 2014-02-06 10:50 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-12 23:00 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-12 23:00 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-12 23:00 - 2014-02-06 10:24 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-12 23:00 - 2014-02-06 10:22 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-12 23:00 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-12 23:00 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-12 23:00 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-12 23:00 - 2014-02-06 09:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-12 23:00 - 2014-02-06 09:40 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-12 23:00 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-12 23:00 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-12 23:00 - 2014-01-07 06:00 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-12 23:00 - 2014-01-07 05:30 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-12 23:00 - 2013-12-09 01:27 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-12 23:00 - 2013-12-09 01:19 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:55 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-12 23:00 - 2013-12-09 00:54 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-12 23:00 - 2013-11-21 07:42 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-12 23:00 - 2013-11-21 06:44 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-12 22:57 - 2014-01-04 21:50 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-12 22:57 - 2014-01-04 20:22 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-12 22:57 - 2014-01-04 15:30 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-12 22:57 - 2014-01-04 15:23 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-12 22:57 - 2014-01-04 14:42 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:40 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-12 22:57 - 2014-01-04 14:36 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-12 22:57 - 2014-01-04 14:28 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-12 22:57 - 2013-12-21 03:10 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-12 22:56 - 2014-01-07 08:03 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-12 22:56 - 2014-01-07 06:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-12 22:56 - 2013-12-20 11:10 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-12 22:56 - 2013-12-20 07:13 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-12 22:56 - 2013-12-09 03:57 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-12 22:56 - 2013-12-09 02:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-12 22:55 - 2014-01-09 09:25 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-12 22:55 - 2014-01-09 08:59 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-12 22:55 - 2014-01-09 08:49 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-12 22:55 - 2014-01-09 08:43 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:29 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-12 22:55 - 2014-01-09 08:28 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-12 22:55 - 2014-01-09 08:18 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

==================== One Month Modified Files and Folders =======

2014-02-26 18:36 - 2014-02-24 19:39 - 00015574 _____ () C:\Users\******\Downloads\FRST.txt
2014-02-26 18:36 - 2014-02-24 19:39 - 00000000 ____D () C:\Users\******\Downloads\FRST-OlderVersion
2014-02-26 18:36 - 2014-02-23 11:34 - 00000000 ____D () C:\FRST
2014-02-26 18:36 - 2014-02-23 11:33 - 02155008 _____ (Farbar) C:\Users\******\Downloads\FRST64.exe
2014-02-26 18:35 - 2014-02-26 18:35 - 00001044 _____ () C:\Users\******\Desktop\2014-02-26_SecurityCheck_checkup.txt
2014-02-26 18:33 - 2014-02-26 18:33 - 00987425 _____ () C:\Users\******\Desktop\SecurityCheck.exe
2014-02-26 18:06 - 2008-01-01 08:31 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-26 18:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-26 17:45 - 2012-11-16 22:47 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-801751274-2948684052-609766611-1002
2014-02-26 17:41 - 2013-12-06 16:31 - 00005114 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for PC-Jürgen PC
2014-02-26 17:40 - 2012-12-04 15:58 - 00001138 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-26 17:40 - 2012-12-04 15:58 - 00001134 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-26 17:25 - 2013-09-30 05:14 - 01812910 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-02-26 17:25 - 2013-09-30 04:56 - 00782352 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-26 17:25 - 2013-09-30 04:56 - 00164592 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-26 17:23 - 2014-02-26 17:23 - 02347384 _____ (ESET) C:\Users\******\Downloads\esetsmartinstaller_enu.exe
2014-02-26 17:20 - 2014-02-26 17:19 - 00949880 _____ () C:\WINDOWS\Minidump\022614-25031-01.dmp
2014-02-26 17:19 - 2014-02-22 08:36 - 795485855 _____ () C:\WINDOWS\MEMORY.DMP
2014-02-26 17:19 - 2013-12-07 19:31 - 00000000 ____D () C:\WINDOWS\Minidump
2014-02-26 17:19 - 2013-12-06 10:11 - 00000000 ____D () C:\Users\******
2014-02-26 17:19 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-26 17:18 - 2014-02-21 17:46 - 00684620 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-26 09:17 - 2012-11-24 18:00 - 00000000 ____D () C:\Users\******\Documents\Outlook-Dateien
2014-02-26 09:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-02-26 08:49 - 2014-02-26 08:49 - 00949864 _____ () C:\WINDOWS\Minidump\022614-24078-01.dmp
2014-02-25 17:32 - 2012-12-17 17:43 - 00000000 ____D () C:\Users\******\Desktop\FeWo
2014-02-25 17:28 - 2013-03-26 19:44 - 00000665 _____ () C:\Users\******\Desktop\SkyDrive.lnk
2014-02-25 17:18 - 2014-02-25 17:18 - 00000000 ____D () C:\Users\******\AppData\Local\{F003AC38-ACCE-4BDB-BE8F-F49E7FB0099E}
2014-02-25 17:07 - 2014-02-25 17:07 - 00949992 _____ () C:\WINDOWS\Minidump\022514-23468-01.dmp
2014-02-25 12:06 - 2014-02-25 12:06 - 00977848 _____ () C:\WINDOWS\Minidump\022514-20265-01.dmp
2014-02-25 07:06 - 2014-02-25 07:06 - 00969528 _____ () C:\WINDOWS\Minidump\022514-23515-01.dmp
2014-02-24 20:00 - 2014-02-24 19:31 - 01037734 _____ (Thisisu) C:\Users\******\Downloads\JRT.exe
2014-02-24 19:53 - 2014-01-05 16:56 - 00109938 _____ () C:\Users\******\Documents\Eumex 050114.800
2014-02-24 19:51 - 2014-01-23 08:09 - 00013035 _____ () C:\Users\******\Documents\Telefonanlage.txt
2014-02-24 19:46 - 2014-02-24 19:46 - 01804472 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-02-24 19:32 - 2014-02-24 19:32 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-24 19:17 - 2014-02-24 19:15 - 00000000 ____D () C:\AdwCleaner
2014-02-24 19:15 - 2014-02-24 19:14 - 01241834 _____ () C:\Users\******\Downloads\adwcleaner.exe
2014-02-24 18:49 - 2014-02-22 08:36 - 00014674 _____ () C:\WINDOWS\PFRO.log
2014-02-24 17:53 - 2014-02-24 17:53 - 01078368 _____ () C:\WINDOWS\Minidump\022414-21859-01.dmp
2014-02-24 06:55 - 2014-02-24 06:55 - 00948504 _____ () C:\WINDOWS\Minidump\022414-21390-01.dmp
2014-02-23 17:47 - 2014-02-23 17:46 - 01007000 _____ () C:\WINDOWS\Minidump\022314-20093-01.dmp
2014-02-23 17:02 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-23 16:45 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-02-23 16:44 - 2014-02-23 16:44 - 00950136 _____ () C:\WINDOWS\Minidump\022314-19093-01.dmp
2014-02-23 11:38 - 2014-02-23 11:38 - 00380416 _____ () C:\Users\******\Downloads\Gmer-19357.exe
2014-02-23 11:01 - 2014-02-23 11:01 - 00969616 _____ () C:\WINDOWS\Minidump\022314-19953-01.dmp
2014-02-22 16:52 - 2014-02-22 16:52 - 00969072 _____ () C:\WINDOWS\Minidump\022214-18531-01.dmp
2014-02-22 11:34 - 2014-02-22 11:33 - 00950264 _____ () C:\WINDOWS\Minidump\022214-23625-01.dmp
2014-02-22 08:37 - 2014-02-22 08:36 - 01000136 _____ () C:\WINDOWS\Minidump\022214-18656-01.dmp
2014-02-21 19:01 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-21 17:35 - 2012-12-04 15:58 - 00004110 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-21 17:35 - 2012-12-04 15:58 - 00003874 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-21 17:10 - 2014-02-21 17:10 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Users\******\AppData\Roaming\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-21 17:10 - 2014-02-21 17:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-21 17:09 - 2014-02-21 17:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-21 17:02 - 2013-12-06 10:06 - 00000000 ___DC () C:\WINDOWS\Panther
2014-02-21 17:01 - 2013-10-17 09:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\IObit
2014-02-21 17:01 - 2013-10-17 09:45 - 00000000 ____D () C:\ProgramData\IObit
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-21 16:50 - 2012-11-16 16:41 - 00000000 ___RD () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-21 16:49 - 2013-08-22 15:44 - 00423712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-21 16:49 - 2012-11-17 10:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files\Google
2014-02-21 16:49 - 2012-11-16 16:39 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-21 16:24 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-21 16:14 - 2014-02-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-02-21 16:13 - 2014-02-18 18:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-02-21 16:07 - 2014-02-21 16:07 - 00994704 _____ (Microsoft Corporation) C:\Users\******\Downloads\sdksetup.exe
2014-02-21 16:00 - 2012-12-04 15:58 - 00000000 ____D () C:\Users\******\AppData\Local\Google
2014-02-20 22:11 - 2014-02-20 22:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-20 22:07 - 2008-01-01 08:31 - 00003742 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-02-20 21:56 - 2014-02-20 21:56 - 00001074 _____ () C:\Users\******\Desktop\MA - DAMIAN WERNER GmbH 08.01.2014 - Verknüpfung.lnk
2014-02-18 19:06 - 2014-02-18 19:06 - 00000000 ____D () C:\ProgramData\ATI
2014-02-18 19:02 - 2014-02-18 19:02 - 00060993 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201402181902425009.log
2014-02-18 19:02 - 2014-02-18 19:02 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-02-18 19:02 - 2012-07-19 00:00 - 00000000 ____D () C:\ProgramData\AMD
2014-02-18 19:02 - 2012-07-18 23:59 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-02-18 18:59 - 2013-12-06 10:08 - 00000000 ____D () C:\Program Files\AMD
2014-02-18 18:57 - 2014-02-18 18:57 - 00000000 ____D () C:\AMD
2014-02-18 18:46 - 2014-02-18 18:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\library_dir
2014-02-18 18:38 - 2014-02-18 18:38 - 01012920 _____ () C:\Users\******\Downloads\amddriverdownloader.exe
2014-02-18 18:29 - 2014-02-18 18:28 - 00007650 _____ () C:\Users\******\AppData\Local\resmon.resmoncfg
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-18 15:11 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-18 13:04 - 2012-11-16 22:41 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-02-17 22:00 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 22:00 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-16 10:26 - 2013-08-14 08:17 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-16 10:25 - 2011-07-18 21:31 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 16:49 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-06 13:16 - 2014-02-12 23:00 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-06 12:30 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-06 12:30 - 2014-02-12 23:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-06 12:12 - 2014-02-12 23:00 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-06 12:07 - 2014-02-12 23:00 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-06 12:06 - 2014-02-12 23:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-06 11:57 - 2014-02-12 23:00 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-06 11:56 - 2014-02-12 23:00 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-06 11:49 - 2014-02-12 23:00 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-06 11:48 - 2014-02-12 23:00 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-06 11:48 - 2014-02-12 23:00 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-06 11:38 - 2014-02-12 23:00 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-06 11:32 - 2014-02-12 23:00 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-06 11:20 - 2014-02-12 23:00 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-06 11:17 - 2014-02-12 23:00 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-06 11:11 - 2014-02-12 23:00 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-06 11:01 - 2014-02-12 23:00 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-06 11:00 - 2014-02-12 23:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-06 10:57 - 2014-02-12 23:00 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-06 10:52 - 2014-02-12 23:00 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-06 10:50 - 2014-02-12 23:00 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-06 10:47 - 2014-02-12 23:00 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-06 10:46 - 2014-02-12 23:00 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-06 10:25 - 2014-02-12 23:00 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-06 10:24 - 2014-02-12 23:00 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-06 10:22 - 2014-02-12 23:00 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-06 10:13 - 2014-02-12 23:00 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-06 10:09 - 2014-02-12 23:00 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-06 10:03 - 2014-02-12 23:00 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-06 09:55 - 2014-02-12 23:00 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-06 09:41 - 2014-02-12 23:00 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-06 09:40 - 2014-02-12 23:00 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-06 09:36 - 2014-02-12 23:00 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-06 09:34 - 2014-02-12 23:00 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-26 09:00

==================== End Of Log ============================
         
--- --- ---

Alt 27.02.2014, 15:21   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Kannst Du mir von dem Bluescreen mal nen Dump anhängen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 27.02.2014, 17:58   #10
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Hier das aktuellste Minidump.

Alt 28.02.2014, 20:02   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Zitat:
DRIVER_POWER_STATE_FAILURE (9f)
A driver has failed to complete a power IRP within a specific time (usually 10 minutes).
Arguments:
Arg1: 0000000000000003, A device object has been blocking an Irp for too long a time
Arg2: ffffe000033cd060, Physical Device Object of the stack
Arg3: fffff800705307c0, nt!TRIAGE_9F_POWER on Win7, otherwise the Functional Device Object of the stack
Arg4: ffffe0000427e010, The blocked IRP

Debugging Details:
------------------


DRVPOWERSTATE_SUBCODE: 3

IMAGE_NAME: usbhub.sys

DEBUG_FLR_IMAGE_TIMESTAMP: 5215f839

MODULE_NAME: usbhub

FAULTING_MODULE: fffff80003024000 usbhub

CUSTOMER_CRASH_COUNT: 1

DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT

BUGCHECK_STR: 0x9F

PROCESS_NAME: System

CURRENT_IRQL: 2

TAG_NOT_DEFINED_c000000f: FFFFF80070538FB0

STACK_TEXT:
fffff800`70530788 fffff800`6ec111a6 : 00000000`0000009f 00000000`00000003 ffffe000`033cd060 fffff800`705307c0 : nt!KeBugCheckEx
fffff800`70530790 fffff800`6ec110c6 : ffffe000`01132c90 00000000`00000008 00000000`00000005 fffff800`6ea76a04 : nt!PopIrpWatchdogBugcheck+0xde
fffff800`705307f0 fffff800`6eac7f64 : ffffe000`01132cc8 fffff800`705308b9 ffffe000`01132d08 00000000`00000002 : nt!PopIrpWatchdog+0x32
fffff800`70530840 fffff800`6eac8478 : 00000000`00000001 ffffe000`024cd328 fffff800`6ed08180 fffff800`6ed0c4a0 : nt!KiProcessExpiredTimerList+0x1d8
fffff800`70530920 fffff800`6eb24478 : fffff800`6ed08180 00000000`002f98e7 00000000`002e3c81 00000000`002e3c99 : nt!KiExpireTimerTable+0x218
fffff800`705309c0 fffff800`6ea74abc : ffffe000`00000000 00001f80`00000001 000000b8`f20555b6 00000000`00000002 : nt!KiTimerExpiration+0x148
fffff800`70530a70 fffff800`6eb6b7ea : fffff800`6ed08180 fffff800`6ed08180 00000000`001a3fe0 fffff800`6ed60a80 : nt!KiRetireDpcList+0x19c
fffff800`70530be0 00000000`00000000 : fffff800`70531000 fffff800`7052a000 00000000`00000000 00000000`00000000 : nt!KiIdleLoop+0x5a


STACK_COMMAND: kb

FOLLOWUP_NAME: MachineOwner

FAILURE_BUCKET_ID: 0x9F_3_usb8023x_IMAGE_usbhub.sys

BUCKET_ID: 0x9F_3_usb8023x_IMAGE_usbhub.sys

Followup: MachineOwner
---------
Jetzt weißte schon mal welchen Treiber
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 10.03.2014, 07:06   #12
Niggo
 
Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Moin, sorry hab irgendwie verpeilt, dir noch eine Rückmeldung zu geben.
Also das Gerät, welches den Bluescreen verursacht, ist eine Eumex 800. Hierfür gibt es leider von der Telekom (bis jetzt noch) keinen neuen Treiber. Unter Windows 8 (nicht 8.1) hat der Anschluss der TK-Anlage einwandfrei funktioniert.

Mit dem PC haben wir keine Probleme mehr.

Recht herzlichsten Dank für deine Hilfe!

Grüße
Nico

Alt 10.03.2014, 17:13   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Virus PlusHD und Bluescreen - Standard

Virus PlusHD und Bluescreen



Gern Geschehen
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus PlusHD und Bluescreen
adware.bundler, aktuelle, antivirus, bluescreen, computer, driver, driver_power_state_failure, fehler, internetseite, logfiles, neue, neuen, programm, pup.optional.crossrider.a, pup.optional.plushd.a, pup.optional.softonic, pup.optional.softonic.a, rechner, seite, seiten, surfen, version, windows




Ähnliche Themen: Virus PlusHD und Bluescreen


  1. Virus Bluescreen's?
    Mülltonne - 31.08.2015 (3)
  2. Bluescreen Problem-Anleitung für Bluescreen nicht anwenbar bei Bildschirm Freeze
    Alles rund um Windows - 04.04.2015 (18)
  3. Pop-Up von "Ads by PlusHD.8c", langsames Internet (Vista)
    Plagegeister aller Art und deren Bekämpfung - 12.08.2014 (2)
  4. searchGolTB.A, plusHD.A u.a. .. gründlich zu entfernen von Windows7-Rechner
    Log-Analyse und Auswertung - 01.07.2014 (19)
  5. Windows 8.1: PlusHD Werbung+PopUps, Avira AntiVir lässt sich nicht wieder aktivieren
    Log-Analyse und Auswertung - 05.03.2014 (10)
  6. Mozilla Firefox - Ads auf dem Explorer - Ads by PlusHD
    Plagegeister aller Art und deren Bekämpfung - 19.02.2014 (17)
  7. PlusHD Trojaner ,Webcam dauernd an
    Plagegeister aller Art und deren Bekämpfung - 21.01.2014 (9)
  8. PlusHD.8 lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (3)
  9. RVZR und plusHD.2 und winflashplayer Probleme
    Plagegeister aller Art und deren Bekämpfung - 23.12.2013 (1)
  10. Warnung vor Free Driver Scout, dieser installiert Malware! plushd.exe
    Log-Analyse und Auswertung - 13.07.2013 (1)
  11. Pc Absturz, Bluescreen, Virus?
    Alles rund um Windows - 21.04.2013 (0)
  12. Bluescreen durch Virus/Trojaner verursacht?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2013 (3)
  13. BKA-Virus mit Bluescreen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  14. Virus mit Bluescreen
    Log-Analyse und Auswertung - 19.05.2012 (5)
  15. Virus Bluescreen [Windows 7]
    Log-Analyse und Auswertung - 26.06.2011 (7)
  16. Piepen, Bluescreen, Virus?
    Plagegeister aller Art und deren Bekämpfung - 16.10.2010 (0)
  17. Bluescreen durch smit fraud, einen tag später wieder bluescreen
    Log-Analyse und Auswertung - 05.02.2008 (3)

Zum Thema Virus PlusHD und Bluescreen - Liebes Trojaner-Board-Team, ich habe mehrere Probleme mit dem Computer eines Bekannten. Betriebssystem Windows 8.1 Pro 64Bit Norton Antivirus hat einen Virus von dem Programm "PlusHD" gefunden. Das Programm konnte ich - Virus PlusHD und Bluescreen...
Archiv
Du betrachtest: Virus PlusHD und Bluescreen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.