| |
| |||||||
Log-Analyse und Auswertung: Kann Youtube videos nicht abspielenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
20.04.2014, 16:31
| #1 |
 |  Kann Youtube videos nicht abspielen Auf meinem win7 64 PC erscheint bloss eine schwarze Fläche, wenn ich die aufgelisteten Youtube Beiträge anklicke. Es besteht keine Möglichkeit, sie zum Abspielen zu bewegen. Alle heruntergeladenen Videos hingegen kann ich mit einschlägigen Programmen anschauen. Für Tipps bin ich sehr dankbar. Mit freundlichen Grüssen Alfred
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
20.04.2014, 17:37
| #2 |
  | Kann Youtube videos nicht abspielen Mach mal folgendes:
__________________Rechtsklick auf ein betroffenes Video, falls möglich Haken bei der Hardwarebeschleunigung raus. Danach: Poste bitte Logfiles zur Systemanalyse nach folgender Anleitung: Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten? Poste das dann entweder in diesen Thread oder eröffne einen neuen unter Log-Analyse und Auswertung. |
|
20.04.2014, 20:04
| #3 |
| | Kann Youtube videos nicht abspielen Hallo Keckrem, vielen vielen Dank für Deine superschnelle Antwort!
__________________Rechtsklick auf ein Youtube Video ergibt bei mir keine Möglichkeit, das Video zum spielen zu bringen und von einem Haken bei der Hardwarebeschleunigung sehe ich nichts. Mache ich da was falsch? anbei noch das Log von FRST64. Wie ist das mit dem Addition? ich sehe nur das FRST64 log. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 01
Ran by Alfred (administrator) on DM12REP on 20-04-2014 20:52:30
Running from C:\Users\Alfred\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMLite, Inc.) C:\VXP\VMLiteService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Farbar) C:\Users\Alfred\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - E:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe
Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Claro Search
CHR DefaultSearchURL: Google
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30]
CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14]
CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14]
CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14]
CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26]
CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-20 20:52 - 2014-04-20 20:52 - 00030062 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64(1).exe
2014-04-20 17:23 - 2014-04-20 06:21 - 00008681 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 05:50 - 2014-04-20 16:52 - 00000168 _____ () C:\Windows\setupact.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 17:20 - 2014-04-19 17:21 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps
2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk
2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-04-20 20:52 - 2014-04-20 20:52 - 00030062 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-20 20:52 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64(1).exe
2014-04-20 20:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe
2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc
2014-04-20 20:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 17:02 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-20 17:02 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-20 16:57 - 2012-10-18 15:41 - 02002781 _____ () C:\Windows\WindowsUpdate.log
2014-04-20 16:53 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-20 16:52 - 2014-04-20 05:50 - 00000168 _____ () C:\Windows\setupact.log
2014-04-20 16:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX
2014-04-20 11:44 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 11:44 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 11:44 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk
2014-04-20 06:21 - 2014-04-20 17:23 - 00008681 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-04-19 17:21 - 2014-04-19 17:20 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat
2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus
2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013
2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO
2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION
2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs
2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN
2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading
2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Alfred\AppData\Local\Temp\nshB87B.exe
C:\Users\Alfred\AppData\Local\Temp\nshE105.exe
C:\Users\Alfred\AppData\Local\Temp\nshE460.exe
C:\Users\Alfred\AppData\Local\Temp\nswBC33.exe
C:\Users\Alfred\AppData\Local\Temp\nsy6250.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 10:20
==================== End Of Log ============================
__________________ |
|
20.04.2014, 20:33
| #4 | ||
| | Kann Youtube videos nicht abspielen Hi, vergiss das mit der Hardwarebeschleunigung, hab da Quatsch erzählt.  Du hast dir da ein Rootkit eingefangen. Zitat:
Da ich nicht zum Malwareteam gehöre, ist an dieser Stelle Schluss für mich, warte bitte bis du Hilfe eines Kompetenzlers bekommst oder erstelle mit den drei Logs (FRST, Addition, GMER) ein Thema unter Plagegeister aller Art und deren Bekämpfung. Ach, eins noch... Zitat:
|
|
21.04.2014, 14:38
| #5 |
| | Kann Youtube videos nicht abspielen Hallo Keckrem, hier also noch die 3 logs. FRST64-Addition-Gmer Vielen vielen Dank für Deine Mühe freundliche Grüsse Alfred FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Alfred (administrator) on DM12REP on 21-04-2014 14:42:47
Running from C:\Users\Alfred\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMLite, Inc.) C:\VXP\VMLiteService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - E:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe
Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Claro Search
CHR DefaultSearchURL: Google
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30]
CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14]
CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14]
CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14]
CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26]
CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 14:42 - 2014-04-21 14:42 - 02056704 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion
2014-04-20 20:52 - 2014-04-21 14:43 - 00030008 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 17:23 - 2014-04-21 12:37 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 05:50 - 2014-04-21 08:57 - 00000224 _____ () C:\Windows\setupact.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 17:20 - 2014-04-19 17:21 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps
2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk
2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-04-21 14:43 - 2014-04-20 20:52 - 00030008 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-21 14:42 - 2014-04-21 14:42 - 02056704 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion
2014-04-21 14:42 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST
2014-04-21 14:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 13:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 12:37 - 2014-04-20 17:23 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-21 11:07 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 10:17 - 2012-10-18 15:41 - 02040562 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 08:57 - 2014-04-20 05:50 - 00000224 _____ () C:\Windows\setupact.log
2014-04-21 08:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe
2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX
2014-04-20 11:44 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 11:44 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 11:44 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-04-19 17:21 - 2014-04-19 17:20 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat
2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus
2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013
2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO
2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION
2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs
2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN
2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading
2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Alfred\AppData\Local\Temp\nshB87B.exe
C:\Users\Alfred\AppData\Local\Temp\nshE105.exe
C:\Users\Alfred\AppData\Local\Temp\nshE460.exe
C:\Users\Alfred\AppData\Local\Temp\nswBC33.exe
C:\Users\Alfred\AppData\Local\Temp\nsy6250.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 10:20
==================== End Of Log ============================
FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02
Ran by Alfred at 2014-04-21 14:43:44
Running from C:\Users\Alfred\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform)
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.1 - Steganos Software GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKCU\...\Video Converter) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.0 - BillP Studios)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
17-04-2014 06:10:55 Geplanter Prüfpunkt
19-04-2014 15:23:58 Removed Safari
19-04-2014 15:37:56 Windows Update
19-04-2014 18:02:00 TuneUp Utilities 2014 wird entfernt
19-04-2014 18:02:29 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 0Scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ"
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {34CDE739-E6A3-4229-A0AC-404334174774} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {3B13C808-C74B-4F0B-87E6-D3E0CCF938B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION
Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - \BitGuard No Task File <==== ATTENTION
Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {8AB563ED-7B3B-4DF2-B7A4-EB263403ECE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-10-10] (Abelssoft)
Task: {D739EF9A-9D3F-4DA4-B661-88FFD3A81B82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll
2013-09-07 14:02 - 2013-10-10 15:06 - 00020608 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-10-10 15:06 - 00017024 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-11-06 10:23 - 2011-05-26 15:14 - 00477080 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-21 08:27 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-09-14 20:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-09-14 20:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-09-14 20:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-09-14 20:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-19 18:25 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-10 11:26 - 2014-04-20 20:45 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "M:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:49:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht.
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/20/2014 00:20:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 00:57:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR8 gefunden.
Microsoft Office Sessions:
=========================
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: )
Description: M:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\PROGRAMME downloads DellPCsetups\SoftonicDownloader_for_vlc-media-player.exe
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:49:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 32%
Total physical RAM: 8119.05 MB
Available physical RAM: 5478.9 MB
Total Pagefile: 16236.28 MB
Available Pagefile: 13413.65 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:28.64 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-04-21 15:32:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8 SAMSUNG_HD502HJ rev.1AJ10001 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Alfred\AppData\Local\Temp\kxtdapob.sys
---- Processes - GMER 2.1 ----
Library C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uTMEMUIMgrEngine.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [1708] (ArcSoft MUI Manager Engine/ArcSoft, Inc.)(2012-11-06 08:23:28) 0000000000240000
Library C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\Language\DE\uEasyBackupMonitorRes.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [1708] (ArcSoft BBMonitorRes/ArcSoft, Inc.)(2012-11-06 08:23:21) 0000000000250000
---- EOF - GMER 2.1 ----
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
21.04.2014, 14:39
| #6 |
| | Kann Youtube videos nicht abspielen Hallo Keckrem, hier also noch die 3 logs. FRST64-Addition-Gmer Vielen vielen Dank für Deine Mühe freundliche Grüsse Alfred FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2014 02
Ran by Alfred (administrator) on DM12REP on 21-04-2014 14:42:47
Running from C:\Users\Alfred\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool
Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe
(ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe
(Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
() C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(VMLite, Inc.) C:\VXP\VMLiteService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] ()
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Ad-Aware Browsing Protection] => C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [554384 2013-07-15] (Lavasoft)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - E:\HPLauncher.exe
HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe
Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk
ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing
BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\conduit-search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16]
FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ []
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Claro Search
CHR DefaultSearchURL: Google
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26]
CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26]
CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30]
CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26]
CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14]
CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26]
CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26]
CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14]
CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14]
CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26]
CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26]
CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26]
CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14]
CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06]
CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1033688 2013-05-16] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
==================== Drivers (Whitelisted) ====================
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - )
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit?
R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.)
R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.)
R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.)
R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-04-21 14:42 - 2014-04-21 14:42 - 02056704 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion
2014-04-20 20:52 - 2014-04-21 14:43 - 00030008 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 17:23 - 2014-04-21 12:37 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 05:50 - 2014-04-21 08:57 - 00000224 _____ () C:\Windows\setupact.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 17:20 - 2014-04-19 17:21 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps
2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk
2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX
2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL
2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL
2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
==================== One Month Modified Files and Folders =======
2014-04-21 14:43 - 2014-04-20 20:52 - 00030008 _____ () C:\Users\Alfred\Desktop\FRST.txt
2014-04-21 14:42 - 2014-04-21 14:42 - 02056704 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe
2014-04-21 14:42 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion
2014-04-21 14:42 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST
2014-04-21 14:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 13:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-21 12:37 - 2014-04-20 17:23 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt
2014-04-21 11:07 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 10:17 - 2012-10-18 15:41 - 02040562 _____ () C:\Windows\WindowsUpdate.log
2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-21 08:57 - 2014-04-20 05:50 - 00000224 _____ () C:\Windows\setupact.log
2014-04-21 08:57 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe
2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe
2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc
2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm
2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien
2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia
2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia
2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14
2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA
2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX
2014-04-20 11:44 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-20 11:44 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-20 11:44 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA
2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk
2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk
2014-04-20 05:50 - 2014-04-20 05:50 - 00002946 _____ () C:\Windows\PFRO.log
2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs
2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk
2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy
2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft
2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe
2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe
2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten
2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla
2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari
2014-04-19 17:21 - 2014-04-19 17:20 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner
2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype
2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download
2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip
2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat
2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log
2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk
2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun
2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster
2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus
2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther
2014-04-15 20:55 - 2014-04-15 20:55 - 00002774 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-04-15 20:55 - 2014-04-15 20:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe
2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup
2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk
2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe
2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013
2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO
2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION
2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND
2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk
2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db
2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2)
2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV
2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml
2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml
2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian
2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN
2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip
2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs
2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN
2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files
2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe
2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList
2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList
2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading
2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner
2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db
2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW
2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes
2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple
2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Alfred\AppData\Local\Temp\nshB87B.exe
C:\Users\Alfred\AppData\Local\Temp\nshE105.exe
C:\Users\Alfred\AppData\Local\Temp\nshE460.exe
C:\Users\Alfred\AppData\Local\Temp\nswBC33.exe
C:\Users\Alfred\AppData\Local\Temp\nsy6250.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-19 10:20
==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2014 02 Ran by Alfred at 2014-04-21 14:43:44 Running from C:\Users\Alfred\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} ==================== Installed Programs ====================== Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis) Ad-Aware Browsing Protection (HKLM-x32\...\Ad-Aware Browsing Protection) (Version: 1.0.1.110 - Lavasoft) Adobe Flash Player 13 ActiveX (HKLM-x32\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS) AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.12 - Piriform) CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft) D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC) DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland) Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation) Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries) Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries) Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries) Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google) Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP) HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.) Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson) iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.) Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle) Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - ) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla) Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP) OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation) PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH) PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - ) PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.) Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.1.21 - Safer-Networking Ltd.) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.1 - Steganos Software GmbH) TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Video Converter (HKCU\...\Video Converter) (Version: - ) VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin) Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp) WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.0 - BillP Studios) WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) ==================== Restore Points ========================= 17-04-2014 06:10:55 Geplanter Prüfpunkt 19-04-2014 15:23:58 Removed Safari 19-04-2014 15:37:56 Windows Update 19-04-2014 18:02:00 TuneUp Utilities 2014 wird entfernt 19-04-2014 18:02:29 TuneUp Utilities 2014 (de-DE) wird entfernt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 0Scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 10sek.com 127.0.0.1 Gadgets And More 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 123fporn.info 127.0.0.1 www.123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPI CMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ" Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {34CDE739-E6A3-4229-A0AC-404334174774} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {3B13C808-C74B-4F0B-87E6-D3E0CCF938B9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated) Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - \BitGuard No Task File <==== ATTENTION Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {8AB563ED-7B3B-4DF2-B7A4-EB263403ECE6} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.) Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-10-10] (Abelssoft) Task: {D739EF9A-9D3F-4DA4-B661-88FFD3A81B82} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-03-18] (Piriform Ltd) Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.) Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll 2013-09-07 14:02 - 2013-10-10 15:06 - 00020608 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll 2013-07-04 10:18 - 2013-10-10 15:06 - 00017024 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll 2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll 2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe 2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2012-11-06 10:23 - 2011-05-26 15:14 - 00477080 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe 2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll 2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll 2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll 2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll 2013-09-21 08:27 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll 2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll 2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2013-09-14 20:20 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-09-14 20:20 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-09-14 20:20 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-09-14 20:20 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-09-14 20:20 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2014-04-19 18:25 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-04-10 11:26 - 2014-04-20 20:45 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll 2013-10-29 22:30 - 2014-04-12 02:52 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-10-29 22:30 - 2014-04-12 02:52 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-10-29 22:30 - 2014-04-12 02:52 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty AlternateDataStreams: C:\ProgramData\TEMP:5C321E34 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "M:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)" Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 00:30:03 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 09:49:15 AM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht. Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (04/20/2014 00:20:08 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden. Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Error: (04/19/2014 00:57:14 PM) (Source: Disk) (User: ) Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR8 gefunden. Microsoft Office Sessions: ========================= Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: ) Description: M:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006) Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 00:30:03 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\PROGRAMME downloads DellPCsetups\SoftonicDownloader_for_vlc-media-player.exe Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (04/19/2014 09:49:15 AM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 8119.05 MB Available physical RAM: 5478.9 MB Total Pagefile: 16236.28 MB Available Pagefile: 13413.65 MB Total Virtual: 8192 MB Available Virtual: 8191.84 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:465.66 GB) (Free:28.64 GB) NTFS Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C) Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS) ==================== End Of Log ============================ GMER Logfile: Code:
ATTFilter GMER 2.1.19357 - GMER - Rootkit Detector and Remover
Rootkit scan 2014-04-21 15:32:13
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP6T0L0-8 SAMSUNG_HD502HJ rev.1AJ10001 465.76GB
Running: Gmer-19357.exe; Driver: C:\Users\Alfred\AppData\Local\Temp\kxtdapob.sys
---- Processes - GMER 2.1 ----
Library C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uTMEMUIMgrEngine.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [1708] (ArcSoft MUI Manager Engine/ArcSoft, Inc.)(2012-11-06 08:23:28) 0000000000240000
Library C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\Language\DE\uEasyBackupMonitorRes.dll (*** suspicious ***) @ C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe [1708] (ArcSoft BBMonitorRes/ArcSoft, Inc.)(2012-11-06 08:23:21) 0000000000250000
---- EOF - GMER 2.1 ----
__________________ --> Kann Youtube videos nicht abspielen |
|
21.04.2014, 16:31
| #7 | |
| | Kann Youtube videos nicht abspielen Hi, hast doppelt gepostet  Ich kann dir an hier nur sagen, dass auf deinem PC einiges los ist. Ich könnte dir wahrscheinlich helfen, aber ich darf es leider nicht. Was ich dir sagen kann: Necurs Rootkit (-> KEIN ONLINEBANKING vor dem Ende der Bereinigung) Adware bis zum Unfallen Und wenn ich mir den Teil bei hosts ansehe, wird da noch einiges im Argen liegen: Zitat:
Und hat es einen bestimmten Grund, dass du Adobe Photoshop 7.0 verwendest? Spybot ist für mich nicht auf aktuellem Stand der Malware, ich würde es deinstallieren. Selbes gilt für Ad-Aware. Danach (wenn du es deinstallierst) bitte neues FRST Log, Haken bei Addition setzen.  |
|
21.04.2014, 17:02
| #8 |
| | Kann Youtube videos nicht abspielen oh, schlimme Sache, danke für den schonungslosen feedback... ja, auf meinem PC gibt es verschiedene user, war lange abwesend dazu.. hier nochmals first64 und addition. Habe die beiden genannten Programme gem. Deiner Instruktion desinstalliert. Photoshop 7 habe ich seit vielen jahren drauf und bin eigentlich zufrieden damit. Die neuen sind sehr teuer. Uebrigens, ich habe zum ersten mal dieses Ctrl-V verwendet und habe festgestellt, dass nur Addition draufkommt, nicht aber das FRST64 log. Ich hoffe nicht, dass es wieder 2x drauf ist. Vielen vielen Dank Gruss Alfred FRST Logfile: [CODE]Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 Ran by Alfred (administrator) on DM12REP on 21-04-2014 17:46:59 Running from C:\Users\Alfred\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (VMLite, Inc.) C:\VXP\VMLiteService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] () HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\RunOnce: [adawarebp_XP] - reg.exe delete "HKCU\Software\adawarebp" /f HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\RunOnce: [adawarebp_DATA_FOLDER] - cmd.exe /c rmdir "C:\ProgramData\Ad-Aware Browsing Protection" /s /q HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\RunOnce: [adawarebp_INSTALL_FOLDER] - cmd.exe /c rmdir "C:\Users\Alfred\AppData\Local\adawarebp" /s /q HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - E:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496 FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\conduit-search.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4 CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: Claro Search CHR DefaultSearchURL: Google CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30] CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14] CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26] CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14] CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14] CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26] CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26] CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26] CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - ) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:46 - 2014-04-21 14:47 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 14:42 - 2014-04-21 17:46 - 02060288 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 14:42 - 2014-04-21 17:46 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 17:23 - 2014-04-21 12:37 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-21 17:42 - 00000280 _____ () C:\Windows\setupact.log 2014-04-20 05:50 - 2014-04-21 17:41 - 00005824 _____ () C:\Windows\PFRO.log 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-19 17:20 - 2014-04-19 17:21 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner 2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps 2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4 2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk 2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:46 - 2014-04-21 14:42 - 02060288 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 17:46 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-21 17:46 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST 2014-04-21 17:46 - 2012-10-18 15:41 - 02048112 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 17:42 - 2014-04-20 05:50 - 00000280 _____ () C:\Windows\setupact.log 2014-04-21 17:42 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-21 17:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 17:41 - 2014-04-20 05:50 - 00005824 _____ () C:\Windows\PFRO.log 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 17:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-21 16:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:47 - 2014-04-21 14:46 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 12:37 - 2014-04-20 17:23 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 09:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe 2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX 2014-04-20 11:44 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-20 11:44 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-20 11:44 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\OpenCandy 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari 2014-04-19 17:21 - 2014-04-19 17:20 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner 2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype 2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat 2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus 2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-14 20:33 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013 2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO 2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION 2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs 2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN 2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading 2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe Some content of TEMP: ==================== C:\Users\Alfred\AppData\Local\Temp\nshB87B.exe C:\Users\Alfred\AppData\Local\Temp\nshE105.exe C:\Users\Alfred\AppData\Local\Temp\nshE460.exe C:\Users\Alfred\AppData\Local\Temp\nswBC33.exe C:\Users\Alfred\AppData\Local\Temp\nsy6250.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legitFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014
Ran by Alfred at 2014-04-21 17:48:10
Running from C:\Users\Alfred\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.1 - Steganos Software GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKCU\...\Video Converter) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.0 - BillP Studios)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
17-04-2014 06:10:55 Geplanter Prüfpunkt
19-04-2014 15:23:58 Removed Safari
19-04-2014 15:37:56 Windows Update
19-04-2014 18:02:00 TuneUp Utilities 2014 wird entfernt
19-04-2014 18:02:29 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³
127.0.0.1 032439.com
127.0.0.1 0Scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ"
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION
Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - \BitGuard No Task File <==== ATTENTION
Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-10-10] (Abelssoft)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll
2013-09-07 14:02 - 2013-10-10 15:06 - 00020608 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-10-10 15:06 - 00017024 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2012-11-06 10:23 - 2011-05-26 15:14 - 00477080 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe
2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-21 08:27 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 03018864 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-10-29 22:30 - 2014-04-12 02:52 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-19 18:25 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "M:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht.
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/20/2014 00:20:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 00:57:14 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR8 gefunden.
Microsoft Office Sessions:
=========================
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: )
Description: M:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\PROGRAMME downloads DellPCsetups\SoftonicDownloader_for_vlc-media-player.exe
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 05:28:40 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 09:57:43 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 27%
Total physical RAM: 8119.05 MB
Available physical RAM: 5904.75 MB
Total Pagefile: 16236.28 MB
Available Pagefile: 13725.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:28.86 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.74 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- ---
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
21.04.2014, 19:06
| #9 | ||
| | Kann Youtube videos nicht abspielen Hi, FRST Log ist nicht in Code-Tags... Ich werde dir dann doch helfen, aber nur soweit ich das auch kann, ohne etwas zu zerstören. Ich übernehme keine Gewähr für Systemschäden, bitte sichere alle wichtigen Daten, auch wenn wahrscheinlich alles glatt geht. Schritt 1: Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2: Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Hi nochmal, bitte wie vorgegeben weitermachen, aber mir ist gerade etwas aufgefallen... Lade die folgenden Dateien bitte auf Virustotal hoch. Zitat:
Zitat:
|
|
21.04.2014, 20:06
| #10 |
| | Kann Youtube videos nicht abspielen Hallo Keckrem, anbei die neusten First64 und addition logs, Anfrage: was ist "Virustotal" und wie kann ich die Dateien dort hochladen? Gruss Alfred FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01 Ran by Alfred (administrator) on DM12REP on 21-04-2014 21:00:08 Running from C:\Users\Alfred\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (VMLite, Inc.) C:\VXP\VMLiteService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] () HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496 FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4 CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: Claro Search CHR DefaultSearchURL: Google CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30] CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14] CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26] CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14] CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14] CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26] CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26] CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26] CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - ) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 21:00 - 2014-04-21 21:00 - 00028828 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-04-21 20:58 - 2014-04-21 20:58 - 02163712 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(2).exe 2014-04-21 20:19 - 2014-04-21 20:19 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 20:19 - 2014-04-21 20:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 20:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-21 20:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-21 20:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-21 20:18 - 2014-04-21 20:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 20:06 - 2014-04-21 20:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alfred\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 18:08 - 2014-04-21 18:08 - 00114528 _____ () C:\Users\Alfred\Desktop\trojaner board. 18.00.txt 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:46 - 2014-04-21 14:47 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 14:42 - 2014-04-21 20:59 - 02163712 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 14:42 - 2014-04-21 20:59 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 17:23 - 2014-04-21 12:37 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-21 20:50 - 00009578 _____ () C:\Windows\PFRO.log 2014-04-20 05:50 - 2014-04-21 20:50 - 00000392 _____ () C:\Windows\setupact.log 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps 2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4 2014-04-14 20:33 - 2014-04-21 19:17 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk 2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-04-21 21:00 - 2014-04-21 21:00 - 00028828 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-04-21 21:00 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST 2014-04-21 20:59 - 2014-04-21 14:42 - 02163712 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 20:59 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-21 20:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 20:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 20:58 - 2014-04-21 20:58 - 02163712 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(2).exe 2014-04-21 20:55 - 2012-10-18 15:41 - 02063237 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 20:53 - 2014-04-21 20:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 20:51 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-21 20:50 - 2014-04-20 05:50 - 00009578 _____ () C:\Windows\PFRO.log 2014-04-21 20:50 - 2014-04-20 05:50 - 00000392 _____ () C:\Windows\setupact.log 2014-04-21 20:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 20:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 20:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web 2014-04-21 20:19 - 2014-04-21 20:19 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 20:19 - 2014-04-21 20:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 20:17 - 2013-06-24 17:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-21 20:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-21 20:06 - 2014-04-21 20:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alfred\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 19:19 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-21 19:19 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-21 19:19 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-21 19:17 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-21 18:08 - 2014-04-21 18:08 - 00114528 _____ () C:\Users\Alfred\Desktop\trojaner board. 18.00.txt 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:47 - 2014-04-21 14:46 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 12:37 - 2014-04-20 17:23 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe 2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX 2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari 2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype 2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat 2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus 2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013 2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO 2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION 2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs 2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN 2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading 2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 09:51 - 2014-04-21 20:19 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-21 20:19 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-21 20:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 10:20 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 01
Ran by Alfred at 2014-04-21 21:00:42
Running from C:\Users\Alfred\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.1 - Steganos Software GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKCU\...\Video Converter) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.0 - BillP Studios)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
17-04-2014 06:10:55 Geplanter Prüfpunkt
19-04-2014 15:23:58 Removed Safari
19-04-2014 15:37:56 Windows Update
19-04-2014 18:02:00 TuneUp Utilities 2014 wird entfernt
19-04-2014 18:02:29 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³
127.0.0.1 032439.com
127.0.0.1 0Scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ"
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION
Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - \BitGuard No Task File <==== ATTENTION
Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-10-10] (Abelssoft)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-11-17 15:00 - 2010-11-17 15:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2013-09-07 14:02 - 2013-10-10 15:06 - 00020608 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-10-10 15:06 - 00017024 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-11-06 10:23 - 2011-05-26 15:14 - 00685976 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll
2011-02-24 19:05 - 2011-02-24 19:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-21 08:27 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-11-06 10:23 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2014-04-19 18:25 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 08:52:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:12:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "M:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/21/2014 08:09:42 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht.
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/20/2014 00:20:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Microsoft Office Sessions:
=========================
Error: (04/21/2014 08:52:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:12:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: )
Description: M:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\PROGRAMME downloads DellPCsetups\SoftonicDownloader_for_vlc-media-player.exe
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8119.05 MB
Available physical RAM: 5974.67 MB
Total Pagefile: 16236.28 MB
Available Pagefile: 13939.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:28.8 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.74 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:873.91 GB) NTFS
Drive l: (KINGSTON) (Removable) (Total:14.4 GB) (Free:5.47 GB) FAT32
Drive m: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:0 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 932 GB) (Disk ID: 873A0A01)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (Size: 931 GB) (Disk ID: 0002E5E5)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (Size: 14 GB) (Disk ID: 4E6F2201)
Partition 1: (Active) - (Size=14 GB) - (Type=0B)
==================== End Of Log ============================
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
21.04.2014, 20:09
| #11 |
| | Kann Youtube videos nicht abspielen Hallo Keckrem, anbei die neusten First64 und addition logs, Anfrage: was ist "Virustotal" und wie kann ich die Dateien dort hochladen? Gruss Alfred FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-04-2014 01 Ran by Alfred (administrator) on DM12REP on 21-04-2014 21:00:08 Running from C:\Users\Alfred\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\system32\atiesrxx.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AMD) C:\Windows\system32\atieclxx.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Abelssoft) C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (ArcSoft, Inc.) C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe (BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe (Steganos Software GmbH) C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe (Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GmbH) C:\Program Files (x86)\PDF Architect\ConversionService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\PSIA.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (VMLite, Inc.) C:\VXP\VMLiteService.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [462400 2011-02-12] (Acronis) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2000-01-01] (Realtek Semiconductor) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [adm_tray.exe] => C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe [470120 2011-02-24] () HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Safe 14\SteganosHotKeyService.exe [103424 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [SAFE14 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 14\fredirstarter.exe [17408 2013-05-16] (Steganos Software GmbH) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] () HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.) HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [SAFE14 Browser Monitor] => C:\Program Files (x86)\Steganos Safe 14\SteganosBrowserMonitor.exe [73216 2013-05-16] (Steganos Software GmbH) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1093464 2013-07-22] (Garmin Ltd or its subsidiaries) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [441408 2013-09-05] (BillP Studios) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: L - L:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {63be18cd-1c39-11e2-87aa-20cf308e5960} - K:\HPLauncher.exe HKU\S-1-5-21-344976508-2612026722-1020238545-1000\...\MountPoints2: {aa142560-a0e7-11e2-b173-20cf308e5960} - K:\HPLauncher.exe Startup: C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HP SimpleSave Monitor.lnk ShortcutTarget: HP SimpleSave Monitor.lnk -> C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\StartHelper.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.ch/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Schweiz : Hotmail, Outlook, Skype download, Unterhaltung, Nachrichten, Sport, Lifestyle, Auto und mehr bei MSN CH HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2E20F8E641ADCD01 SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = Bing BHO: No Name - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Freemake.YoutubeButton - {e9e8eb35-ff77-455d-b677-91e5e4fc06c2} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496 FF SelectedSearchEngine: Google FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Plus Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-07-26] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-08-16] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-29] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://securedsearch2.lavasoft.com/index.php?pr=vmn&id=adawaretb&v=3_4&ent=hp&u=424CC20045927E4CBDC72C5234910BB4 CHR RestoreOnStartup: "hxxp://www.google.com" CHR DefaultSearchProvider: Claro Search CHR DefaultSearchURL: Google CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.66\pdf.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No File CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll No File CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll No File CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Extension: (Google Docs) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-26] CHR Extension: (Google Drive) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-26] CHR Extension: (WOT) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2013-06-30] CHR Extension: (YouTube) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-26] CHR Extension: (Freemake Video Downloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf [2013-09-14] CHR Extension: (Google-Suche) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-26] CHR Extension: (Online HD TV) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkinklhnkmkhkhofcnapakaoehijaoih [2013-06-26] CHR Extension: (Freemake Youtube Download Button) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh [2013-09-14] CHR Extension: (Delta Toolbar) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-14] CHR Extension: (RealDownloader) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-06-26] CHR Extension: (Skype Click to Call) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-06-26] CHR Extension: (Chrome In-App Payments service) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Mehr Leistung und Videoformate für dein HTML5 <video>) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-06-26] CHR Extension: (Lavasoft NewTab) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole [2013-09-14] CHR Extension: (Google Mail) - C:\Users\Alfred\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-26] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files (x86)\OnlineHD.TV\onhd11.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-09-14] CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-05-06] CHR HKLM-x32\...\Chrome\Extension: [oejkcgajlodefenbbjdnaiahmbnnoole] - C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\chrome-newtab-search.crx [2013-05-06] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 BackupService; C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\uUACTokenSvc.exe [83512 2010-07-01] (ArcSoft, Inc.) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-08-26] (Ellora Assets Corp.) R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [219480 2013-07-22] (Garmin Ltd or its subsidiaries) R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) R2 VMLiteService; C:\VXP\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.) ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13368 2009-04-06] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-09-14] (GFI Software) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [119512 2014-04-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] () R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [108648 2012-07-24] (Softwareentwicklung Remus - ArchiCrypt - ) U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] () <===== ATTENTION Necurs Rootkit? R1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.) R3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [146216 2010-08-11] (VMLite, Inc.) R3 VBoxNetFlt; C:\Windows\System32\DRIVERS\VBoxNetFlt.sys [165800 2010-08-11] (VMLite, Inc.) R1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.) R3 vmlitestor; C:\Windows\System32\DRIVERS\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.) S3 VMLiteUSB; C:\Windows\System32\Drivers\VMLiteUSB.sys [150120 2010-08-11] (VMLite, Inc.) R1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.) S3 ALSysIO; \??\C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-21 21:00 - 2014-04-21 21:00 - 00028828 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-04-21 20:58 - 2014-04-21 20:58 - 02163712 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(2).exe 2014-04-21 20:19 - 2014-04-21 20:19 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 20:19 - 2014-04-21 20:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 20:19 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-21 20:19 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-21 20:19 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-21 20:18 - 2014-04-21 20:53 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 20:06 - 2014-04-21 20:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alfred\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 18:08 - 2014-04-21 18:08 - 00114528 _____ () C:\Users\Alfred\Desktop\trojaner board. 18.00.txt 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:46 - 2014-04-21 14:47 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 14:42 - 2014-04-21 20:59 - 02163712 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 14:42 - 2014-04-21 20:59 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 17:23 - 2014-04-21 12:37 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-21 20:50 - 00009578 _____ () C:\Windows\PFRO.log 2014-04-20 05:50 - 2014-04-21 20:50 - 00000392 _____ () C:\Windows\setupact.log 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 19:59 - 2014-04-19 20:00 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:57 - 2014-04-19 19:58 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-17 09:01 - 2010-05-30 07:21 - 06666752 _____ () C:\Users\Alfred\Desktop\1940's.pps 2014-04-16 22:28 - 2014-04-16 22:38 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 22:25 - 2014-04-16 22:45 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 18:05 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:11 - 2014-04-15 18:12 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-15 12:29 - 2011-12-28 22:00 - 22305142 _____ () C:\Users\Alfred\Desktop\TrackIR Explained.mp4 2014-04-14 20:33 - 2014-04-21 19:17 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:06 - 2014-04-20 10:01 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:34 - 2014-04-14 15:35 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 12:30 - 2012-11-05 18:54 - 00001901 _____ () C:\Users\Alfred\Desktop\FAVORITEN - Verknüpfung.lnk 2014-04-13 15:30 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:12 - 2014-04-12 13:15 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:21 - 2014-04-14 08:50 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 03:02 - 2014-03-06 11:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-12 03:02 - 2014-03-06 10:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-12 03:02 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-12 03:02 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-12 03:02 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-12 03:01 - 2014-03-06 12:21 - 23549440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-12 03:01 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-12 03:01 - 2014-03-06 11:19 - 17387008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-12 03:01 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-12 03:01 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-12 03:01 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-12 03:01 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-12 03:01 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-12 03:01 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-12 03:01 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-12 03:01 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-12 03:01 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-12 03:01 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-12 03:01 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-12 03:01 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-12 03:01 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-12 03:01 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-12 03:01 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-12 03:01 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-12 03:01 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-12 03:01 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-12 03:01 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-12 03:01 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-12 03:01 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-12 03:01 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-12 03:01 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-12 03:01 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 07:38 - 2014-04-15 20:57 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-11 07:38 - 2012-05-05 10:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-04-11 07:38 - 2012-05-05 10:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-04-11 07:38 - 1998-07-06 17:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-04-11 07:38 - 1998-07-06 17:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-11 07:10 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-11 07:10 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-11 07:10 - 2013-12-25 01:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-04-11 07:10 - 2013-12-25 00:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-04-11 07:10 - 2013-11-26 10:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2014-04-11 07:10 - 2013-11-23 20:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 19:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2014-04-11 07:10 - 2013-11-23 00:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2014-04-10 21:56 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:14 - 2013-05-10 07:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2014-04-10 21:14 - 2013-05-10 07:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2014-04-10 21:14 - 2013-05-10 06:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2014-04-10 21:01 - 2014-04-11 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-10 15:49 - 2013-10-19 04:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll 2014-04-10 15:49 - 2013-10-19 03:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll 2014-04-10 15:49 - 2013-10-12 04:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll 2014-04-10 15:49 - 2013-10-12 04:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx 2014-04-10 15:49 - 2013-10-12 04:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll 2014-04-10 15:49 - 2013-10-12 03:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe 2014-04-10 15:49 - 2013-10-12 03:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:47 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:28 - 2014-04-10 11:27 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:28 - 2014-04-10 11:27 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:16 - 2013-10-30 04:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-10 11:15 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-10 11:15 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-10 11:15 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-10 11:15 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-10 11:15 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-10 11:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-10 11:15 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-10 11:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-10 11:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-10 11:15 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-10 11:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-04-10 11:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-04-10 11:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-04-10 11:15 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-10 11:15 - 2014-01-01 01:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls 2014-04-10 11:15 - 2014-01-01 01:04 - 00420008 _____ () C:\Windows\system32\locale.nls 2014-04-10 11:15 - 2013-12-06 04:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-04-10 11:15 - 2013-12-06 04:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll 2014-04-10 11:15 - 2013-12-04 04:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 04:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-12-04 04:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll 2014-04-10 11:15 - 2013-12-04 04:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll 2014-04-10 11:15 - 2013-12-04 04:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll 2014-04-10 11:15 - 2013-12-04 03:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe 2014-04-10 11:15 - 2013-12-04 03:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe 2014-04-10 11:15 - 2013-11-27 03:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2014-04-10 11:15 - 2013-11-27 03:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2014-04-10 11:15 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys 2014-04-10 11:15 - 2013-11-12 04:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-04-10 11:15 - 2013-11-12 04:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-04-10 11:15 - 2013-10-30 04:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll 2014-04-10 11:15 - 2013-10-04 04:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys 2014-04-10 11:15 - 2013-10-04 03:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys ==================== One Month Modified Files and Folders ======= 2014-04-21 21:00 - 2014-04-21 21:00 - 00028828 _____ () C:\Users\Alfred\Desktop\FRST.txt 2014-04-21 21:00 - 2013-07-04 11:42 - 00000000 ____D () C:\FRST 2014-04-21 20:59 - 2014-04-21 14:42 - 02163712 _____ (Farbar) C:\Users\Alfred\Desktop\FRST64.exe 2014-04-21 20:59 - 2014-04-21 14:42 - 00000000 ____D () C:\Users\Alfred\Desktop\FRST-OlderVersion 2014-04-21 20:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 20:59 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 20:58 - 2014-04-21 20:58 - 02163712 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(2).exe 2014-04-21 20:55 - 2012-10-18 15:41 - 02063237 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 20:53 - 2014-04-21 20:18 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-21 20:51 - 2012-10-25 14:53 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-21 20:50 - 2014-04-20 05:50 - 00009578 _____ () C:\Windows\PFRO.log 2014-04-21 20:50 - 2014-04-20 05:50 - 00000392 _____ () C:\Windows\setupact.log 2014-04-21 20:50 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-21 20:48 - 2013-04-10 04:17 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-21 20:45 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Web 2014-04-21 20:19 - 2014-04-21 20:19 - 00001108 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-21 20:19 - 2014-04-21 20:19 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-21 20:17 - 2013-06-24 17:52 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-21 20:07 - 2012-10-25 14:53 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-21 20:06 - 2014-04-21 20:06 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Alfred\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-21 19:19 - 2011-04-12 09:43 - 00699416 _____ () C:\Windows\system32\perfh007.dat 2014-04-21 19:19 - 2011-04-12 09:43 - 00149556 _____ () C:\Windows\system32\perfc007.dat 2014-04-21 19:19 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-21 19:17 - 2014-04-14 20:33 - 00001001 _____ () C:\Users\Alfred\Desktop\D - Verknüpfung.lnk 2014-04-21 18:08 - 2014-04-21 18:08 - 00114528 _____ () C:\Users\Alfred\Desktop\trojaner board. 18.00.txt 2014-04-21 17:47 - 2014-04-21 17:47 - 00000000 ____D () C:\Users\Alfred\Desktop\Neuer Ordner (2) 2014-04-21 17:40 - 2014-04-21 17:40 - 00000085 _____ () C:\Windows\wininit.ini 2014-04-21 15:34 - 2014-04-21 15:34 - 00000921 _____ () C:\Users\Alfred\Desktop\Gmer.log 2014-04-21 14:56 - 2014-04-21 14:56 - 00000000 ____D () C:\Users\Alfred\Documents\1.RELIGIONEN 2014-04-21 14:47 - 2014-04-21 14:46 - 00380416 _____ () C:\Users\Alfred\Desktop\Gmer-19357.exe 2014-04-21 12:37 - 2014-04-20 17:23 - 00008745 _____ () C:\Users\Alfred\Desktop\PW.per 30.3.2014.txt 2014-04-20 20:51 - 2014-04-20 20:51 - 02056192 _____ (Farbar) C:\Users\Alfred\Downloads\FRST64(1).exe 2014-04-20 20:45 - 2013-04-10 04:17 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-20 20:45 - 2012-10-22 08:20 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-20 20:45 - 2012-10-22 08:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-20 20:45 - 2012-10-18 18:15 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Adobe 2014-04-20 20:21 - 2012-10-21 15:24 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\vlc 2014-04-20 17:17 - 2014-04-20 17:17 - 00071371 _____ () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1.htm 2014-04-20 17:17 - 2014-04-20 17:17 - 00000000 ____D () C:\Users\Alfred\Downloads\Christentum und Buddhismus Teil 1-Dateien 2014-04-20 13:44 - 2014-04-20 13:44 - 00000000 ____D () C:\Users\Alfred\Desktop\AGODA complaint Pattavia 2014-04-20 13:44 - 2014-04-13 15:30 - 00000000 ____D () C:\Users\Alfred\Documents\AGODA complaint Pattavia 2014-04-20 12:34 - 2014-04-20 12:34 - 00000000 ____D () C:\Users\Alfred\Documents\1.eSATA inventar 20.4.14 2014-04-20 12:34 - 2014-04-16 18:05 - 00000000 ____D () C:\Users\Alfred\Documents\MEDIAMARKT TOSHIBA 2014-04-20 11:44 - 2013-08-28 10:44 - 00000000 ___RD () C:\Users\Alfred\Desktop\PIX 2014-04-20 10:01 - 2014-04-14 18:06 - 00000000 ____D () C:\Users\Alfred\Documents\JENS SCHNEIDER RA 2014-04-20 07:10 - 2014-04-20 07:10 - 00001211 _____ () C:\Users\Alfred\Desktop\AGODA complaint Pattavia - Verknüpfung.lnk 2014-04-20 06:45 - 2013-11-02 14:20 - 00000878 _____ () C:\Users\Alfred\Desktop\PIX D - Verknüpfung.lnk 2014-04-20 05:50 - 2014-04-20 05:50 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-19 21:34 - 2013-04-14 10:06 - 00000000 ____D () C:\Users\Alfred\Documents\AVIATION pdfs 2014-04-19 21:27 - 2014-04-19 21:27 - 00001463 _____ () C:\Users\Alfred\Desktop\0.0.eSATA INVENTAR BACKUP LOGS - Verknüpfung.lnk 2014-04-19 20:06 - 2013-06-29 12:08 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Free Download Manager 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\TuneUp Software 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 20:00 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar 2014-04-19 20:00 - 2014-04-19 19:59 - 00000000 ____D () C:\ProgramData\TuneUp Software 2014-04-19 19:59 - 2014-04-19 19:59 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-04-19 19:58 - 2014-04-19 19:58 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-04-19 19:58 - 2014-04-19 19:57 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\DVDVideoSoft 2014-04-19 18:53 - 2014-04-19 18:53 - 32990152 _____ (DVDVideoSoft Ltd. ) C:\Users\Alfred\Downloads\FreeYouTubeDownload_3232327.exe 2014-04-19 18:51 - 2014-04-19 18:51 - 01069776 _____ (Solid State Networks) C:\Users\Alfred\Downloads\install_flashplayer13x32_mssa_aaa_aih.exe 2014-04-19 18:33 - 2012-10-25 14:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-19 18:27 - 2014-04-19 18:27 - 00000000 ____D () C:\Users\Alfred\Documents\Alte Firefox-Daten 2014-04-19 18:26 - 2012-10-21 13:48 - 00000000 ____D () C:\Users\Alfred\AppData\Local\Mozilla 2014-04-19 18:25 - 2014-04-19 18:25 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-19 18:25 - 2013-09-04 13:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-19 17:24 - 2013-05-13 11:11 - 00000000 ____D () C:\Program Files (x86)\Safari 2014-04-18 10:16 - 2012-10-26 06:52 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-04-18 10:15 - 2012-10-26 06:51 - 00000000 ____D () C:\ProgramData\Skype 2014-04-17 09:00 - 2013-08-19 20:48 - 00012288 _____ () C:\Users\Alfred\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-16 22:45 - 2014-04-16 22:25 - 60211080 _____ () C:\Users\Alfred\Downloads\B738-HaribAIR.zip.download 2014-04-16 22:38 - 2014-04-16 22:28 - 30327999 _____ () C:\Users\Alfred\Downloads\ERJ145-Luxair.zip 2014-04-16 19:07 - 2013-09-29 10:53 - 00176156 _____ () C:\Windows\hphins27.dat 2014-04-16 19:07 - 2012-10-29 15:04 - 00010237 _____ () C:\ProgramData\hpzinstall.log 2014-04-16 08:43 - 2014-04-16 08:43 - 00001094 _____ () C:\Users\Alfred\Desktop\1.Budget2013 neu - Verknüpfung.lnk 2014-04-16 08:42 - 2014-04-16 08:42 - 00000000 ____D () C:\Users\Public\Documents\sun 2014-04-15 21:00 - 2013-09-21 08:15 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-04-15 20:57 - 2014-04-11 07:38 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-04-15 20:57 - 2013-11-13 21:22 - 00000000 ____D () C:\Users\Alfred\AppData\Roaming\Azureus 2014-04-15 20:57 - 2012-10-18 16:36 - 00000000 ____D () C:\Windows\Panther 2014-04-15 20:52 - 2014-04-15 20:52 - 03710504 _____ (Piriform Ltd) C:\Users\Alfred\Downloads\ccsetup412_slim.exe 2014-04-15 18:12 - 2014-04-15 18:11 - 00000000 ____D () C:\Users\Alfred\Documents\USB stick braun-schwarz-bup 2014-04-14 18:47 - 2014-04-14 18:47 - 30796712 _____ (Oracle Corporation) C:\Users\Alfred\Downloads\jre-7u51-windows-x64.exe 2014-04-14 18:31 - 2013-07-04 21:26 - 00000000 ____D () C:\Users\Alfred\Documents\trojaner.board.de.4.7.013 2014-04-14 18:25 - 2012-11-01 09:05 - 00000000 ____D () C:\Users\Alfred\Documents\AUTO 2014-04-14 18:24 - 2012-11-16 13:57 - 00000000 ____D () C:\Users\Alfred\Documents\0.AVIATION 2014-04-14 18:17 - 2012-12-03 12:12 - 00000000 ____D () C:\Users\Alfred\Documents\THAILAND 2014-04-14 18:06 - 2014-04-14 18:06 - 00001122 _____ () C:\Users\Alfred\Desktop\JENS SCHNEIDER RA - Verknüpfung.lnk 2014-04-14 18:06 - 2012-11-01 11:06 - 00877056 ___SH () C:\Users\Alfred\Documents\Thumbs.db 2014-04-14 18:04 - 2014-04-14 18:04 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner (2) 2014-04-14 18:04 - 2013-09-13 18:21 - 00000000 ____D () C:\Users\Alfred\Documents\AHV 2014-04-14 15:35 - 2014-04-14 15:35 - 03754042 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 03669425 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml 2014-04-14 15:35 - 2014-04-14 15:35 - 02813491 _____ () C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml 2014-04-14 15:35 - 2014-04-14 15:34 - 00000000 ____D () C:\Users\Alfred\Desktop\feb julian 2014-04-14 08:50 - 2014-04-12 12:21 - 00000000 ____D () C:\Users\Alfred\Documents\STEUERN TOFFEN 2014-04-13 14:20 - 2014-04-13 14:20 - 00525037 _____ () C:\Users\Alfred\Downloads\2014-04-13.zip 2014-04-13 06:01 - 2009-07-14 06:45 - 02237408 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-12 14:32 - 2013-10-30 06:52 - 00000000 ____D () C:\Users\Alfred\Documents\INTERNETSPEEDTESTs 2014-04-12 14:32 - 2012-10-19 03:23 - 00068440 _____ () C:\Users\Alfred\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-12 13:21 - 2012-11-06 15:13 - 00000000 ____D () C:\Users\Alfred\Documents\FINANZEN 2014-04-12 13:19 - 2013-08-30 11:42 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4 2014-04-12 13:17 - 2014-04-12 13:17 - 00000000 ____D () C:\Users\Alfred\Downloads\OpenOffice 4.0.1 (de) Installation Files 2014-04-12 13:15 - 2014-04-12 13:12 - 163606685 _____ () C:\Users\Alfred\Downloads\Apache_OpenOffice_4.0.1_Win_x86_install_de.exe 2014-04-12 12:25 - 2012-11-13 17:37 - 00000000 ____D () C:\Users\Alfred\Documents\iPad 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieUserList 2014-04-12 08:51 - 2014-04-12 08:51 - 00000000 __SHD () C:\Users\Alfred\AppData\Local\EmieSiteList 2014-04-12 08:48 - 2013-01-02 11:23 - 00000000 ____D () C:\Users\Alfred\Documents\iPAD reading 2014-04-12 03:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-12 03:21 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-04-12 02:52 - 2013-10-29 22:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-04-11 21:03 - 2012-10-18 18:18 - 01593956 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-04-11 21:01 - 2014-04-10 21:01 - 00001912 _____ () C:\Windows\epplauncher.mif 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client 2014-04-11 21:01 - 2012-10-18 18:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client 2014-04-11 20:58 - 2013-09-23 12:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-11 20:58 - 2012-10-18 16:08 - 00001309 _____ () C:\Users\Alfred\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-04-11 11:03 - 2014-04-11 11:03 - 00000000 ____D () C:\Users\Alfred\Documents\Neuer Ordner 2014-04-11 08:01 - 2012-11-08 13:12 - 00082432 ___SH () C:\Users\Alfred\Thumbs.db 2014-04-11 07:37 - 2014-04-11 07:37 - 18277248 _____ (pdfforge ) C:\Users\Alfred\Downloads\PDFCreator-1_7_2_setup.exe 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\zh-HK 2014-04-10 23:41 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\tr-TR 2014-04-10 21:51 - 2014-04-10 21:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2014-04-10 21:51 - 2014-04-10 21:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2014-04-10 21:51 - 2014-04-10 21:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2014-04-10 21:51 - 2014-04-10 21:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2014-04-10 21:51 - 2014-04-10 21:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-04-10 21:51 - 2014-04-10 21:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2014-04-10 21:49 - 2014-04-10 21:49 - 00550371 _____ () C:\Users\Alfred\Downloads\Autoruns.zip 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-04-10 21:31 - 2013-05-26 17:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-04-10 21:06 - 2013-08-04 12:19 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-10 20:44 - 2013-04-17 17:33 - 00000000 ____D () C:\Users\Alfred\Documents\PW 2014-04-10 11:48 - 2014-04-10 11:48 - 00000000 ____D () C:\Program Files\iPod 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files\iTunes 2014-04-10 11:48 - 2014-04-10 11:47 - 00000000 ____D () C:\Program Files (x86)\iTunes 2014-04-10 11:48 - 2013-10-05 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2014-04-10 11:27 - 2014-04-10 11:28 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 11:27 - 2014-04-10 11:28 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-10 11:27 - 2013-06-25 17:38 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-10 11:25 - 2014-04-10 11:25 - 00000000 ____D () C:\Program Files (x86)\QuickTime 2014-04-10 11:24 - 2012-10-26 08:22 - 00000000 ____D () C:\ProgramData\Apple 2014-04-10 11:20 - 2014-04-10 11:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-04-10 11:20 - 2014-04-10 11:20 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-04-10 11:02 - 2012-10-25 14:53 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-04-10 11:02 - 2012-10-25 14:53 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-04-03 09:51 - 2014-04-21 20:19 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-21 20:19 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2014-04-21 20:19 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-31 03:51 - 2012-10-18 17:36 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-19 10:20 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-04-2014 01
Ran by Alfred at 2014-04-21 21:00:42
Running from C:\Users\Alfred\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Acronis Drive Monitor (HKLM-x32\...\{706AE61D-40A4-4F50-8359-FE8F6F7FA461}) (Version: 1.0.566 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM-x32\...\{8F9B1C8E-F50E-4139-8701-45016021E102}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\{28ADCCAD-3C23-44A1-A93F-47AA176F7AD7}) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
aerofly Flug Simulator 2013 (HKLM-x32\...\aerofly Flug Simulator 2013_is1) (Version: 1.0.9.11 - IPACS)
AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.898.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{2748FDE2-7BA8-1D20-11A2-FF01CEB009A5}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden
CheckDrive (HKLM-x32\...\{B83513EC-2E4D-4621-816D-4CCF397BE702}_is1) (Version: 4.4 - Abelssoft)
D4300 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.44 - DivX, LLC)
DJ_SF_03_D4300_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
doPDF 7.3 printer (HKLM\...\doPDF 7 printer_is1) (Version: - Softland)
Elevated Installer (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Free Download Manager 3.9.2 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG)
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.5.4 - Ellora Assets Corporation)
Garmin Express (HKLM-x32\...\{bd9bc494-8cd2-4ae2-92fe-6a3dda9c3ee9}) (Version: 2.2.17 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin Update Service (x32 Version: 2.2.17 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
Google Earth (HKLM-x32\...\{96AD3B61-EAE2-11E2-9E72-B8AC6F98CCE3}) (Version: 7.1.1.1888 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{D1D4D7EA-62B8-4665-9FF7-02A91B925CC9}) (Version: 1.0.18.74 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet D4300 Printer Driver Software 13.0 Rel. 3 (HKLM\...\{382300D4-777B-4233-A98C-99EA0F6B881F}) (Version: 13.0 - HP)
HP Imaging Device Functions 14.5 (HKLM\...\HP Imaging Device Functions) (Version: 14.5 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Scanjet G4050 (HKLM\...\{0A9FC1DA-46F7-4305-A4EF-FDCA8D9B1A5A}) (Version: 14.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.001 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
hpg4050 (x32 Version: 140.000.000.000 - Ihr Firmenname) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Image Resizer Powertoy Clone for Windows (64 bit) (HKLM\...\{C862EC05-1C15-4327-B15D-C7788D6CFF73}) (Version: 2.1.1 - Brice Lambson)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Motocross Madness 2 (HKLM-x32\...\Motocross Madness 2) (Version: - )
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.4.0 (x86 de)) (Version: 24.4.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
OCR Software by I.R.I.S. 14.5 (HKLM\...\HPOCR) (Version: 14.5 - HP)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Editor 3 (HKLM-x32\...\PDF Editor 3) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.47.714.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Scan (x32 Version: 14.0.1.0 - Hewlett-Packard) Hidden
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Steganos Safe 14 (HKLM-x32\...\{13B7FBFB-622E-4002-8570-594798E6167D}) (Version: 14.1 - Steganos Software GmbH)
TeamViewer 7 (HKLM-x32\...\TeamViewer 7) (Version: 7.0.17271 - TeamViewer)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
Unlocker 1.9.1-x64 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Video Converter (HKCU\...\Video Converter) (Version: - )
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
VMLite Workstation (HKLM\...\{197F2BEF-2705-406E-8CEB-8E404FFFE414}) (Version: 3.2.6 - VMLite)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Win2PDF 7 (HKLM\...\Win2PDF_is1) (Version: 7.0.46 - Dane Prairie Systems, LLC.)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinPatrol (HKLM\...\{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}) (Version: 28.9.2013.0 - BillP Studios)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
17-04-2014 06:10:55 Geplanter Prüfpunkt
19-04-2014 15:23:58 Removed Safari
19-04-2014 15:37:56 Windows Update
19-04-2014 18:02:00 TuneUp Utilities 2014 wird entfernt
19-04-2014 18:02:29 TuneUp Utilities 2014 (de-DE) wird entfernt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-09-14 20:29 - 00447822 ____N C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³
127.0.0.1 032439.com
127.0.0.1 0Scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 Gadgets And More
127.0.0.1 1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com
There are 1000 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {000040EA-D13A-480E-815A-A08C46AE3B6E} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {0CCC0779-DB8C-444E-87A0-BEB43185DB23} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {1F321B00-B617-46E8-8513-9088F6554D5A} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {1F4C70B3-EBFE-4423-95DC-579F15A4862F} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/test-pass.html?aaa=KICMNJGMJJHMLJJJGMLMCNHMNJJJMMCNLMPMKJMMCNGMLJOMKMCNMJMMNJMMMJKJGMGMJMKMLMMJJNJICMIMCNHMCNMMFMGMCNPMCNHMOMOMNMFMJMCNOMCNIMJMPMOMCNNMJNPICMJMFMOMOMKJIJMIFMPMJNHICMOMOMKJIJMIJNBJCMOLDJJJNIKJLJJNKJCMJNNICMJNDJCMLJKJ"
Task: {23099809-819F-469F-8DB5-3EFD2534E9B4} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {332D6A73-4E79-4CA0-9C30-D2655B231956} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {44656418-5D1E-492A-992A-B224072B7A81} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-20] (Adobe Systems Incorporated)
Task: {5A591FB1-F812-4478-8026-1B7DA49291F5} - System32\Tasks\Run RoboForm Process => C:\Users\Alfred\AppData\Local\Temp\RoboForm\RoboTaskBarIcon.exe <==== ATTENTION
Task: {72F1B8EC-A588-497D-BC8F-757BD6464D70} - \BitGuard No Task File <==== ATTENTION
Task: {78C9B58F-51F0-40DD-9A04-A27497777A09} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {824BD8CB-B6DD-446F-96BA-FE8507930347} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {95EB926D-69B0-44F2-9D5B-AFF786B57F10} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2013-11-20] (Apple Inc.)
Task: {C31010AC-5310-4E13-AF62-AD4309F3D4AC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CE999383-AEDF-4DEA-A2AF-988A1730AA8F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {D126D102-4CB1-4374-A5AE-FEE4D8DA3E78} - System32\Tasks\Abelssoft\CheckDriveBackgroundGuard => C:\Program Files (x86)\CheckDrive\CheckDriveBackgroundGuard.exe [2013-10-10] (Abelssoft)
Task: {D7CCB75D-1289-4754-9151-A5D5ECA0BB65} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D9F4CB9B-2350-4982-9683-4050DC5D0BD0} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-25] (Google Inc.)
Task: {E6BE1A89-7142-4A29-B4F9-1D52A11FB7CF} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => C:\PROGRA~2\AD-AWA~1\AdAwareLauncher.exe
Task: {FFC5DB78-D476-4DD5-AD76-459991BBBD4A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-344976508-2612026722-1020238545-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2012-10-25 21:50 - 2011-06-07 10:35 - 00074016 _____ () C:\Windows\System32\win2pdfm.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2010-11-17 15:00 - 2010-11-17 15:00 - 00220672 _____ () C:\Program Files (x86)\Steganos Safe 14\ShellExtension.dll
2013-09-07 14:02 - 2013-10-10 15:06 - 00020608 _____ () C:\Program Files (x86)\CheckDrive\AbStartManager.dll
2013-07-04 10:18 - 2013-10-10 15:06 - 00017024 _____ () C:\Program Files (x86)\CheckDrive\AbMessages.dll
2013-07-22 10:22 - 2013-07-22 10:22 - 00009728 _____ () C:\Program Files (x86)\Garmin\Express Tray\Garmin.Cartography.MapUpdate.Device.DataTypes.dll
2011-02-24 19:07 - 2011-02-24 19:07 - 00470120 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm_tray.exe
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2012-11-06 10:23 - 2011-05-26 15:14 - 00685976 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\HPSSBackupMonitor.exe
2010-08-11 14:18 - 2010-08-11 14:18 - 00202344 _____ () C:\VXP\VBoxDDU.dll
2010-08-11 14:18 - 2010-08-11 14:18 - 02725480 _____ () C:\VXP\VBoxRT.dll
2009-03-26 22:03 - 2009-03-26 22:03 - 01289728 _____ () C:\VXP\LIBEAY32.dll
2011-02-24 19:05 - 2011-02-24 19:05 - 03518032 _____ () C:\Program Files (x86)\Acronis\DriveMonitor\adm.exe
2014-01-20 13:17 - 2014-01-20 13:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 13:16 - 2014-01-20 13:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2013-09-21 08:27 - 2013-07-15 19:29 - 00620718 ____N () C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
2011-02-24 18:39 - 2011-02-24 18:39 - 00012128 _____ () C:\Program Files (x86)\Common Files\Acronis\DriveMonitor\Common\icudt38.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-11-06 10:23 - 2010-04-26 15:30 - 00090112 _____ () C:\Users\Alfred\AppData\Roaming\HP SimpleSave Application\FileMapInfoDB.dll
2014-04-19 18:25 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0523.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0543.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\- Alfred Gruetzner (a_gruetzner@yahoo.de) - 2014-02-23 0552.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Diesen Hai können Sie vom Büro aus jagen.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Mani Juerg mail 24.5.05. Re_ Swissair - Option 96_2000.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\nico.eml:OECustomProperty
AlternateDataStreams: C:\Users\Alfred\Documents\Rat vom Experten gegen Schnarchen.eml:OECustomProperty
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/21/2014 08:52:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:12:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "M:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (04/21/2014 08:09:42 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "FreemakeVideoCapture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/21/2014 08:58:34 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FreemakeVideoCapture erreicht.
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/20/2014 04:54:28 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/20/2014 00:20:08 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk7\DR7 gefunden.
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 06:33:56 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (04/19/2014 05:28:19 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht.
Microsoft Office Sessions:
=========================
Error: (04/21/2014 08:52:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:12:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 05:43:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/21/2014 08:59:30 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: )
Description: M:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (04/20/2014 04:54:44 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 00:30:03 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestE:\PROGRAMME downloads DellPCsetups\SoftonicDownloader_for_vlc-media-player.exe
Error: (04/20/2014 00:24:58 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/20/2014 05:51:15 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/19/2014 06:34:29 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 26%
Total physical RAM: 8119.05 MB
Available physical RAM: 5974.67 MB
Total Pagefile: 16236.28 MB
Available Pagefile: 13939.9 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:465.66 GB) (Free:28.8 GB) NTFS
Drive d: (Daten2) (Fixed) (Total:232.88 GB) (Free:19.74 GB) NTFS
Drive e: () (Fixed) (Total:931.51 GB) (Free:873.91 GB) NTFS
Drive l: (KINGSTON) (Removable) (Total:14.4 GB) (Free:5.47 GB) FAT32
Drive m: (HP SimpleSave) (Fixed) (Total:930.86 GB) (Free:0 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C4CD6244)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: D20CD20C)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (Size: 932 GB) (Disk ID: 873A0A01)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 7 (Size: 931 GB) (Disk ID: 0002E5E5)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 8 (Size: 14 GB) (Disk ID: 4E6F2201)
Partition 1: (Active) - (Size=14 GB) - (Type=0B)
==================== End Of Log ============================
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
21.04.2014, 20:12
| #12 |
| | Kann Youtube videos nicht abspielen Hi, du hast doppelt gepostet und das MBAM Log fehlt. Virustotal - Free Online Scan Da auf "Wählen Sie eine" und dann in das Verzeichnis der oben genannten Dateien navigieren, ich weiß aber jetzt schon was rauskommt. |
|
21.04.2014, 20:24
| #13 |
| | Kann Youtube videos nicht abspielen oh, sorry wegen dem MBAM log, hier ist es. Wieder doppelt gepostet? es heisst da oben in einer Zeile immer, ich könne erst nach 40 Sekunden die Antwort schicken und dann habe ich nach 40 Sekunden dies auch getan. Ergibt das dann eine Doppelantwort, wenn ich dann nochmals auf "antworten" klicke? Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 21.04.2014 Suchlauf-Zeit: 20:45:55 Logdatei: antimalware log.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.21.05 Rootkit Datenbank: v2014.03.27.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alfred Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 263415 Verstrichene Zeit: 22 Min, 41 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, In Quarantäne, [ce321be59b6519e75c9854f8ed1549b7], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.OpenCandy, C:\Users\Alfred\AppData\Roaming\OpenCandy, In Quarantäne, [42be59a7e9178f71614f6af5719107f9], PUP.Optional.OpenCandy, C:\Users\Alfred\AppData\Roaming\OpenCandy\62D2977A561B44E5915D780FF9C6716D, In Quarantäne, [42be59a7e9178f71614f6af5719107f9], PUP.Optional.OpenCandy, C:\Users\Alfred\AppData\Roaming\OpenCandy\D35AF99242CA4F7EB05B589D0221C010, In Quarantäne, [42be59a7e9178f71614f6af5719107f9], Dateien: 10 PUP.Optional.Conduit.A, C:\Users\Alfred\AppData\Roaming\OpenCandy\62D2977A561B44E5915D780FF9C6716D\sp-downloader.exe, In Quarantäne, [30d0ea16d0304cb4cade27f0b24f25db], PUP.Optional.SearchProtect.A, C:\Users\Alfred\AppData\Local\Temp\nshB87B.exe, In Quarantäne, [689888787e82c33db4c9c064de23fd03], PUP.Optional.SearchProtect.A, C:\Users\Alfred\AppData\Local\Temp\nshE105.exe, In Quarantäne, [b947f01059a71fe1f8854fd5be434db3], PUP.Optional.SearchProtect.A, C:\Users\Alfred\AppData\Local\Temp\nshE460.exe, In Quarantäne, [3cc4c83840c06799017cf1331ce5c040], PUP.Optional.SearchProtect.A, C:\Users\Alfred\AppData\Local\Temp\nswBC33.exe, In Quarantäne, [42bebd43a35dd828196465bfdb26cd33], PUP.Optional.SearchProtect.A, C:\Users\Alfred\AppData\Local\Temp\nsy6250.exe, In Quarantäne, [ae52cc34d42c5aa63b423be9d42dee12], PUP.Optional.Conduit.A, C:\Users\Alfred\AppData\Local\Temp\nsw57A5\SpSetup.exe, In Quarantäne, [ad535ca4fa069769f67678a116eb4db3], PUP.Optional.Conduit.A, C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\f9e1lb4p.default-1397924871496\searchplugins\conduit-search.xml, In Quarantäne, [c7395ba5a65ac040f2e7caaa659d639d], PUP.Optional.DiamonData.A, C:\Users\Alfred\AppData\Roaming\Mozilla\Firefox\Profiles\3nxitfyj.default\extensions\firefox@diamondata.net.xpi, In Quarantäne, [52ae10f019e7b84810d6462ecc3612ee], PUP.Optional.OpenCandy, C:\Users\Alfred\AppData\Roaming\OpenCandy\D35AF99242CA4F7EB05B589D0221C010\Trial-14.0.1000.89_de-DE_1004743_CH-DE-1.exe, In Quarantäne, [42be59a7e9178f71614f6af5719107f9], Physische Sektoren: 0 (No malicious items detected) (end)
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
21.04.2014, 20:27
| #14 | |
| | Kann Youtube videos nicht abspielenZitat:
Ich warte noch auf die Auswertung der Dateien, Link dahin dann bitte posten. |
|
21.04.2014, 21:10
| #15 |
| | Kann Youtube videos nicht abspielen Keckrem, hier die links zur ersten Datei C:\Program Files\Unlocker\UnlockerDriver5.sys 1.analyse https://www.virustotal.com/de/file/ca7176fc219515d58dcfa66ec61880ece5617275c9b83701bb74d8b60e733d34/analysis/ 2.reanalyse https://www.virustotal.com/de/file/ca7176fc219515d58dcfa66ec61880ece5617275c9b83701bb74d8b60e733d34/analysis/1398110566/ die zweite Datei ist unauffindbar! (obwohl ich den versteckten ordner AppData gefunden habe) C:\Users\Alfred\AppData\Local\Temp\ALSysIO64.sys Nun danke ich Dir noch einmal für Deine supersuper Hilfe. Es ist kaum zu glauben, wie gut dieses Trojanerboard funktioniert! Wie kann ich Dir persönlich eine Spende zugute kommen lassen? Treffen wir uns morgen wieder?. Gruss Alfred
__________________ Suche nicht das Glueck - lebe es (Buddha) |
|
Linear-Darstellung
