Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Windows 8.1: Firefox ruft falsche Internetseiten auf

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 04.06.2014, 08:11   #1
Widukin5
 
Windows 8.1: Firefox ruft falsche Internetseiten auf - Standard

Windows 8.1: Firefox ruft falsche Internetseiten auf



Hallo zusammen,

bin neu hier und hoffe ich habe die Hilfe korrekt abgearbeitet...

Seit ein paar Tagen ruft Firefox (30.0) sporadisch falsche Internetseiten auf.
So kann es bei einem Link den man anklickt vorkommen. Dies führt meist auf eine Seite wie hide.me, hide.ms oder sowas ähnliches.

Gebe ich in der Adresszeile eine Internetadresse ein, bzw rufe ein Lesezeichen auf, so komme ich meist auf eine Shoppingseite.

Einmal kam es auch vor, dass nacheinander im Sekundentakt verschiedene Shopping-Seiten aufgerufen wurden, immer verschiedene und ohne ein neues Fenster oder Tab dafür zu öffnen.

FRST.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by Hendrik (administrator) on ULTI on 04-06-2014 08:24:49
Running from C:\Users\Hendrik\Downloads
Platform: Windows 8.1 Pro (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
(SEIKO EPSON CORPORATION) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-Service.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-Network.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe
(BlueStack Systems) C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2870640 2012-08-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7825208 2014-01-13] (Motorola Solutions, Inc.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2353880 2013-11-01] (Microsoft Corp.)
HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [832272 2014-05-01] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2099200 2014-04-13] (Dominik Reichl)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird.lnk
ShortcutTarget: Mozilla Thunderbird.lnk -> C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com/?gd=&ctid=CT3329111&octid=EB_ORIGINAL_CTID&ISID=MD60A459E-FE3F-4187-ABC6-3B70A51D4D48&SearchSource=55&CUI=&UM=5&UP=SPF1A1F4E6-194E-4859-BB8C-84A34FE0E9F7&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xB269E509FA62CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.5
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1399364364&from=cor&uid=SanDiskXSSDXU100X128GB_122342301914&q={searchTerms}
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default
FF DefaultSearchEngine: DuckDuckGo
FF SelectedSearchEngine: DuckDuckGo
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default\Extensions\staged [2014-06-04]
FF Extension: DuckDuckGo Plus - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2014-05-25]
FF Extension: NoScript - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-06-03]
FF Extension: Adblock Edge - C:\Users\Hendrik\AppData\Roaming\Mozilla\Firefox\Profiles\o0trirr5.default\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-05-25]

==================== Services (Whitelisted) =================

R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173272 2013-11-01] (Microsoft Corp.)
R2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [402192 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2014-05-01] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [774928 2014-05-01] (BlueStack Systems, Inc.)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1593976 2012-10-19] (Samsung Electronics CO., LTD.)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-17] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3020632 2014-04-04] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [123152 2014-05-01] (BlueStack Systems)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [140600 2013-11-07] (Motorola Solutions, Inc.)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1419576 2013-12-11] (Motorola Solutions, Inc.)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-05-13] (Disc Soft Ltd)
R3 ETDSMBus; C:\Windows\System32\drivers\ETDSMBus.sys [17264 2012-08-29] (ELAN Microelectronic Corp.)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
S3 kbldfltr; C:\Windows\System32\drivers\kbldfltr.sys [22272 2013-08-23] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-02-22] (Microsoft Corporation)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [230912 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-03-13] (Microsoft Corporation)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-04 08:24 - 2014-06-04 08:24 - 00016736 _____ () C:\Users\Hendrik\Downloads\FRST.txt
2014-06-04 08:22 - 2014-06-04 08:22 - 00050477 _____ () C:\Users\Hendrik\Downloads\Defogger.exe
2014-06-04 08:22 - 2014-06-04 08:22 - 00000546 _____ () C:\Users\Hendrik\Downloads\defogger_disable.log
2014-06-04 08:22 - 2014-06-04 08:22 - 00000168 _____ () C:\Users\Hendrik\defogger_reenable
2014-06-03 21:55 - 2014-06-03 21:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-03 21:21 - 2014-06-04 08:24 - 00000000 ____D () C:\FRST
2014-06-03 21:21 - 2014-06-03 21:21 - 02068992 _____ (Farbar) C:\Users\Hendrik\Downloads\FRST64.exe
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\VS Revo Group
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-03 19:12 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2014-06-03 19:11 - 2014-03-31 18:32 - 00000000 ____D () C:\Users\Hendrik\Downloads\Revo Uninstaller Pro 3.0.8
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-06-02 17:42 - 2014-06-02 17:42 - 00000000 ____D () C:\Users\Hendrik\Downloads\winmd5free
2014-06-02 15:56 - 2014-06-02 15:56 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 15:56 - 2014-06-02 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-01 16:44 - 2014-05-16 14:04 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-06-01 16:44 - 2014-05-16 14:03 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-06-01 16:43 - 2014-06-01 16:43 - 00000000 ____D () C:\cygwin
2014-06-01 13:07 - 2014-06-01 15:51 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Notepad++
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-01 12:45 - 2014-06-01 12:45 - 00007168 ___SH () C:\Users\Hendrik\Downloads\Thumbs.db
2014-05-30 22:39 - 2014-05-30 22:39 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-05-30 21:23 - 2014-05-30 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 16:50 - 2014-05-30 16:52 - 00002080 _____ () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Masterthesis.lnk
2014-05-30 16:50 - 2014-05-30 16:52 - 00001513 _____ () C:\Users\Hendrik\Desktop\Masterthesis - Verknüpfung.lnk
2014-05-30 16:49 - 2014-05-30 16:49 - 00000000 ____D () C:\Users\Hendrik\Documents\Benutzerdefinierte Office-Vorlagen
2014-05-30 14:56 - 2014-05-30 14:56 - 00000000 __SHD () C:\Users\Hendrik\AppData\Local\EmieUserList
2014-05-30 14:56 - 2014-05-30 14:56 - 00000000 __SHD () C:\Users\Hendrik\AppData\Local\EmieSiteList
2014-05-30 14:53 - 2014-05-30 14:53 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-05-28 20:38 - 2014-05-28 21:25 - 00000000 ____D () C:\Users\Hendrik\Downloads\SystemSoftware
2014-05-28 15:22 - 2014-05-30 14:51 - 00000000 ____D () C:\Windows\LastGood
2014-05-28 15:02 - 2014-05-28 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-28 15:01 - 2014-05-28 15:01 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-28 14:58 - 2014-05-28 15:01 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 12:51 - 2014-05-28 12:51 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\SanDisk Corporation
2014-05-28 12:35 - 2014-05-28 12:35 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-05-28 12:35 - 2014-05-28 12:35 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-28 12:31 - 2014-05-28 12:31 - 00290704 _____ () C:\Windows\Minidump\052814-4468-01.dmp
2014-05-28 10:49 - 2014-05-28 11:07 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\KeePass
2014-05-28 10:47 - 2014-05-28 10:48 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-28 10:47 - 2014-05-28 10:47 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-27 16:52 - 2014-05-28 12:31 - 364866726 _____ () C:\Windows\MEMORY.DMP
2014-05-27 16:52 - 2014-05-28 12:31 - 00000000 ____D () C:\Windows\Minidump
2014-05-27 16:52 - 2014-05-27 16:52 - 00290704 _____ () C:\Windows\Minidump\052714-4953-01.dmp
2014-05-25 14:11 - 2014-05-25 14:11 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 14:04 - 2014-05-25 14:05 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-05-15 16:44 - 2014-04-18 16:57 - 00032600 _____ (Microsoft Corporation) C:\Windows\system32\ploptin.dll
2014-05-15 16:44 - 2014-04-18 16:44 - 01466856 _____ (Microsoft Corporation) C:\Windows\system32\propsys.dll
2014-05-15 16:44 - 2014-04-18 15:29 - 01200288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\propsys.dll
2014-05-15 16:44 - 2014-04-18 11:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\energyprov.dll
2014-05-15 16:44 - 2014-04-18 11:32 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-05-15 16:44 - 2014-04-18 10:58 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-05-15 16:44 - 2014-04-18 10:32 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-05-15 16:44 - 2014-04-18 10:21 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-05-15 16:44 - 2014-04-18 10:09 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-05-15 16:44 - 2014-04-18 09:51 - 00836608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFolder.dll
2014-05-15 16:44 - 2014-04-18 09:49 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-05-15 16:44 - 2014-04-14 11:20 - 00324888 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2014-05-15 16:44 - 2014-04-14 10:01 - 00285144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2014-05-15 16:44 - 2014-04-11 08:13 - 01200128 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-05-15 16:44 - 2014-04-11 06:51 - 00250368 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-05-15 16:44 - 2014-04-11 06:23 - 00209920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-05-15 16:44 - 2014-04-11 05:30 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-05-15 16:44 - 2014-04-09 13:53 - 00337240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Classpnp.sys
2014-05-15 16:44 - 2014-04-09 08:39 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2014-05-15 16:44 - 2014-04-09 07:44 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2014-05-15 16:44 - 2014-04-09 06:35 - 01411584 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 16:44 - 2014-04-09 05:33 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2014-05-15 16:44 - 2014-04-08 04:01 - 00589656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-05-15 16:44 - 2014-04-06 18:34 - 00372568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-05-15 16:44 - 2014-04-06 18:34 - 00275800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-05-15 16:44 - 2014-04-06 18:32 - 00125496 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-05-15 16:44 - 2014-04-06 18:31 - 21268952 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 16:44 - 2014-04-06 18:30 - 00201920 _____ (Microsoft Corporation) C:\Windows\system32\MSVideoDSP.dll
2014-05-15 16:44 - 2014-04-06 18:24 - 00360792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fltMgr.sys
2014-05-15 16:44 - 2014-04-06 18:20 - 02140888 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 01403856 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 01379064 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00881616 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00765408 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00609448 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00491744 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00467496 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00463256 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00364640 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00244880 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-05-15 16:44 - 2014-04-06 18:20 - 00233912 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-05-15 16:44 - 2014-04-06 18:20 - 00028408 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-05-15 16:44 - 2014-04-06 17:23 - 00098584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-05-15 16:44 - 2014-04-06 17:22 - 18755672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 16:44 - 2014-04-06 17:22 - 00178184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSVideoDSP.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 02144984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 01209616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00707048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00669856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00518544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00406504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00387896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00326024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-05-15 16:44 - 2014-04-06 17:16 - 00305768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-05-15 16:44 - 2014-04-06 16:10 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-05-15 16:44 - 2014-04-06 14:58 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-05-15 16:44 - 2014-04-06 14:51 - 00467968 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-05-15 16:44 - 2014-04-06 14:33 - 00335872 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2014-05-15 16:44 - 2014-04-06 14:24 - 00271872 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-05-15 16:44 - 2014-04-06 14:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-05-15 16:44 - 2014-04-06 13:55 - 16872448 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-05-15 16:44 - 2014-04-06 13:54 - 12711424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-05-15 16:44 - 2014-04-06 13:26 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\BootMenuUX.dll
2014-05-15 16:44 - 2014-04-06 13:20 - 00201216 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-05-15 16:44 - 2014-04-06 13:01 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-05-15 16:44 - 2014-04-06 12:52 - 00955904 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-05-15 16:44 - 2014-04-06 12:51 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-05-15 16:44 - 2014-04-06 12:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-05-15 16:44 - 2014-04-06 12:36 - 00888320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-05-15 16:44 - 2014-04-06 12:05 - 01222656 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Streaming.dll
2014-05-15 16:44 - 2014-04-06 11:59 - 00982016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Streaming.dll
2014-05-15 16:44 - 2014-04-03 10:12 - 02124840 _____ (Microsoft Corporation) C:\Windows\system32\d3d9.dll
2014-05-15 16:44 - 2014-04-03 10:12 - 00307304 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-05-15 16:44 - 2014-04-03 10:12 - 00130144 _____ (Microsoft Corporation) C:\Windows\system32\gpapi.dll
2014-05-15 16:44 - 2014-04-03 06:03 - 00230808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-05-15 16:44 - 2014-04-03 06:03 - 00111528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpapi.dll
2014-05-15 16:44 - 2014-04-03 05:53 - 01797896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d9.dll
2014-05-15 16:44 - 2014-04-03 04:53 - 04269056 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2014-05-15 16:44 - 2014-04-03 04:53 - 00677376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-05-15 16:44 - 2014-04-03 04:51 - 01584128 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-05-15 16:44 - 2014-04-03 04:23 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-05-15 16:44 - 2014-04-03 04:23 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2014-05-15 16:44 - 2014-04-03 04:23 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tlscsp.dll
2014-05-15 16:44 - 2014-04-03 04:22 - 03359744 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-05-15 16:44 - 2014-04-03 04:22 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\tlscsp.dll
2014-05-15 16:44 - 2014-04-01 08:23 - 00384856 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-05-15 16:44 - 2014-03-31 07:42 - 07425368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 16:44 - 2014-03-31 07:35 - 02518360 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-05-15 16:44 - 2014-03-31 07:35 - 00428888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-05-15 16:44 - 2014-03-31 02:41 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d8thk.dll
2014-05-15 16:44 - 2014-03-31 02:01 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-05-15 16:44 - 2014-03-31 01:43 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-05-15 16:44 - 2014-03-31 00:54 - 01308160 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-05-15 16:44 - 2014-03-31 00:49 - 01287168 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-05-15 16:44 - 2014-03-31 00:35 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-05-15 16:44 - 2014-03-31 00:11 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2014-05-15 16:44 - 2014-03-30 23:47 - 00872448 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2014-05-15 16:44 - 2014-03-28 17:58 - 00407016 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2014-05-15 16:44 - 2014-03-27 08:16 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-05-15 16:44 - 2014-03-27 07:36 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\resutils.dll
2014-05-15 16:44 - 2014-03-27 06:59 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-05-15 16:44 - 2014-03-27 06:48 - 00219136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\resutils.dll
2014-05-15 16:44 - 2014-03-27 06:19 - 00313344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-05-15 16:44 - 2014-03-27 05:46 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-05-15 16:44 - 2014-03-27 05:15 - 00718336 _____ (Microsoft Corporation) C:\Windows\system32\swprv.dll
2014-05-15 16:44 - 2014-03-27 05:10 - 01436160 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2014-05-15 16:44 - 2014-03-25 00:58 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-05-15 16:44 - 2014-03-21 06:14 - 00219136 _____ (Microsoft Corporation) C:\Windows\system32\tscfgwmi.dll
2014-05-15 16:44 - 2014-03-20 05:48 - 00263424 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-05-15 16:44 - 2014-03-20 02:51 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\gpprefcl.dll
2014-05-15 16:44 - 2014-03-20 02:44 - 06645248 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-05-15 16:44 - 2014-03-20 01:38 - 00590336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpprefcl.dll
2014-05-15 16:44 - 2014-03-20 01:33 - 05774848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-05-15 16:44 - 2014-03-19 10:15 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\wlanhlp.dll
2014-05-15 16:44 - 2014-03-19 10:07 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-05-15 16:44 - 2014-03-19 09:24 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-05-15 16:44 - 2014-03-19 09:17 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanhlp.dll
2014-05-15 16:44 - 2014-03-19 08:36 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-05-15 16:44 - 2014-03-19 07:56 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-05-15 16:44 - 2014-03-19 07:45 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-05-15 16:44 - 2014-03-19 07:19 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-05-15 16:44 - 2014-03-19 07:07 - 00370176 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-05-15 16:44 - 2014-03-19 07:02 - 01527296 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-05-15 16:44 - 2014-03-19 07:00 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-05-15 16:44 - 2014-03-19 06:51 - 00300544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-05-15 16:44 - 2014-03-19 06:31 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-05-15 16:44 - 2014-03-19 06:18 - 02688000 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-05-15 16:44 - 2014-03-18 10:19 - 00077312 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-05-15 16:44 - 2014-03-18 07:00 - 07173120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2014-05-15 16:44 - 2014-03-18 06:52 - 05104640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2014-05-15 16:44 - 2014-03-17 07:09 - 00462336 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-05-15 16:44 - 2014-03-17 06:11 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-05-15 16:44 - 2014-03-17 05:01 - 00486912 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-05-15 16:44 - 2014-03-17 04:47 - 01025024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-05-15 16:44 - 2014-03-17 04:45 - 00370176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-05-15 16:44 - 2014-03-14 08:26 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\GeofenceMonitorService.dll
2014-05-15 16:44 - 2014-03-14 08:10 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GeofenceMonitorService.dll
2014-05-15 16:44 - 2014-03-06 14:42 - 00310616 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-05-15 16:42 - 2014-05-15 16:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-14 08:41 - 2014-03-13 09:42 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\wusa.exe
2014-05-14 08:41 - 2014-03-13 08:51 - 00305152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wusa.exe
2014-05-14 08:40 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 08:40 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 08:40 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 08:40 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 08:40 - 2014-04-11 12:03 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-05-14 08:40 - 2014-04-11 12:03 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-05-14 08:40 - 2014-04-11 10:25 - 00419928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2014-05-14 08:40 - 2014-04-11 08:04 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-05-14 08:40 - 2014-04-11 07:53 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-05-14 08:40 - 2014-04-11 07:22 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-05-14 08:40 - 2014-04-11 05:54 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2014-05-14 08:40 - 2014-04-11 05:06 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-05-14 08:40 - 2014-04-11 05:05 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:40 - 2014-04-11 05:05 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-05-14 08:40 - 2014-04-11 05:02 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-14 08:40 - 2014-04-11 05:02 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-05-14 08:40 - 2014-04-11 05:01 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-05-14 08:40 - 2014-04-11 05:00 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-05-14 08:40 - 2014-04-11 04:59 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-05-14 08:40 - 2014-04-11 04:57 - 00190976 _____ (Microsoft Corporation) C:\Windows\system32\storewuauth.dll
2014-05-14 08:40 - 2014-04-11 04:56 - 00381440 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-05-14 08:40 - 2014-04-11 04:55 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-05-14 08:40 - 2014-04-11 04:53 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-05-14 08:40 - 2014-04-11 04:52 - 03464192 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-05-14 08:40 - 2014-04-11 04:46 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-05-14 08:40 - 2014-04-11 04:36 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-05-14 08:40 - 2014-04-11 04:34 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-05-14 08:40 - 2014-04-11 04:29 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-05-14 08:40 - 2014-04-11 04:25 - 00921088 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-05-14 08:40 - 2014-03-24 04:30 - 00257880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-05-14 08:40 - 2014-03-24 04:30 - 00123224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-05-14 08:40 - 2014-03-24 04:27 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-05-14 08:39 - 2014-04-09 00:46 - 00086688 _____ (Microsoft Corporation) C:\Windows\system32\mrt_map.dll
2014-05-14 08:39 - 2014-04-09 00:46 - 00028320 _____ (Microsoft Corporation) C:\Windows\system32\mrt100.dll
2014-05-14 08:39 - 2014-04-08 20:54 - 00080032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt_map.dll
2014-05-14 08:39 - 2014-04-08 20:54 - 00026784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mrt100.dll
2014-05-13 20:18 - 2014-05-13 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-05-13 20:17 - 2014-06-01 16:48 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-05-13 20:17 - 2014-05-13 20:18 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\DAEMON Tools Lite
2014-05-13 20:17 - 2014-05-13 20:17 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-13 20:17 - 2014-05-13 20:17 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-13 19:55 - 2014-05-13 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-13 19:54 - 2014-05-13 19:55 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-13 16:52 - 2014-05-14 08:39 - 00000000 ____D () C:\Users\Hendrik\Documents\Backup
2014-05-13 16:43 - 2014-05-13 16:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-13 16:43 - 2014-05-13 16:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-05-13 16:41 - 2014-05-13 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkipSoft Android ToolKit
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 11:41 - 2010-12-21 07:55 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-05-13 11:41 - 2010-12-21 07:55 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-05-13 11:39 - 2014-05-13 11:39 - 00003200 _____ () C:\Windows\System32\Tasks\{148D75C9-10E0-44EA-BAC8-FF55A9B90193}
2014-05-12 10:24 - 2014-05-12 10:24 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\EPSON
2014-05-06 17:04 - 2014-06-03 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-05-06 10:39 - 2014-05-06 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-06 10:37 - 2014-05-27 19:17 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-06 10:37 - 2014-05-06 10:37 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Bluestacks
2014-05-06 10:21 - 2014-05-06 10:21 - 00002013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00002002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00001936 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\cache
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 ____D () C:\Users\Hendrik\.android
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 _____ () C:\Users\Hendrik\daemonprocess.txt
2014-05-06 10:20 - 2014-06-03 19:06 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-06 10:20 - 2014-05-06 17:40 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-06 10:20 - 2014-05-06 10:21 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Mobogenie
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\Users\Hendrik\Documents\Mobogenie
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\SupTab
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\ProgramData\IePluginService

==================== One Month Modified Files and Folders =======

2014-06-04 08:24 - 2014-06-04 08:24 - 00016736 _____ () C:\Users\Hendrik\Downloads\FRST.txt
2014-06-04 08:24 - 2014-06-03 21:21 - 00000000 ____D () C:\FRST
2014-06-04 08:24 - 2014-04-28 17:45 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Temp
2014-06-04 08:22 - 2014-06-04 08:22 - 00050477 _____ () C:\Users\Hendrik\Downloads\Defogger.exe
2014-06-04 08:22 - 2014-06-04 08:22 - 00000546 _____ () C:\Users\Hendrik\Downloads\defogger_disable.log
2014-06-04 08:22 - 2014-06-04 08:22 - 00000168 _____ () C:\Users\Hendrik\defogger_reenable
2014-06-04 08:22 - 2014-04-28 17:52 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-202384865-1102135534-1250566676-1001
2014-06-04 08:22 - 2014-04-28 17:45 - 00000000 ____D () C:\Users\Hendrik
2014-06-04 08:00 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-06-04 07:45 - 2014-04-28 17:43 - 01267041 _____ () C:\Windows\WindowsUpdate.log
2014-06-04 07:29 - 2014-04-28 18:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-04 06:48 - 2014-04-28 17:47 - 00000000 __RDO () C:\Users\Hendrik\SkyDrive
2014-06-03 21:55 - 2014-06-03 21:55 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-06-03 21:21 - 2014-06-03 21:21 - 02068992 _____ (Farbar) C:\Users\Hendrik\Downloads\FRST64.exe
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\VS Revo Group
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\ProgramData\VS Revo Group
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2014-06-03 19:12 - 2014-06-03 19:12 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-06-03 19:12 - 2014-05-06 17:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-03 19:06 - 2014-05-06 10:20 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-06-03 12:24 - 2014-04-28 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JabRef
2014-06-03 10:41 - 2014-06-03 10:41 - 00000000 ____D () C:\Program Files (x86)\JabRef
2014-06-02 17:42 - 2014-06-02 17:42 - 00000000 ____D () C:\Users\Hendrik\Downloads\winmd5free
2014-06-02 16:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-02 15:57 - 2014-04-28 18:09 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-02 15:56 - 2014-06-02 15:56 - 00004471 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_60-b19.log
2014-06-02 15:56 - 2014-06-02 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 15:56 - 2014-04-28 18:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-01 16:48 - 2014-05-13 20:17 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-06-01 16:43 - 2014-06-01 16:43 - 00000000 ____D () C:\cygwin
2014-06-01 15:51 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Notepad++
2014-06-01 14:21 - 2014-04-28 17:46 - 01686150 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 14:21 - 2013-08-23 01:24 - 00727930 _____ () C:\Windows\system32\perfh007.dat
2014-06-01 14:21 - 2013-08-23 01:24 - 00151586 _____ () C:\Windows\system32\perfc007.dat
2014-06-01 14:15 - 2014-04-28 17:59 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-01 14:15 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 14:15 - 2013-08-22 15:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-06-01 13:18 - 2014-04-28 17:45 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\VirtualStore
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2014-06-01 13:07 - 2014-06-01 13:07 - 00000000 ____D () C:\Program Files (x86)\Notepad++
2014-06-01 12:46 - 2014-05-02 14:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FAUDES
2014-06-01 12:46 - 2014-05-02 13:07 - 00000000 ____D () C:\FAUDES
2014-06-01 12:45 - 2014-06-01 12:45 - 00007168 ___SH () C:\Users\Hendrik\Downloads\Thumbs.db
2014-05-31 22:11 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-05-31 14:58 - 2014-04-28 20:50 - 00000000 ___RD () C:\Users\Hendrik\Dropbox
2014-05-31 13:11 - 2014-04-28 20:49 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\DropboxMaster
2014-05-31 13:11 - 2014-04-28 20:46 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Dropbox
2014-05-30 22:39 - 2014-05-30 22:39 - 00000180 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-05-30 22:39 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\tracing
2014-05-30 22:24 - 2014-04-28 20:48 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-30 21:23 - 2014-05-30 21:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-30 20:26 - 2014-04-28 17:45 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Packages
2014-05-30 16:52 - 2014-05-30 16:50 - 00002080 _____ () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Masterthesis.lnk
2014-05-30 16:52 - 2014-05-30 16:50 - 00001513 _____ () C:\Users\Hendrik\Desktop\Masterthesis - Verknüpfung.lnk
2014-05-30 16:50 - 2014-04-30 17:30 - 00260608 ___SH () C:\Users\Hendrik\Desktop\Thumbs.db
2014-05-30 16:49 - 2014-05-30 16:49 - 00000000 ____D () C:\Users\Hendrik\Documents\Benutzerdefinierte Office-Vorlagen
2014-05-30 14:56 - 2014-05-30 14:56 - 00000000 __SHD () C:\Users\Hendrik\AppData\Local\EmieUserList
2014-05-30 14:56 - 2014-05-30 14:56 - 00000000 __SHD () C:\Users\Hendrik\AppData\Local\EmieSiteList
2014-05-30 14:54 - 2014-04-28 20:54 - 00016434 _____ () C:\Windows\system32\results.xml
2014-05-30 14:53 - 2014-05-30 14:53 - 00000451 _____ () C:\Windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-05-30 14:53 - 2014-04-28 20:51 - 00000724 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel(R) HD Graphics Control Panel.lnk
2014-05-30 14:52 - 2014-04-28 17:52 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-30 14:52 - 2013-08-22 16:46 - 00025414 _____ () C:\Windows\setupact.log
2014-05-30 14:51 - 2014-05-28 15:22 - 00000000 ____D () C:\Windows\LastGood
2014-05-28 21:25 - 2014-05-28 20:38 - 00000000 ____D () C:\Users\Hendrik\Downloads\SystemSoftware
2014-05-28 20:35 - 2014-04-29 08:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-28 15:02 - 2014-05-28 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-05-28 15:01 - 2014-05-28 15:01 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-05-28 15:01 - 2014-05-28 14:58 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-28 12:51 - 2014-05-28 12:51 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\SanDisk Corporation
2014-05-28 12:35 - 2014-05-28 12:35 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NirSoft BlueScreenView
2014-05-28 12:35 - 2014-05-28 12:35 - 00000000 ____D () C:\Program Files (x86)\NirSoft
2014-05-28 12:31 - 2014-05-28 12:31 - 00290704 _____ () C:\Windows\Minidump\052814-4468-01.dmp
2014-05-28 12:31 - 2014-05-27 16:52 - 364866726 _____ () C:\Windows\MEMORY.DMP
2014-05-28 12:31 - 2014-05-27 16:52 - 00000000 ____D () C:\Windows\Minidump
2014-05-28 11:07 - 2014-05-28 10:49 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\KeePass
2014-05-28 10:48 - 2014-05-28 10:47 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2014-05-28 10:47 - 2014-05-28 10:47 - 00001129 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeePass 2.lnk
2014-05-27 19:17 - 2014-05-06 10:37 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-05-27 16:52 - 2014-05-27 16:52 - 00290704 _____ () C:\Windows\Minidump\052714-4953-01.dmp
2014-05-25 14:11 - 2014-05-25 14:11 - 00001171 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-25 14:06 - 2014-04-28 17:40 - 00005862 _____ () C:\Windows\PFRO.log
2014-05-25 14:05 - 2014-05-25 14:04 - 00000000 ____D () C:\Windows\LastGood.Tmp
2014-05-24 17:41 - 2014-04-28 18:10 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-24 17:41 - 2014-04-28 18:08 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Adobe
2014-05-24 17:36 - 2014-04-28 18:16 - 00000000 ____D () C:\Users\Hendrik\SystemRequirementsLab
2014-05-24 17:36 - 2014-04-28 18:16 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-05-18 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-05-16 14:04 - 2014-06-01 16:44 - 00254240 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2014-05-16 14:03 - 2014-06-01 16:44 - 00128288 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2014-05-16 14:03 - 2014-05-16 14:03 - 00141600 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys
2014-05-15 17:08 - 2014-04-28 17:45 - 00000000 ___RD () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-15 17:08 - 2014-04-28 17:45 - 00000000 ___RD () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 17:08 - 2013-08-22 16:44 - 00409904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-15 17:07 - 2013-08-22 17:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-15 17:07 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-05-15 16:47 - 2014-04-28 22:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-05-15 16:47 - 2014-04-28 22:16 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-15 16:47 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-05-15 16:42 - 2014-05-15 16:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-05-15 08:41 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\SecureBootUpdates
2014-05-14 09:56 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-05-14 09:53 - 2014-04-28 18:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 09:52 - 2014-04-28 18:31 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 08:39 - 2014-05-13 16:52 - 00000000 ____D () C:\Users\Hendrik\Documents\Backup
2014-05-13 20:18 - 2014-05-13 20:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
2014-05-13 20:18 - 2014-05-13 20:17 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\DAEMON Tools Lite
2014-05-13 20:17 - 2014-05-13 20:17 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2014-05-13 20:17 - 2014-05-13 20:17 - 00000000 ____D () C:\Program Files (x86)\DAEMON Tools Lite
2014-05-13 19:55 - 2014-05-13 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-05-13 19:55 - 2014-05-13 19:54 - 00000000 ____D () C:\Program Files\7-Zip
2014-05-13 16:43 - 2014-05-13 16:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-05-13 16:43 - 2014-05-13 16:43 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUSB_01007.Wdf
2014-05-13 16:41 - 2014-05-13 16:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SkipSoft Android ToolKit
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-13 12:08 - 2014-05-13 12:08 - 00000000 ____D () C:\Program Files\WinRAR
2014-05-13 11:40 - 2014-04-29 08:27 - 00000000 ____D () C:\Program Files\Samsung
2014-05-13 11:39 - 2014-05-13 11:39 - 00003200 _____ () C:\Windows\System32\Tasks\{148D75C9-10E0-44EA-BAC8-FF55A9B90193}
2014-05-13 11:39 - 2014-04-29 08:27 - 00000000 ____D () C:\ProgramData\Samsung
2014-05-13 09:22 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-05-12 10:24 - 2014-05-12 10:24 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\EPSON
2014-05-07 15:02 - 2014-04-28 18:09 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-07 14:59 - 2014-04-28 18:09 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-05-07 14:59 - 2014-04-28 18:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-05-07 14:58 - 2014-04-28 18:09 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-05-06 17:40 - 2014-05-06 10:20 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-05-06 11:49 - 2014-04-29 08:41 - 00046628 _____ () C:\Windows\DPINST.LOG
2014-05-06 10:39 - 2014-05-06 10:39 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\ProgramData\BlueStacks
2014-05-06 10:38 - 2014-05-06 10:38 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
2014-05-06 10:38 - 2013-08-22 17:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-06 10:37 - 2014-05-06 10:37 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Bluestacks
2014-05-06 10:21 - 2014-05-06 10:21 - 00002013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00002002 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00001936 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\cache
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 ____D () C:\Users\Hendrik\.android
2014-05-06 10:21 - 2014-05-06 10:21 - 00000000 _____ () C:\Users\Hendrik\daemonprocess.txt
2014-05-06 10:21 - 2014-05-06 10:20 - 00000000 ____D () C:\Users\Hendrik\AppData\Local\Mobogenie
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\Users\Hendrik\Documents\Mobogenie
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\Users\Hendrik\AppData\Roaming\SupTab
2014-05-06 10:20 - 2014-05-06 10:20 - 00000000 ____D () C:\ProgramData\IePluginService
2014-05-06 06:40 - 2014-05-14 08:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:25 - 2014-05-14 08:40 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:00 - 2014-05-14 08:40 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 08:40 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Some content of TEMP:
====================
C:\Users\Hendrik\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgwllrt.dll
C:\Users\Hendrik\AppData\Local\Temp\JDSetup130438379061291696.exe
C:\Users\Hendrik\AppData\Local\Temp\nsgDF17.exe
C:\Users\Hendrik\AppData\Local\Temp\nsj826B.exe
C:\Users\Hendrik\AppData\Local\Temp\nskDC28.exe
C:\Users\Hendrik\AppData\Local\Temp\nslABCD.exe
C:\Users\Hendrik\AppData\Local\Temp\nsnAEDC.exe
C:\Users\Hendrik\AppData\Local\Temp\ose00000.exe
C:\Users\Hendrik\AppData\Local\Temp\xmlUpdater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-15 16:44] - [2014-03-28 17:58] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-15 16:44] - [2014-03-06 14:42] - 0310616 ___AC (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-06-03 08:36

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Addition.txt:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-06-2014
Ran by Hendrik at 2014-06-04 08:25:10
Running from C:\Users\Hendrik\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.347.0 - Microsoft Corporation)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{4C02AFA8-074D-44FE-B0E1-A73D4AA65390}) (Version: 0.8.9.3088 - BlueStack Systems, Inc.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5A06C25A-366E-46CC-880E-3F904B634E9E}) (Version:  - Microsoft)
DESTool 0.76 32bit (HKLM-x32\...\{21DE0516-4938-4621-9995-6A5EF2BDE2FF}}_is1) (Version: 0.76 - )
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
ETDWare PS/2-X64 11.7.4.3_WHQL (HKLM\...\Elantech) (Version: 11.7.4.3 - ELAN Microelectronic Corp.)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36702 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology(patch version 17.0.1412.3) (HKLM\...\{302600C1-6BDF-4FD1-1401-148929CC1385}) (Version: 17.0.1401.0428 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
JabRef 2.10 (HKLM-x32\...\JabRef 2.10) (Version: 2.10 - JabRef Team)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.60.19 - Oracle, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
KeePass Password Safe 2.26 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.26 - Dominik Reichl)
Kits Configuration Installer (x32 Version: 8.100.25984 - Microsoft) Hidden
libFAUDES 2.23 32bit (HKLM-x32\...\libFAUDES_is1) (Version: 2.23 - )
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
MiKTeX 2.9 (HKLM\...\MiKTeX 2.9) (Version: 2.9 - MiKTeX.org)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
NirSoft BlueScreenView (HKLM-x32\...\NirSoft BlueScreenView) (Version:  - )
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.3 - Notepad++ Team)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Revo Uninstaller Pro 3.0.8 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.8 - VS Revo Group, Ltd.)
S Agent (Version: 1.1.47 - Samsung Electronics CO., LTD.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.5.0 - SAMSUNG Electronics Co., Ltd.)
SDK Debuggers (x32 Version: 8.100.26629 - Microsoft Corporation) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Settings (HKLM-x32\...\{52E5DE60-C96B-42CC-9A37-FE04725940AE}) (Version: 2.0.0 - Samsung Electronics CO., LTD.)
SW Update (HKLM-x32\...\{D2B5F1E3-EA56-4D84-A453-A213B32974CB}) (Version: 2.1.25 - Samsung Electronics CO., LTD.)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
TeXnicCenter Version 2.02 Stable (HKLM\...\TeXnicCenter_is1) (Version: 2.02 Stable - The TeXnicCenter Team)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2880475) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{4BC9BBF4-A2FB-4DBA-ABEA-5526E62E3B4D}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2880980) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E5ADC5AD-C469-4A96-A3F7-0D4644CF54FC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C4AEA56A-0759-4D08-9FAB-31A92137D0B8}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{327EABFD-EDD3-44E7-AB47-7592DF33B719}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{50F31E04-D56A-4159-BF36-CF3CE27DB30C}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{88B29AA5-71EE-4692-91E2-E89407F0B783}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D3FC5B59-0F86-4B9A-94DF-FC213DF4FA63}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0016-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880482) 64-Bit Edition (HKLM\...\{90150000-0090-0407-1000-0000000FF1CE}_Office15.PROPLUS_{FB1E57CA-A425-48F5-B882-CFC0793823AE}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00BA-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2880480) 64-Bit Edition (HKLM\...\{90150000-00C1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{663B7CD7-32AE-4AB5-8E20-12C0FA6963D4}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00A1-0407-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9367C385-2EF9-4BE3-8351-7D2AB0798A57}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2878315) 64-Bit Edition (HKLM\...\{90150000-0018-0407-1000-0000000FF1CE}_Office15.PROPLUS_{95F0CF54-BC3E-4C6F-B11D-89D6D8C6452E}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 64-Bit Edition (HKLM\...\{90150000-0019-0407-1000-0000000FF1CE}_Office15.PROPLUS_{03B2C707-503D-4979-8322-CA92C45AD6B4}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0407-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001A-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-001B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2880455) 64-Bit Edition (HKLM\...\{90150000-012B-0407-1000-0000000FF1CE}_Office15.PROPLUS_{302A5BF1-9DB4-4204-988C-53073C15EF67}) (Version:  - Microsoft)
Windows Software Development Kit EULA (x32 Version: 8.100.25984 - Microsoft Corporations) Hidden
Windows Software Development Kit for Windows 8.1 (HKLM-x32\...\{25981ccc-475f-4b68-850b-89d3fc287ff1}) (Version: 8.100.26695 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

01-06-2014 14:11:20 Revo Uninstaller's restore point - SanDisk SSD Toolkit 1.0.0.1
03-06-2014 17:14:54 Revo Uninstaller Pro's restore point - Oracle VM VirtualBox 4.3.12

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0A4D2512-BF38-41D8-A2C7-51A8EDBDEDD4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-24] (Adobe Systems Incorporated)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {3065EF95-D6AD-427E-BAE1-AB588B492CE9} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3539CB60-E107-4D6D-9B74-2C0647D67CF3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {47AE3A74-5DE3-426E-94F1-3B0E43F02219} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {58E4644C-F14C-4575-A033-E601D85CB2AD} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5B8F79CE-3709-4C21-94BA-A25E75EF9017} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-03-19] (Samsung Electronics CO., LTD.)
Task: {67113FD6-8F79-4451-B832-51AFCCF1FDA7} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {80DDA3C1-5255-49A5-B26E-FDB50B27EE48} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-05-14] (Microsoft Corporation)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {8E03FEEA-1BB5-4B34-91D3-A78521CF1FF5} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {9C24E6F5-F272-44F0-BB39-65A75DA52A10} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-10-19] (Samsung Electronics CO., LTD.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {C27A84E9-C6C1-4AEF-BF01-2BF757B11850} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E4DA59B1-E858-42C4-8330-64A5506CA6C7} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F9D4D621-96F6-48B4-A57A-2EFD74EDA68F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2012-10-19 16:34 - 2012-10-19 16:34 - 00085112 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-05-12 11:49 - 2014-05-12 11:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-03-07 09:21 - 2014-03-07 09:21 - 00080312 _____ () C:\Windows\system32\IGFXEXPS.DLL
2014-03-19 11:41 - 2014-03-19 11:41 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2014-04-29 17:17 - 2012-06-25 10:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 01055352 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2014-05-30 21:23 - 2014-05-30 21:23 - 03853936 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00110200 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-10-19 16:34 - 2012-10-19 16:34 - 00103544 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2014-04-29 22:43 - 2014-04-29 22:43 - 03019888 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-04-29 22:43 - 2014-04-29 22:43 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-29 22:43 - 2014-04-29 22:43 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-28 21:35 - 2012-11-21 07:26 - 00008704 _____ () C:\Users\Hendrik\AppData\Roaming\Thunderbird\Profiles\u165myhr.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Hendrik\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============

Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (06/04/2014 08:17:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert
.

Error: (06/04/2014 07:20:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (06/04/2014 07:19:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/04/2014 06:48:04 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x8898008d) festgestellt.

Error: (06/03/2014 11:46:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/03/2014 11:45:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: Das Volume "System-reserviert" wurde aufgrund eines Fehlers nicht optimiert: Falscher Parameter. (0x80070057)

Error: (06/03/2014 10:42:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/03/2014 09:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/03/2014 09:55:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (06/03/2014 09:55:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (06/01/2014 02:15:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2014 10:39:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2014 10:37:46 PM) (Source: DCOM) (EventID: 10010) (User: ULTI)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (05/30/2014 10:37:46 PM) (Source: DCOM) (EventID: 10010) (User: ULTI)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (05/30/2014 10:37:39 PM) (Source: DCOM) (EventID: 10010) (User: ULTI)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (05/30/2014 10:37:39 PM) (Source: DCOM) (EventID: 10010) (User: ULTI)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (05/30/2014 10:37:38 PM) (Source: DCOM) (EventID: 10010) (User: ULTI)
Description: {03E64E17-B220-4052-9B9B-155F9CB8E016}

Error: (05/30/2014 02:53:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2014 02:51:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/30/2014 02:34:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Service KMSELDI" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.


Microsoft Office Sessions:
=========================
Error: (06/04/2014 08:17:39 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft-Verbindungsschichterkennungsprotokoll.

System Error:
Zugriff verweigert

Error: (06/04/2014 07:20:03 AM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (06/04/2014 07:19:59 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/04/2014 06:48:04 AM) (Source: Desktop Window Manager) (EventID: 9020) (User: )
Description: 0x8898008d

Error: (06/03/2014 11:46:17 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/03/2014 11:45:53 PM) (Source: Microsoft-Windows-Defrag) (EventID: 257) (User: )
Description: System-reserviertFalscher Parameter. (0x80070057)

Error: (06/03/2014 10:42:13 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (06/03/2014 09:55:27 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hendrik\Downloads\esetsmartinstaller_deu.exe

Error: (06/03/2014 09:55:26 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hendrik\Downloads\esetsmartinstaller_deu.exe

Error: (06/03/2014 09:55:22 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Hendrik\Downloads\esetsmartinstaller_deu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-06-02 08:18:52.241
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-31 09:09:08.877
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-30 09:09:29.747
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-26 07:41:21.888
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-05-16 07:44:51.174
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Percentage of memory in use: 76%
Total physical RAM: 3797.53 MB
Available physical RAM: 875.95 MB
Total Pagefile: 7637.53 MB
Available Pagefile: 4194.31 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:118.9 GB) (Free:62.32 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 8F94EF5E)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

GMER.txt folgt im nächsten Beitrag, da max. Zeichen überschritten wurden

Vielen Dank im Vorraus, Widu

Geändert von Widukin5 (04.06.2014 um 08:36 Uhr)

Alt 04.06.2014, 08:37   #2
Widukin5
 
Windows 8.1: Firefox ruft falsche Internetseiten auf - Standard

Windows 8.1: Firefox ruft falsche Internetseiten auf



CMER.txt:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-04 08:58:11
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\00000034 SanDisk_SSD_U100_128GB rev.10.01.04 119,24GB
Running: Gmer-19357.exe; Driver: C:\Users\Hendrik\AppData\Local\Temp\pxldapod.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 1                                                                                                                                                                                                               fffff9600015f201 7 bytes [20, 0A, 02, 00, F0, 70, 01]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 9                                                                                                                                                                                                               fffff9600015f209 6 bytes [88, B0, FF, 01, 23, DC]

---- Threads - GMER 2.1 ----

Thread   C:\Windows\system32\csrss.exe [6520:4076]                                                                                                                                                                                                                         fffff96000834b90
---- Processes - GMER 2.1 ----

Process  C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [1584] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2014-04-29 15:57:19)                                                                     0000000100000000
Process  C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE (*** suspicious ***) @ C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [1608] (EPSON Status Monitor 3/SEIKO EPSON CORPORATION)(2014-04-29 15:57:19)                                                                     0000000100000000
Library  C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c\Microsoft.PerfTrack.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [2244] (Microsoft.PerfTrack.dll/Microsoft Corporation)(2014-04-28 17:20:57)                          000000006ac90000
Library  C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c\LibWrap.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [2244] (Microsoft Skype/Microsoft Corporation)(2014-05-07 07:16:49)                                              0000000063c40000
Library  C:\Program Files\WindowsApps\Microsoft.SkypeApp_2.8.0.1001_x86__kzf8qxf38zg5c\MicrosoftAdvertising.dll (*** suspicious ***) @ C:\Windows\syswow64\wwahost.exe [2244] (Microsoft Advertising Native SDK for Windows 8/Microsoft Corporation)(2014-04-28 17:20:57)  0000000061e80000

---- Services - GMER 2.1 ----

Service  C:\Windows\System32\drivers\dtsoftbus01.sys (*** hidden *** )                                                                                                                                                                                                     [SYSTEM] dtsoftbus01                                                                                                                                                       <-- ROOTKIT !!!

---- Registry - GMER 2.1 ----

Reg      HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{CCD2DB4F-CC5C-48F7-81AD-69F3DC58C182}\Connection@Name                                                                                                                       isatap.fritz.box
Reg      HKLM\SYSTEM\CurrentControlSet\Control\RadioManagement\SystemRadioState@                                                                                                                                                                                           0
Reg      HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                                                                                                                                                                                 -1690737197
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BthLEEnum\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                                                  0xA3 0x6E 0xBF 0x31 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c4850855cffc                                                                                                                                                                                       
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c4850855cffc@f065dd6c7a16                                                                                                                                                                          0x0E 0x40 0x04 0x45 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\c4850855cffc@14f42a3cb5c6                                                                                                                                                                          0xD1 0xE3 0x46 0x26 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\bthserv\Parameters\BluetoothControlPanelTasks@State                                                                                                                                                                        1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\btmaux\Parameters\Wdf@TimeOfLastSqmLog                                                                                                                                                                                     0x0C 0x24 0xC4 0x31 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01@Start                                                                                                                                                                                                          1
Reg      HKLM\SYSTEM\CurrentControlSet\Services\dtsoftbus01                                                                                                                                                                                                                
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{CCD2DB4F-CC5C-48F7-81AD-69F3DC58C182}@ReusableType                                                                                                                                             0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{CCD2DB4F-CC5C-48F7-81AD-69F3DC58C182}@DefunctTimestamp                                                                                                                                         0x04 0xA5 0x8E 0x53 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\bc-05-43-bf-03-94@ClientLocalPort                                                                                                                                                            58330
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\bc-05-43-bf-03-94@AddressCreationTimestamp                                                                                                                                                   0x11 0x4B 0x9F 0x09 ...
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\bc-05-43-bf-03-94@UPnPState                                                                                                                                                                  0
Reg      HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Teredo\PreviousState\bc-05-43-bf-03-94@TeredoAddress                                                                                                                                                              2001:0:9d38:6ab8:452:1c25:4395:a634
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch                                                                                                                                                                                                   3432
Reg      HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch                                                                                                                                                                                                  752
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{443AF6BF-37EF-43D0-8169-137CBF34D266}@LeaseObtainedTime                                                                                                                                       1401857289
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{443AF6BF-37EF-43D0-8169-137CBF34D266}@T1                                                                                                                                                      1402289289
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{443AF6BF-37EF-43D0-8169-137CBF34D266}@T2                                                                                                                                                      1402613289
Reg      HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{443AF6BF-37EF-43D0-8169-137CBF34D266}@LeaseTerminatesTime                                                                                                                                     1402721289
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{06d3dcd3-d84a-11e3-8257-c4850855cffc}                                                                                                                                            
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{06d3dcd3-d84a-11e3-8257-c4850855cffc}@Drive Type                                                                                                                                 1048593
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\Drives\Volume{06d3dcd3-d84a-11e3-8257-c4850855cffc}@IsImapiDataBurnSupported                                                                                                                   0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\CD Burning\StagingInfo\Volume{06d3dcd3-d84a-11e3-8257-c4850855cffc}@Active                                                                                                                                1
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsBandwidthBucketCounter                                                                                                                                                              0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@WindowsRequestBucketCounter                                                                                                                                                                0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsRequestBucketDrainTime                                                                                                                                                          0x9D 0x51 0xF4 0x60 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastWindowsLargeRequestBucketDrainTime                                                                                                                                                     0x9D 0x51 0xF4 0x60 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastOtherRequestBucketDrainTime                                                                                                                                                            0x9D 0x51 0xF4 0x60 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalBandwidthBucketCounter                                                                                                                                                               29790
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@GlobalRequestBucketCounter                                                                                                                                                                 0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastGlobalRequestBucketDrainTime                                                                                                                                                           0x9D 0x51 0xF4 0x60 ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudUsertileDirtyMarks                                                                                                                                                                    0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@CloudSettingsDirtyMarks                                                                                                                                                                    0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@LastUploadTime                                                                                                                                                                             0x1E 0xFA 0x82 0x0C ...
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Live\Roaming\PolicyData@RoamingSyncToken                                                                                                                                                                           LM%3d63537420525950%3bID%3d9D845FFECC04E1AD!106%3bLR%3d63537456321190%3bEP%3d4%3bTD%3dTrue
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\Run@DAEMON Tools Lite                                                                                                                                                                                              "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData@PendingOperations                                                                                                                                                                             4
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\SettingSync\SyncData\Namespace\windows\remotesyncdummyid@PendingOperations                                                                                                                                         0
Reg      HKCU\Software\Microsoft\Windows\CurrentVersion\UFH\SHC@22                                                                                                                                                                                                         C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk?C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe??
Reg      HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows@UserSelectedDefault                                                                                                                                                                                     1

---- EOF - GMER 2.1 ----
         
__________________


Alt 05.08.2014, 08:15   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Windows 8.1: Firefox ruft falsche Internetseiten auf - Standard

Windows 8.1: Firefox ruft falsche Internetseiten auf



hi,

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
__________________

Antwort

Themen zu Windows 8.1: Firefox ruft falsche Internetseiten auf
administrator, adobe, adobe flash player, association, bluestacks, browser, defender, excel, explorer, fehler, firefox, flash player, homepage, microsoft, mozilla, neu, onedrive, outlook 2013, registry, rundll, scan, security, seiten, sekunden, software, svchost.exe, system, tracker, windows, winlogon.exe



Ähnliche Themen: Windows 8.1: Firefox ruft falsche Internetseiten auf


  1. Windows 8.1 / Firefox, falsche Startseite homepage-web.com
    Log-Analyse und Auswertung - 08.04.2015 (41)
  2. Firefox startet automatisch und ruft selbständig Internetseiten auf
    Plagegeister aller Art und deren Bekämpfung - 15.01.2015 (2)
  3. Windows 7: selbstständig öffnende Internetseiten sowohl im IE als auch bei Mozilla Firefox
    Log-Analyse und Auswertung - 29.05.2014 (15)
  4. Ständig Popups und automatische Weiterleitung auf Internetseiten (Windows 7 professional, firefox und ie)
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (9)
  5. Windows 8 -Firefox zeigt falsche Links
    Log-Analyse und Auswertung - 29.03.2014 (12)
  6. falsche Links in Internetseiten und PopUps von bannersdontwork.com (Windows 8)
    Log-Analyse und Auswertung - 17.08.2013 (14)
  7. ihavenet / Umleitung falsche Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (15)
  8. Google ruft falsche Seiten auf & Bluescreen beim runterfahren.
    Log-Analyse und Auswertung - 25.12.2010 (9)
  9. Firefox öffnet Spamseiten, Onlinebanking ruft freetalkgames.com auf
    Plagegeister aller Art und deren Bekämpfung - 21.12.2010 (3)
  10. Weiterleitung auf falsche Internetseiten (aks.com, kdirectory,...)
    Plagegeister aller Art und deren Bekämpfung - 18.10.2010 (1)
  11. System Langsam,Firefox öffnet falsche seiten,incredimail ruft gelöschte mails ab
    Plagegeister aller Art und deren Bekämpfung - 11.10.2010 (16)
  12. Browser ruft eigentständig Internetseiten auf
    Log-Analyse und Auswertung - 05.07.2010 (5)
  13. Umleitung auf falsche Internetseiten
    Log-Analyse und Auswertung - 14.02.2009 (28)
  14. Falsche Internetseiten werden geöffnet
    Log-Analyse und Auswertung - 10.09.2008 (12)
  15. firefox leitet auf falsche internetseiten
    Log-Analyse und Auswertung - 09.08.2008 (1)
  16. Programm ruft selbsttätig Internetseiten auf
    Plagegeister aller Art und deren Bekämpfung - 20.05.2007 (19)
  17. Browser ruft falsche oder "alte" Seite auf
    Plagegeister aller Art und deren Bekämpfung - 23.02.2007 (5)

Zum Thema Windows 8.1: Firefox ruft falsche Internetseiten auf - Hallo zusammen, bin neu hier und hoffe ich habe die Hilfe korrekt abgearbeitet... Seit ein paar Tagen ruft Firefox (30.0) sporadisch falsche Internetseiten auf. So kann es bei einem Link - Windows 8.1: Firefox ruft falsche Internetseiten auf...
Archiv
Du betrachtest: Windows 8.1: Firefox ruft falsche Internetseiten auf auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.