| |
| |||||||
Log-Analyse und Auswertung: Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer MailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.06.2014, 15:02
| #1 |
 |  Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Hallo, ich habe versehentlich den Anhang einer Mail geöffnet, die scheinbar einen Virus oder ähnliches beinhaltet. Jetzt ist der Rechner sehr langsam geworden und nach dem Versenden einer Mail hat die Gegenseite gesagt, die Mail konnte aufgrund eines gesperrten Anhangs nicht geöffnet werden. Brauche daher dringend Hilfe, um dieses Biest wieder sauber zu kriegen.  Hier die Logfiles: Defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:07 on 25/06/2014 (ich)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by ich (administrator) on ICH-PC on 25-06-2014 15:08:18
Running from C:\Users\ich\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intuit, Inc.) C:\Program Files (x86)\Lexware\bueroeasy\QBW32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2013-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Runonce: [DelTr942779780] - cmd.exe /c rd /s /q "C:\Users\ich\AppData\Roaming\Speedial" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [366576 2012-08-27] (IncrediMail, Ltd.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\RunOnce: [DelTr942779765] - cmd.exe /c rd /s /q "C:\Users\ich\AppData\Roaming\Speedial"
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Policies\Explorer: []
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\MountPoints2: {a3f52ee1-a8ff-11e3-aca2-0023cdb145e6} - F:\setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-06-18] (Client Connect LTD)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2721072 2014-06-02] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [171840 2014-06-18] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~2.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3000776 2014-06-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD526340D6838CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP90A2072B-806C-4B98-92A1-89329509C196&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP90A2072B-806C-4B98-92A1-89329509C196&q={searchTerms}&SSPV=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{4B3B3148-A7B1-448C-888E-89EACCC44958}: [NameServer]192.168.52.1
FireFox:
========
FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=3ab53f1cc4bc4ba7971305853cfcf190&tu=10GX000841B0008&sku=&tstsId=&ver=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\user.js
FF SearchPlugin: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\searchplugins\zonealarm.xml
FF Extension: saveituKeeeipp. - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\Extensions\e-lral@aoaiouhbj.com [2014-06-22]
FF Extension: zonealarm.com - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\Extensions\ffxtlbr@zonealarm.com [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ch
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ch"
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=58&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&q={searchTerms}&SSPV=SP2151C_sp_ch
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Google Docs) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-04]
CHR Extension: (Google Drive) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-04]
CHR Extension: (Speedial) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-06]
CHR Extension: (saveituKeeeipp.) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkomdlmpkpaidocpojmafalghahemgn [2014-06-22]
CHR Extension: (YouTube) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-04]
CHR Extension: (McAfee Security Scan+) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18]
CHR Extension: (Google-Suche) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-04]
CHR Extension: (Freemake Video Converter) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-06-24]
CHR Extension: (My theme for Google) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcheaaplkhblheokaibpndonpnejpe [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Mehr Leistung und Videoformate fr dein HTML5 video) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-04]
CHR Extension: (Google Mail) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-04]
CHR Extension: (Extutil) - C:\Users\ich\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-03-18]
CHR Extension: (Managera) - C:\Users\ich\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-24]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-06-02] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-06-18] (Client Connect LTD)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-27] (Freemake) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-04-25] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-11] (Disc Soft Ltd)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2013-03-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R3 KMUSBSC2; C:\Windows\System32\Drivers\KMUSBSC2.sys [48256 2008-01-10] (KYOCERA MITA Corporation)
R3 KMUSBSCN; C:\Windows\System32\Drivers\KMUSBSCN.sys [57984 2007-04-27] (KYOCERA MITA Corporation)
R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-08-13] (Identive )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704 2014-05-29] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-25 15:08 - 2014-06-25 15:09 - 00027715 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-25 15:08 - 2014-06-25 15:08 - 00000000 ____D () C:\FRST
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:26 - 2014-06-24 11:26 - 00000000 ____D () C:\Users\ich\AppData\Local\SearchProtect
2014-06-24 11:25 - 2014-06-24 12:25 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:23 - 2014-06-24 11:24 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-23 08:10 - 2014-06-23 08:10 - 00000000 ____D () C:\Program Files (x86)\DealsFinnduerPero
2014-06-22 19:03 - 2014-06-23 08:10 - 00000000 ____D () C:\ProgramData\DealsFinnduerPero
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 15:03 - 2014-06-23 08:10 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-11 09:11 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:11 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:11 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:11 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:11 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:11 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:11 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:11 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:11 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-03 22:42 - 2014-05-29 14:40 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:33 - 2014-06-04 10:07 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:33 - 2014-06-02 12:34 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:32 - 2014-06-02 12:32 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Speedial
2014-06-02 12:31 - 2014-06-02 12:37 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-02 12:31 - 2014-06-02 12:34 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:31 - 2014-06-02 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
2014-05-26 16:54 - 2014-05-26 16:55 - 27046257 _____ () C:\Users\ich\Desktop\L14SoftPackV6.3.0 (1).tar.gz
2014-05-26 16:39 - 2014-05-26 16:39 - 06209136 _____ (TeamViewer GmbH) C:\Users\ich\Downloads\TeamViewer_Setup_de(3).exe
==================== One Month Modified Files and Folders =======
2014-06-25 15:09 - 2014-06-25 15:08 - 00027715 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-25 15:08 - 2014-06-25 15:08 - 00000000 ____D () C:\FRST
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:07 - 2013-03-15 14:52 - 00000000 ____D () C:\Users\ich
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 15:01 - 2013-12-16 16:30 - 00002286 ____H () C:\Users\ich\Documents\Default.rdp
2014-06-25 15:01 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 15:01 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-25 14:54 - 2013-03-19 14:26 - 00000000 ____D () C:\Users\ich\AppData\Roaming\TeamViewer
2014-06-25 14:45 - 2014-03-11 11:45 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-25 14:29 - 2013-07-04 13:00 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 14:14 - 2013-03-15 15:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 13:05 - 2013-03-15 14:48 - 01151258 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 09:29 - 2013-07-04 12:59 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 12:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:26 - 2014-06-24 11:26 - 00000000 ____D () C:\Users\ich\AppData\Local\SearchProtect
2014-06-24 11:26 - 2014-03-11 12:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:23 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:23 - 2014-03-11 12:44 - 00000000 ____D () C:\Users\ich\AppData\Roaming\OpenCandy
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-23 08:10 - 2014-06-23 08:10 - 00000000 ____D () C:\Program Files (x86)\DealsFinnduerPero
2014-06-23 08:10 - 2014-06-22 19:03 - 00000000 ____D () C:\ProgramData\DealsFinnduerPero
2014-06-23 08:10 - 2014-06-22 15:03 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 10:34 - 2009-07-14 04:34 - 00000756 _____ () C:\Windows\win.ini
2014-06-21 09:24 - 2013-07-04 13:00 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 09:24 - 2013-07-04 12:59 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 09:56 - 2013-03-19 16:54 - 00000336 _____ () C:\Windows\Tasks\dsmonitor.job
2014-06-13 11:26 - 2013-07-04 13:01 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 09:54 - 2009-07-14 19:58 - 00700342 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 09:54 - 2009-07-14 19:58 - 00149138 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 09:54 - 2009-07-14 07:13 - 01621940 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 09:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 09:47 - 2009-07-14 06:51 - 00034457 _____ () C:\Windows\setupact.log
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 09:46 - 2013-08-16 16:21 - 509438461 _____ () C:\Windows\MEMORY.DMP
2014-06-12 09:46 - 2013-08-16 16:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-12 09:46 - 2013-08-09 03:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-12 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:11 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:09 - 2013-03-19 16:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:09 - 2013-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:11 - 2013-03-15 16:07 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-10 12:11 - 2013-03-15 16:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-06 12:02 - 2013-03-20 12:23 - 00023529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-06-06 10:52 - 2013-03-18 11:59 - 00031446 _____ () C:\Windows\PFRO.log
2014-06-04 10:07 - 2014-06-02 12:33 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:37 - 2014-06-02 12:31 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-02 12:35 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\ich\AppData\Roaming\systweak
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:34 - 2014-06-02 12:33 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:34 - 2014-06-02 12:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:32 - 2014-06-02 12:32 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Speedial
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:31 - 2014-06-02 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
2014-06-02 11:00 - 2014-04-01 07:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-02 10:15 - 2013-05-08 08:45 - 00000000 ____D () C:\mist
2014-05-30 12:21 - 2014-06-11 09:11 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:11 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:11 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:11 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:11 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:11 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:11 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 14:40 - 2014-06-03 22:42 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
2014-05-26 16:55 - 2014-05-26 16:54 - 27046257 _____ () C:\Users\ich\Desktop\L14SoftPackV6.3.0 (1).tar.gz
2014-05-26 16:39 - 2014-05-26 16:39 - 06209136 _____ (TeamViewer GmbH) C:\Users\ich\Downloads\TeamViewer_Setup_de(3).exe
Some content of TEMP:
====================
C:\Users\ich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\ich\AppData\Local\Temp\MegaBrowseUntemp.exe
C:\Users\ich\AppData\Local\Temp\nso1810.exe
C:\Users\ich\AppData\Local\Temp\nst1D5E.exe
C:\Users\ich\AppData\Local\Temp\nstC240.exe
C:\Users\ich\AppData\Local\Temp\nsyBB5C.exe
C:\Users\ich\AppData\Local\Temp\optprosetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 18:56
==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by ich at 2014-06-25 15:10:41
Running from C:\Users\ich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
den MailShop Bestellassistenten (HKLM-x32\...\MailShop Bestellassistent_is1) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
DriverTuner 3.1.0.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - )
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5260 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5260 - IncrediMail Ltd.)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
K-Lite Mega Codec Pack 9.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{FF21E219-85A1-474F-B4D3-7D0505E21731}) (Version: 1.3.1819 - Kyocera Mita)
Kyocera TWAIN Driver (x32 Version: 1.3.1819 - Kyocera Mita) Hidden
Lexware Abschreibungsrechner (HKLM-x32\...\{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}) (Version: 11.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware büro easy 2012 Vorteilsedition (HKLM-x32\...\{41581163-87FB-4E8E-92C2-10366F8A3291}) (Version: 25.40.04.0060 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}) (Version: 12.03.00.0188 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}) (Version: 16.00.00.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.5.0 - Client Connect LTD) <==== ATTENTION
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
SPR532 SmartCard Reader V1.88 (HKLM-x32\...\{FB8EAB8D-9AA9-464F-8800-613B251C6C3C}) (Version: 1.88 - Identive)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{D68D8330-DFA9-4437-8CB7-F684149EA310}) (Version: 8.0 - Star Finanz GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.768.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
Z-Scan2Send (HKLM-x32\...\{0E062D19-D9B8-4F00-9F1A-3810EA8994F8}) (Version: 3.8.0.16 - IMU Andreas Baumann)
==================== Restore Points =========================
27-05-2014 22:24:06 Geplanter Prüfpunkt
30-05-2014 22:47:06 Windows Update
04-06-2014 03:06:17 Windows Update
10-06-2014 10:16:04 Windows Update
12-06-2014 01:03:56 Windows Update
17-06-2014 23:27:27 Windows Update
24-06-2014 19:17:21 Windows Update
==================== Hosts content: ==========================
2013-09-06 10:56 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {068E7D48-8B35-485E-BB73-2EDFD4C0AF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {245F7258-ED71-4D13-ADE4-D192E04243FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {37A59606-A0D4-4A8D-8F22-78442C7EABA7} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {3E613ACD-2151-4FB8-9429-70B08193216E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {55F28D15-E394-4CE3-8FCD-B8D56B35CCED} - System32\Tasks\MySearchDial => C:\Users\ich\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7FAF3281-F1BC-4950-BD75-510D13D9B3B3} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe [2013-03-20] (Sun Microsystems, Inc.)
Task: {9D71983D-3CDE-466C-93AC-07E5C46701A0} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {D1DF2E52-B9DC-4ACB-A61A-424461CA679B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E90989A3-C42A-401C-A9BA-CAF794FF2298} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {FA6CCC18-19B3-4773-AEFE-5462F46C19D0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {FC41EEA0-5753-403F-BA1A-1CDC41815C30} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\ich\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-08-09 03:02 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-02 12:31 - 2014-06-02 12:31 - 02721072 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-18 11:01 - 2013-12-18 11:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-02 12:31 - 2014-06-02 12:31 - 03000776 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-06-02 12:31 - 2014-06-02 12:31 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2013-03-18 09:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2007-01-05 14:24 - 2007-01-05 14:24 - 01433600 _____ () C:\Program Files (x86)\Lexware\bueroeasy\PrintEng.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-05-12 13:35 - 2014-06-22 20:03 - 03852912 _____ () C:\Users\ich\Documents\Firefox Browser\App\Firefox\mozjs.dll
2014-05-14 16:15 - 2014-05-14 16:15 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-03-19 17:11 - 2013-03-07 20:00 - 03501056 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2013-03-19 17:11 - 2013-02-10 20:52 - 00242190 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 07834946 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00379254 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00164666 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 01251150 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00159427 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-1.dll
2013-01-23 17:17 - 2010-12-29 04:40 - 00107896 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Smartcard
Description: Smartcard
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/25/2014 03:01:06 PM) (Source: MsiInstaller) (EventID: 1024) (User: ich-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/25/2014 03:00:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IncMail.exe, Version 6.2.9.5229 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2edc
Startzeit: 01cf8ea4d2a53bad
Endzeit: 19625
Anwendungspfad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
Berichts-ID: a1f75d21-fc68-11e3-84de-0023cdb145e6
Error: (06/12/2014 09:49:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm InstantBackup.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10f0
Startzeit: 01cf8612c4790cab
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
Berichts-ID: 1bb92664-f206-11e3-84de-0023cdb145e6
Error: (06/12/2014 09:47:34 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 07:03:06 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 03:33:26 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 03:31:35 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/10/2014 00:05:31 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/06/2014 03:17:20 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/06/2014 00:00:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (06/12/2014 09:47:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 09:47:00 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8800345f044, 0xfffff880009e0ed8, 0xfffff880009e0730)C:\Windows\MEMORY.DMP061214-20732-01
Error: (06/12/2014 09:46:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.06.2014 um 08:23:44 unerwartet heruntergefahren.
Error: (06/12/2014 07:03:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 07:02:44 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8800a185044, 0xfffff8800f01fed8, 0xfffff8800f01f730)C:\Windows\MEMORY.DMP061214-20560-01
Error: (06/12/2014 07:02:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.06.2014 um 04:49:43 unerwartet heruntergefahren.
Error: (06/12/2014 03:33:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 03:31:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/10/2014 00:05:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/10/2014 00:04:24 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88006c91044, 0xfffff8800bb9fed8, 0xfffff8800bb9f730)C:\Windows\MEMORY.DMP061014-26847-01
Microsoft Office Sessions:
=========================
Error: (05/21/2013 03:43:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-08-15 06:56:11.038
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-15 04:33:15.525
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:32:48.666
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:24:05.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:00:27.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:49:50.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:42:30.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:33:22.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:25:28.823
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:13:02.770
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 3836.49 MB
Available physical RAM: 1261.77 MB
Total Pagefile: 7671.16 MB
Available Pagefile: 2842.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:243.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:698.64 GB) (Free:273.95 GB) NTFS
Drive e: (PRJ_20140401) (CDROM) (Total:2.78 GB) (Free:0 GB) UDF
Drive f: (KYOCERA) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
Drive s: () (Network) (Total:1831.63 GB) (Free:155.91 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A5CC7935)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AE4957B6)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-25 15:38:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103UJ rev.1AA01113 931,51GB
Running: lz0v1ppf.exe; Driver: C:\Users\ich\AppData\Local\Temp\uwldrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff2000 45 bytes [FF, FF, FF, FF, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ff202f 16 bytes [00, FF, FF, FF, FF, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2848] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007777000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2848] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000777ff8ea 5 bytes JMP 00000001777ad5c1
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[28832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[28832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [17264] (FreemakeUtilsService/Freemake)(2014-06-24 09:24:25) 0000000000cb0000
---- EOF - GMER 2.1 ----
Martin |
Baum-Darstellung