| |
| |||||||
Log-Analyse und Auswertung: Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer MailWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
25.06.2014, 15:02
| #1 |
 |  Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Hallo, ich habe versehentlich den Anhang einer Mail geöffnet, die scheinbar einen Virus oder ähnliches beinhaltet. Jetzt ist der Rechner sehr langsam geworden und nach dem Versenden einer Mail hat die Gegenseite gesagt, die Mail konnte aufgrund eines gesperrten Anhangs nicht geöffnet werden. Brauche daher dringend Hilfe, um dieses Biest wieder sauber zu kriegen.  Hier die Logfiles: Defogger_disable.txt: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:07 on 25/06/2014 (ich)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by ich (administrator) on ICH-PC on 25-06-2014 15:08:18
Running from C:\Users\ich\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Check Point Software Technologies, Ltd.) C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(Check Point Software Technologies LTD) C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intuit, Inc.) C:\Program Files (x86)\Lexware\bueroeasy\QBW32.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Users\ich\AppData\Local\Temp\TeamViewer\Version7\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WerFault.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2013-03-20] (Realtek Semiconductor)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [ZoneAlarm] => C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe [73832 2013-06-19] (Check Point Software Technologies LTD)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [224128 2014-03-18] (Oracle Corporation)
HKLM-x32\...\Runonce: [DelTr942779780] - cmd.exe /c rd /s /q "C:\Users\ich\AppData\Roaming\Speedial" [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [366576 2012-08-27] (IncrediMail, Ltd.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_214_ActiveX.exe [535216 2014-05-14] (Adobe Systems Incorporated)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\RunOnce: [DelTr942779765] - cmd.exe /c rd /s /q "C:\Users\ich\AppData\Roaming\Speedial"
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Policies\Explorer: []
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\MountPoints2: {a3f52ee1-a8ff-11e3-aca2-0023cdb145e6} - F:\setup.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-06-18] (Client Connect LTD)
AppInit_DLLs: C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL => C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll [2721072 2014-06-02] ()
AppInit_DLLs-x32: c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll => c:\Program Files (x86)\searchprotect\searchprotect\bin\spvc32loader.dll [171840 2014-06-18] (Client Connect LTD)
AppInit_DLLs-x32: c:\progra~2\optimi~1\optpro~2.dll => c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll [3000776 2014-06-02] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD526340D6838CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://speedial.com/?f=1&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM - {31090377-0740-419E-BEFC-A56E50500D5B} URL =
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP90A2072B-806C-4B98-92A1-89329509C196&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://speedial.com/results.php?f=4&q={searchTerms}&a=spd_frg_14_23_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzzzztAtN1L2XzutBtFtBtDtFtCzytFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyCyE0EyDyDzy0AtGtAtCtDyCtG0AtByCtAtGyDtAtBzytGtAtDyDyCtC0B0Bzz0F0BzztB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=440360658&ir=
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKCU - {31090377-0740-419E-BEFC-A56E50500D5B} URL = hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP90A2072B-806C-4B98-92A1-89329509C196&q={searchTerms}&SSPV=
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Zonealarm Helper Object - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\bh\zonealarm.dll (Check Point Software Technologies LTD)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM-x32 - ZoneAlarm Security Toolbar - {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.8.22.0\zonealarmTlbr.dll (Check Point Software Technologies LTD)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{4B3B3148-A7B1-448C-888E-89EACCC44958}: [NameServer]192.168.52.1
FireFox:
========
FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default
FF SearchEngineOrder.1: Search By ZoneAlarm
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://search.zonealarm.com/search?src=sp&tbid=base2013&Lan=de&gu=3ab53f1cc4bc4ba7971305853cfcf190&tu=10GX000841B0008&sku=&tstsId=&ver=&&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.5.2 - C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/JavaPlugin - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\user.js
FF SearchPlugin: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\searchplugins\zonealarm.xml
FF Extension: saveituKeeeipp. - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\Extensions\e-lral@aoaiouhbj.com [2014-06-22]
FF Extension: zonealarm.com - C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\Extensions\ffxtlbr@zonealarm.com [2013-05-15]
FF HKLM-x32\...\Firefox\Extensions: [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}] - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
Chrome:
=======
CHR HomePage: hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ch
CHR StartupUrls: "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=55&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&SSPV=SP2151C_sp_ch"
CHR NewTab: "chrome-extension://bakijjialdiiboeaknfpmflphhmljfkd/content/newtab/newtab.html"
CHR DefaultSearchKeyword: trovi.search
CHR DefaultSearchProvider: Trovi search
CHR DefaultSearchURL: hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=MC8629EA4-68D0-4F75-AB1D-235FE7368511&SearchSource=58&CUI=&UM=5&UP=SP088F802D-D02C-47EF-B601-49ED068AC87F&q={searchTerms}&SSPV=SP2151C_sp_ch
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.210.7) - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U21) - c:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (npFFApi) - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Extension: (Google Docs) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-04]
CHR Extension: (Google Drive) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-04]
CHR Extension: (Speedial) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-06]
CHR Extension: (saveituKeeeipp.) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkomdlmpkpaidocpojmafalghahemgn [2014-06-22]
CHR Extension: (YouTube) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-04]
CHR Extension: (McAfee Security Scan+) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18]
CHR Extension: (Google-Suche) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-04]
CHR Extension: (Freemake Video Converter) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-06-24]
CHR Extension: (My theme for Google) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcheaaplkhblheokaibpndonpnejpe [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Mehr Leistung und Videoformate fr dein HTML5 video) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-04]
CHR Extension: (Google Mail) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-04]
CHR Extension: (Extutil) - C:\Users\ich\AppData\Local\Temp\D7ADFCCA-EE7E-442C-9999-C4D14FEF360B [2014-03-18]
CHR Extension: (Managera) - C:\Users\ich\AppData\Local\Temp\38fdaae5-8e0e-493c-88ec-e05c3be06e42 [2014-03-18]
CHR HKLM-x32\...\Chrome\Extension: [jbolfgndggfhhpbnkgnpjkfhinclbigj] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2014-06-24]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-06-02] ()
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2497856 2014-06-18] (Client Connect LTD)
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-27] (Freemake) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
R2 vsmon; C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe [2445304 2013-06-19] (Check Point Software Technologies LTD)
R2 ZAPrivacyService; C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZAPrivacyService.exe [54160 2013-06-18] (Check Point Software Technologies, Ltd.)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-04-25] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-11] (Disc Soft Ltd)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2013-03-20] ( )
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458584 2012-11-15] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89944 2013-02-21] (Kaspersky Lab)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [613720 2013-02-21] (Kaspersky Lab)
R3 KMUSBSC2; C:\Windows\System32\Drivers\KMUSBSC2.sys [48256 2008-01-10] (KYOCERA MITA Corporation)
R3 KMUSBSCN; C:\Windows\System32\Drivers\KMUSBSCN.sys [57984 2007-04-27] (KYOCERA MITA Corporation)
R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-08-13] (Identive )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R1 Vsdatant; C:\Windows\System32\DRIVERS\vsdatant.sys [451096 2013-06-13] (Check Point Software Technologies LTD)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704 2014-05-29] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-25 15:08 - 2014-06-25 15:09 - 00027715 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-25 15:08 - 2014-06-25 15:08 - 00000000 ____D () C:\FRST
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:26 - 2014-06-24 11:26 - 00000000 ____D () C:\Users\ich\AppData\Local\SearchProtect
2014-06-24 11:25 - 2014-06-24 12:25 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:23 - 2014-06-24 11:24 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-23 08:10 - 2014-06-23 08:10 - 00000000 ____D () C:\Program Files (x86)\DealsFinnduerPero
2014-06-22 19:03 - 2014-06-23 08:10 - 00000000 ____D () C:\ProgramData\DealsFinnduerPero
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 15:03 - 2014-06-23 08:10 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-11 09:11 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:11 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:11 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:11 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:11 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:11 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:11 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:11 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:11 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-03 22:42 - 2014-05-29 14:40 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:33 - 2014-06-04 10:07 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:33 - 2014-06-02 12:34 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:32 - 2014-06-02 12:32 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Speedial
2014-06-02 12:31 - 2014-06-02 12:37 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-02 12:31 - 2014-06-02 12:34 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:31 - 2014-06-02 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
2014-05-26 16:54 - 2014-05-26 16:55 - 27046257 _____ () C:\Users\ich\Desktop\L14SoftPackV6.3.0 (1).tar.gz
2014-05-26 16:39 - 2014-05-26 16:39 - 06209136 _____ (TeamViewer GmbH) C:\Users\ich\Downloads\TeamViewer_Setup_de(3).exe
==================== One Month Modified Files and Folders =======
2014-06-25 15:09 - 2014-06-25 15:08 - 00027715 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-25 15:08 - 2014-06-25 15:08 - 00000000 ____D () C:\FRST
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:07 - 2013-03-15 14:52 - 00000000 ____D () C:\Users\ich
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 15:01 - 2013-12-16 16:30 - 00002286 ____H () C:\Users\ich\Documents\Default.rdp
2014-06-25 15:01 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 15:01 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-25 14:54 - 2013-03-19 14:26 - 00000000 ____D () C:\Users\ich\AppData\Roaming\TeamViewer
2014-06-25 14:45 - 2014-03-11 11:45 - 00000284 _____ () C:\Windows\Tasks\MySearchDial.job
2014-06-25 14:29 - 2013-07-04 13:00 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 14:14 - 2013-03-15 15:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-25 13:05 - 2013-03-15 14:48 - 01151258 _____ () C:\Windows\WindowsUpdate.log
2014-06-25 09:29 - 2013-07-04 12:59 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 12:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:26 - 2014-06-24 11:26 - 00000000 ____D () C:\Users\ich\AppData\Local\SearchProtect
2014-06-24 11:26 - 2014-03-11 12:47 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:23 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:23 - 2014-03-11 12:44 - 00000000 ____D () C:\Users\ich\AppData\Roaming\OpenCandy
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-23 08:10 - 2014-06-23 08:10 - 00000000 ____D () C:\Program Files (x86)\DealsFinnduerPero
2014-06-23 08:10 - 2014-06-22 19:03 - 00000000 ____D () C:\ProgramData\DealsFinnduerPero
2014-06-23 08:10 - 2014-06-22 15:03 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 10:34 - 2009-07-14 04:34 - 00000756 _____ () C:\Windows\win.ini
2014-06-21 09:24 - 2013-07-04 13:00 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 09:24 - 2013-07-04 12:59 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 09:56 - 2013-03-19 16:54 - 00000336 _____ () C:\Windows\Tasks\dsmonitor.job
2014-06-13 11:26 - 2013-07-04 13:01 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 09:54 - 2009-07-14 19:58 - 00700342 _____ () C:\Windows\system32\perfh007.dat
2014-06-12 09:54 - 2009-07-14 19:58 - 00149138 _____ () C:\Windows\system32\perfc007.dat
2014-06-12 09:54 - 2009-07-14 07:13 - 01621940 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-12 09:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-12 09:47 - 2009-07-14 06:51 - 00034457 _____ () C:\Windows\setupact.log
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 09:46 - 2013-08-16 16:21 - 509438461 _____ () C:\Windows\MEMORY.DMP
2014-06-12 09:46 - 2013-08-16 16:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-12 09:46 - 2013-08-09 03:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-12 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:11 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:09 - 2013-03-19 16:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:09 - 2013-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:11 - 2013-03-15 16:07 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-10 12:11 - 2013-03-15 16:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-06 12:02 - 2013-03-20 12:23 - 00023529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-06-06 10:52 - 2013-03-18 11:59 - 00031446 _____ () C:\Windows\PFRO.log
2014-06-04 10:07 - 2014-06-02 12:33 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:37 - 2014-06-02 12:31 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-06-02 12:35 - 2014-03-11 11:45 - 00000000 ____D () C:\Users\ich\AppData\Roaming\systweak
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:34 - 2014-06-02 12:33 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:34 - 2014-06-02 12:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:32 - 2014-06-02 12:32 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Speedial
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:31 - 2014-06-02 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
2014-06-02 11:00 - 2014-04-01 07:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-02 10:15 - 2013-05-08 08:45 - 00000000 ____D () C:\mist
2014-05-30 12:21 - 2014-06-11 09:11 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:11 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:11 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:11 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:11 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:11 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:11 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 14:40 - 2014-06-03 22:42 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
2014-05-26 16:55 - 2014-05-26 16:54 - 27046257 _____ () C:\Users\ich\Desktop\L14SoftPackV6.3.0 (1).tar.gz
2014-05-26 16:39 - 2014-05-26 16:39 - 06209136 _____ (TeamViewer GmbH) C:\Users\ich\Downloads\TeamViewer_Setup_de(3).exe
Some content of TEMP:
====================
C:\Users\ich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\ich\AppData\Local\Temp\MegaBrowseUntemp.exe
C:\Users\ich\AppData\Local\Temp\nso1810.exe
C:\Users\ich\AppData\Local\Temp\nst1D5E.exe
C:\Users\ich\AppData\Local\Temp\nstC240.exe
C:\Users\ich\AppData\Local\Temp\nsyBB5C.exe
C:\Users\ich\AppData\Local\Temp\optprosetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-10 18:56
==================== End Of Log ============================
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by ich at 2014-06-25 15:10:41
Running from C:\Users\ich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: ZoneAlarm Antivirus (Enabled - Up to date) {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ZoneAlarm Anti-Spyware (Enabled - Up to date) {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Firewall (Enabled) {E6380B7E-D4B2-19F1-083E-56486607704B}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
den MailShop Bestellassistenten (HKLM-x32\...\MailShop Bestellassistent_is1) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
DriverScanner (HKLM-x32\...\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1) (Version: 4.0.10.0 - Uniblue Systems Ltd)
DriverTuner 3.1.0.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - )
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5260 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5260 - IncrediMail Ltd.)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
Java 8 Update 5 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418005FF}) (Version: 8.0.50 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.05.13 - Oracle, Inc.) Hidden
Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.)
Java(TM) 6 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216021FF}) (Version: 6.0.210 - Oracle)
K-Lite Mega Codec Pack 9.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{FF21E219-85A1-474F-B4D3-7D0505E21731}) (Version: 1.3.1819 - Kyocera Mita)
Kyocera TWAIN Driver (x32 Version: 1.3.1819 - Kyocera Mita) Hidden
Lexware Abschreibungsrechner (HKLM-x32\...\{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}) (Version: 11.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware büro easy 2012 Vorteilsedition (HKLM-x32\...\{41581163-87FB-4E8E-92C2-10366F8A3291}) (Version: 25.40.04.0060 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}) (Version: 12.03.00.0188 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}) (Version: 16.00.00.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Optimizer Pro v3.2 (HKLM-x32\...\Optimizer Pro_is1) (Version: - ) <==== ATTENTION
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.15.5.0 - Client Connect LTD) <==== ATTENTION
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
SPR532 SmartCard Reader V1.88 (HKLM-x32\...\{FB8EAB8D-9AA9-464F-8800-613B251C6C3C}) (Version: 1.88 - Identive)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{D68D8330-DFA9-4437-8CB7-F684149EA310}) (Version: 8.0 - Star Finanz GmbH)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
ZoneAlarm Antivirus (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Firewall (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Free Antivirus + Firewall (HKLM-x32\...\ZoneAlarm Free Antivirus + Firewall) (Version: 11.0.768.000 - Check Point)
ZoneAlarm Security (x32 Version: 11.0.768.000 - Check Point Software Technologies Ltd.) Hidden
ZoneAlarm Security Toolbar (x32 Version: 1.8.22.0 - Check Point Software Technologies LTD) Hidden
Z-Scan2Send (HKLM-x32\...\{0E062D19-D9B8-4F00-9F1A-3810EA8994F8}) (Version: 3.8.0.16 - IMU Andreas Baumann)
==================== Restore Points =========================
27-05-2014 22:24:06 Geplanter Prüfpunkt
30-05-2014 22:47:06 Windows Update
04-06-2014 03:06:17 Windows Update
10-06-2014 10:16:04 Windows Update
12-06-2014 01:03:56 Windows Update
17-06-2014 23:27:27 Windows Update
24-06-2014 19:17:21 Windows Update
==================== Hosts content: ==========================
2013-09-06 10:56 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {068E7D48-8B35-485E-BB73-2EDFD4C0AF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {245F7258-ED71-4D13-ADE4-D192E04243FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {37A59606-A0D4-4A8D-8F22-78442C7EABA7} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe <==== ATTENTION
Task: {3E613ACD-2151-4FB8-9429-70B08193216E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {55F28D15-E394-4CE3-8FCD-B8D56B35CCED} - System32\Tasks\MySearchDial => C:\Users\ich\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {7FAF3281-F1BC-4950-BD75-510D13D9B3B3} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe [2013-03-20] (Sun Microsystems, Inc.)
Task: {9D71983D-3CDE-466C-93AC-07E5C46701A0} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E} - System32\Tasks\dsmonitor => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2013-01-16] (Uniblue Systems Ltd)
Task: {D1DF2E52-B9DC-4ACB-A61A-424461CA679B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E90989A3-C42A-401C-A9BA-CAF794FF2298} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe <==== ATTENTION
Task: {FA6CCC18-19B3-4773-AEFE-5462F46C19D0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {FC41EEA0-5753-403F-BA1A-1CDC41815C30} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\dsmonitor.job => C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\MySearchDial.job => C:\Users\ich\AppData\Roaming\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-08-09 03:02 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-06-02 12:31 - 2014-06-02 12:31 - 02721072 _____ () C:\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-12-18 11:01 - 2013-12-18 11:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-13 04:37 - 2013-02-13 04:37 - 01263952 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-06-02 12:31 - 2014-06-02 12:31 - 03000776 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll
2014-06-02 12:31 - 2014-06-02 12:31 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll
2013-03-18 09:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2014-06-01 11:08 - 2014-06-01 11:08 - 00035328 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00091648 _____ () C:\Program Files (x86)\FileZilla FTP Client\libgcc_s_sjlj-1.dll
2014-05-24 18:41 - 2014-05-24 18:41 - 00892416 _____ () C:\Program Files (x86)\FileZilla FTP Client\libstdc++-6.dll
2007-01-05 14:24 - 2007-01-05 14:24 - 01433600 _____ () C:\Program Files (x86)\Lexware\bueroeasy\PrintEng.dll
2009-02-26 14:46 - 2009-02-26 14:46 - 00064344 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\ColleagueImport.dll
2011-06-22 12:46 - 2011-06-22 12:46 - 00434016 _____ () C:\Program Files (x86)\Microsoft Office\Office12\ADDINS\UmOutlookAddin.dll
2013-07-10 18:07 - 2013-07-10 18:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
2014-05-12 13:35 - 2014-06-22 20:03 - 03852912 _____ () C:\Users\ich\Documents\Firefox Browser\App\Firefox\mozjs.dll
2014-05-14 16:15 - 2014-05-14 16:15 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
2013-02-13 04:38 - 2013-02-13 04:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2013-03-19 17:11 - 2013-03-07 20:00 - 03501056 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\ffdshow\ffdshow.ax
2013-03-19 17:11 - 2013-02-10 20:52 - 00242190 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avutil-lav-52.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 07834946 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avcodec-lav-54.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00379254 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\swscale-lav-2.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00164666 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avfilter-lav-3.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 01251150 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-lav-54.dll
2013-03-19 17:11 - 2013-02-10 20:52 - 00159427 _____ () C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avresample-lav-1.dll
2013-01-23 17:17 - 2010-12-29 04:40 - 00107896 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Smartcard
Description: Smartcard
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (06/25/2014 03:01:06 PM) (Source: MsiInstaller) (EventID: 1024) (User: ich-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (06/25/2014 03:00:39 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm IncMail.exe, Version 6.2.9.5229 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 2edc
Startzeit: 01cf8ea4d2a53bad
Endzeit: 19625
Anwendungspfad: C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
Berichts-ID: a1f75d21-fc68-11e3-84de-0023cdb145e6
Error: (06/12/2014 09:49:49 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm InstantBackup.exe, Version 1.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 10f0
Startzeit: 01cf8612c4790cab
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
Berichts-ID: 1bb92664-f206-11e3-84de-0023cdb145e6
Error: (06/12/2014 09:47:34 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 07:03:06 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 03:33:26 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/12/2014 03:31:35 AM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/10/2014 00:05:31 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/06/2014 03:17:20 PM) (Source: MemeoBackgroundService) (EventID: 0) (User: )
Description: Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException: Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException: Manche oder alle Identitätsverweise konnten nicht übersetzt werden.
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object data)
bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties, IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung ---
bei System.RuntimeMethodHandle._InvokeConstructor(Object[] args, SignatureStruct& signature, IntPtr declaringType)
bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)
bei System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry entry)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData configData, Boolean ensureSecurity)
bei System.Runtime.Remoting.RemotingConfiguration.Configure(String filename, Boolean ensureSecurity)
bei RemoteServerService.MemeoBackgroundService.OnStart(String[] args)
Error: (06/06/2014 00:00:10 PM) (Source: SideBySide) (EventID: 63) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "assemblyIdentity1". Fehler in Manifest- oder Richtliniendatei "assemblyIdentity2" in Zeile assemblyIdentity3.
Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
System errors:
=============
Error: (06/12/2014 09:47:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 09:47:00 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8800345f044, 0xfffff880009e0ed8, 0xfffff880009e0730)C:\Windows\MEMORY.DMP061214-20732-01
Error: (06/12/2014 09:46:59 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.06.2014 um 08:23:44 unerwartet heruntergefahren.
Error: (06/12/2014 07:03:16 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 07:02:44 AM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff8800a185044, 0xfffff8800f01fed8, 0xfffff8800f01f730)C:\Windows\MEMORY.DMP061214-20560-01
Error: (06/12/2014 07:02:43 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 12.06.2014 um 04:49:43 unerwartet heruntergefahren.
Error: (06/12/2014 03:33:32 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/12/2014 03:31:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/10/2014 00:05:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Search Protect by Conduit Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (06/10/2014 00:04:24 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x0000007e (0xffffffffc0000005, 0xfffff88006c91044, 0xfffff8800bb9fed8, 0xfffff8800bb9f730)C:\Windows\MEMORY.DMP061014-26847-01
Microsoft Office Sessions:
=========================
Error: (05/21/2013 03:43:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2013-08-15 06:56:11.038
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-15 04:33:15.525
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:32:48.666
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:24:05.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:00:27.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:49:50.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:42:30.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:33:22.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:25:28.823
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:13:02.770
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 67%
Total physical RAM: 3836.49 MB
Available physical RAM: 1261.77 MB
Total Pagefile: 7671.16 MB
Available Pagefile: 2842.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:243.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:698.64 GB) (Free:273.95 GB) NTFS
Drive e: (PRJ_20140401) (CDROM) (Total:2.78 GB) (Free:0 GB) UDF
Drive f: (KYOCERA) (CDROM) (Total:0.35 GB) (Free:0 GB) CDFS
Drive s: () (Network) (Total:1831.63 GB) (Free:155.91 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A5CC7935)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AE4957B6)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-25 15:38:12
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103UJ rev.1AA01113 931,51GB
Running: lz0v1ppf.exe; Driver: C:\Users\ich\AppData\Local\Temp\uwldrpow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ff2000 45 bytes [FF, FF, FF, FF, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ff202f 16 bytes [00, FF, FF, FF, FF, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76]
.text C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1520] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2848] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007777000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2848] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 00000000777ff8ea 5 bytes JMP 00000001777ad5c1
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[28832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076941465 2 bytes [94, 76]
.text C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe[28832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769414bb 2 bytes [94, 76]
.text ... * 2
---- Processes - GMER 2.1 ----
Process C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (*** suspicious ***) @ C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [17264] (FreemakeUtilsService/Freemake)(2014-06-24 09:24:25) 0000000000cb0000
---- EOF - GMER 2.1 ----
Martin |
|
25.06.2014, 15:12
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Hi,
__________________ist das ein gewerblich genutztes System?
__________________ |
|
25.06.2014, 15:41
| #3 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Hi Cosinus,
__________________nein, der wird rein zu privaten Zwecken verwendet. Ist das ein Problem? Edit: Hab es gerade gelesen, dass ihr keine Hilfe bei gewerblichen Rechner gibt, hatte deine Frage erst andersherum verstanden. Hab den PC recht günstig aus einer Insolvenzmasse eines Planungsbüros geschossen, deshalb ist da auch Lexware drauf. Da das ne Originallizenz ist, hab ich die natürlich nicht runtergeschmissen:-) Der Rechner wird aber von mir nur privat genutzt. Geändert von Knüppelding (25.06.2014 um 16:09 Uhr) |
|
26.06.2014, 08:46
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Also das klingt etws merkwürdig. Du lässt die Software nur drauf weil du sie schon hast aber sonst niemals zu privaten Zecken benötigst? Normalerweise verfolgt man sinnigerweise den Grundsatz, dass man nur das an Software installiert, was man auch unbedingt benötigt. Allein schon um die Angriffsfläche möglichst klein zu halten und das System nicht unnötig zuzumüllen. Bedenklich finde ich auch aus Datenschutzgründen, dass dieser Rechner vor dem Verkauf nicht geplättet wurde. Stell dir vor, da sind Firmen- oder Kundendaten drauf und die kommen in die falschen Hände. Naja wie auch immer, schmeiß erstmal ZoneAlarm runter, das Zeug ist Müll, dann gehts weiter. Melde dich dann. Wenn wir hier durch sind, kümmern wir uns um einen Ersatz (reiner Virenscanner + Windows-Firewall)
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.06.2014, 11:05
| #5 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Ja, das mit den Daten klingt sehr plausibel. Die waren aber soweit ich das gesehen habe, alle zumindest gelöscht. Na ja, und Lexware fand ich insofern interessant, weil ich die Kasse für einen kleinen Verein führe und hatte mir überlegt, mich da mal einzuarbeiten, um damit dann die Buchführung für den Verein zu machen. Liegt aber im Moment noch brach - wie war das mit den guten Vorsätzen? Wie auch immer, Zone Alarm hab ich gerade deinstalliert. |
|
26.06.2014, 11:06
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ --> Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail |
|
26.06.2014, 15:05
| #7 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Combofix läuft gerade, allerdings habe ich gerade eine Absturzmeldung erhalten: "pev.3xe funktioniert nicht mehr" ... So, nach zwei Abstürzen hat Combofix dann funktioniert. Hier ist das Logfile: Code:
ATTFilter Combofix Logfile: Geändert von Knüppelding (26.06.2014 um 15:10 Uhr) |
|
26.06.2014, 18:32
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2014, 10:18
| #9 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Hier die Logs: AdwCleaner: AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 27/06/2014 um 09:58:42
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : ich - ICH-PC
# Gestartet von : C:\Users\ich\Downloads\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : 70e6ca8c
Dienst Gelöscht : CltMngSvc
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
Ordner Gelöscht : C:\Program Files (x86)\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\SearchProtect
Ordner Gelöscht : C:\Program Files (x86)\Uniblue
Ordner Gelöscht : C:\Users\ich\AppData\Local\SearchProtect
Ordner Gelöscht : C:\Users\ich\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\ich\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Ordner Gelöscht : C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Ordner Gelöscht : C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Datei Gelöscht : C:\Users\Public\Desktop\driverscanner.lnk
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\sasnative64.exe
Datei Gelöscht : C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Advanced System Protector_startup
Datei Gelöscht : C:\Windows\Tasks\dsmonitor.job
Datei Gelöscht : C:\Windows\System32\Tasks\dsmonitor
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
Datei Gelöscht : C:\Windows\System32\Tasks\RegClean Pro
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FFB96CC1-7EB3-449D-B827-DB661701C6BB}]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bakijjialdiiboeaknfpmflphhmljfkd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\startnow_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DeAlsFinoderPro.DeAlsFinoderPro
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DeAlsFinoderPro.DeAlsFinoderPro.4.33
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E2A8D720-8918-3263-7D34-98E9D8F9689B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2A8D720-8918-3263-7D34-98E9D8F9689B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E2A8D720-8918-3263-7D34-98E9D8F9689B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E2A8D720-8918-3263-7D34-98E9D8F9689B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E2A8D720-8918-3263-7D34-98E9D8F9689B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\mysearchdial
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Zugo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\SearchProtect
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{779D1843-0043-65D2-D781-8614F17B6222}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Datei : C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.tnljhK.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.[...]
-\\ Google Chrome v35.0.1916.153
*************************
AdwCleaner[R0].txt - [31962 octets] - [27/06/2014 09:09:48]
AdwCleaner[S0].txt - [28032 octets] - [27/06/2014 09:11:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28093 octets] ##########
[/CODE] JRT: JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by ich on 27.06.2014 at 10:10:23,99
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
~~~ Files
Successfully deleted: [File] "C:\Users\ich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.06.2014 at 10:16:42,04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[/CODE] FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-06-2014
Ran by ich (administrator) on ICH-PC on 27-06-2014 10:31:21
Running from C:\Users\ich\Downloads
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Sidebar\sidebar.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Google) C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(IncrediMail, Ltd.) C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Desktop.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
(Mozilla Corporation) C:\Users\ich\Documents\Firefox Browser\App\Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Farbar) C:\Users\ich\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12459112 2013-03-20] (Realtek Semiconductor)
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre8\bin\jusched.exe"
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-01-30] (DivX, LLC)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Smart File Advisor] => C:\Program Files (x86)\Smart File Advisor\sfa.exe [280824 2011-04-04] (Filefacts.net)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\.DEFAULT\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [IncrediMail] => C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [366576 2012-08-27] (IncrediMail, Ltd.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Autodesk Sync] => C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\Policies\Explorer: []
HKU\S-1-5-21-848176774-2792875984-4121021673-1000\...\MountPoints2: {a3f52ee1-a8ff-11e3-aca2-0023cdb145e6} - F:\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Google Calendar Sync.lnk
ShortcutTarget: Google Calendar Sync.lnk -> C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe (Google)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\Windows\system32\AcSignIcon.dll (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD526340D6838CF01
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=ir_14_11_ff&cd=2XzuyEtN2Y1L1QzuyDtD0EyDyEzyyDtD0EyB0A0B0FyB0BtDtN0D0Tzu0SzztDtDtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyEtDtBtAzyyCyBtDtG0A0BzyyBtGzz0BtBzztGyCzzyBtBtGtBtAyB0DyEyCtB0E0EyCtAyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2StB0A0CtByByEzyzytGtC0DyByBtGtAyB0FyBtG0C0ByDzytGyEyCtDtA0FzzyEyB0Dzz0BtC2Q&cr=1158209514&ir=
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - URL hxxp://www.trovigo.com/Results.aspx?gd=&ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP90A2072B-806C-4B98-92A1-89329509C196&q={searchTerms}&SSPV=
SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\..\Interfaces\{4B3B3148-A7B1-448C-888E-89EACCC44958}: [NameServer]192.168.52.1
FireFox:
========
FF ProfilePath: C:\Users\ich\AppData\Roaming\Mozilla\Firefox\Profiles\vzktfttn.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2013-03-19]
FF HKLM-x32\...\Firefox\Extensions: [fmconverter@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox
FF Extension: Freemake Video Converter Plugin - C:\Program Files (x86)\Freemake\Freemake Video Converter\BrowserPlugin\Firefox [2014-06-24]
FF StartMenuInternet: FIREFOX.EXE - C:\Users\ich\Documents\Firefox Browser\App\Firefox\firefox.exe
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Google Docs) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-04]
CHR Extension: (Google Drive) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-04]
CHR Extension: (No Name) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd [2014-06-06]
CHR Extension: (No Name) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkomdlmpkpaidocpojmafalghahemgn [2014-06-22]
CHR Extension: (YouTube) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-04]
CHR Extension: (No Name) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh [2014-03-18]
CHR Extension: (Google Search) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-04]
CHR Extension: (No Name) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbolfgndggfhhpbnkgnpjkfhinclbigj [2014-06-24]
CHR Extension: (No Name) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\njbcheaaplkhblheokaibpndonpnejpe [2014-06-22]
CHR Extension: (Google Wallet) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2013-07-04]
CHR Extension: (Gmail) - C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2013-02-07]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.) [File not signed]
R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2014-05-27] (Freemake) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2103096 2013-12-18] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [37472 2013-04-25] (Advanced Micro Devices, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-03-11] (Disc Soft Ltd)
S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2013-03-20] ( )
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [89432 2012-11-15] (Kaspersky Lab)
R3 KMUSBSC2; C:\Windows\System32\Drivers\KMUSBSC2.sys [48256 2008-01-10] (KYOCERA MITA Corporation)
R3 KMUSBSCN; C:\Windows\System32\Drivers\KMUSBSCN.sys [57984 2007-04-27] (KYOCERA MITA Corporation)
R3 S332x64; C:\Windows\System32\DRIVERS\S332x64.sys [78080 2012-08-13] (Identive )
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704 2014-05-29] (StdLib)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-27 10:23 - 2014-06-27 10:23 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64(1).exe
2014-06-27 10:16 - 2014-06-27 10:16 - 00001199 _____ () C:\Users\ich\Desktop\JRT.txt
2014-06-27 10:10 - 2014-06-27 10:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 10:07 - 2014-06-27 10:07 - 01016261 _____ (Thisisu) C:\Users\ich\Downloads\JRT.exe
2014-06-27 09:56 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-27 09:55 - 2014-06-27 09:55 - 01342659 _____ () C:\Users\ich\Downloads\adwcleaner_3.213.exe
2014-06-27 09:37 - 2014-06-27 10:05 - 00028274 _____ () C:\Users\ich\Desktop\AdwCleaner[S0].txt
2014-06-27 09:09 - 2014-06-27 09:58 - 00000000 ____D () C:\AdwCleaner
2014-06-26 16:02 - 2014-06-26 16:02 - 00028063 _____ () C:\ComboFix.txt
2014-06-26 15:27 - 2014-06-26 15:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 15:25 - 2014-06-26 15:25 - 00918952 _____ (Oracle Corporation) C:\Users\ich\Downloads\jxpiinstall.exe
2014-06-26 15:23 - 2014-06-26 15:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-26 15:23 - 2014-06-26 15:23 - 00000000 ____D () C:\ProgramData\Sun
2014-06-26 12:18 - 2014-06-27 09:47 - 00000000 ___SD () C:\ComboFix
2014-06-26 12:18 - 2014-06-27 09:47 - 00000000 ____D () C:\Windows\erdnt
2014-06-26 12:18 - 2014-06-26 16:03 - 00000000 ____D () C:\Qoobox
2014-06-26 12:18 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-26 12:18 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-26 12:18 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-26 12:18 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-26 12:18 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-26 12:18 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-26 12:18 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-26 12:18 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-26 12:17 - 2014-06-26 12:17 - 05211571 ____R (Swearware) C:\Users\ich\Desktop\ComboFix.exe
2014-06-26 12:04 - 2014-06-26 12:04 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-06-26 12:04 - 2014-06-26 12:04 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-06-26 12:04 - 2014-06-26 12:04 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-26 11:50 - 2014-06-26 11:50 - 00296568 _____ () C:\Windows\Minidump\062614-17628-01.dmp
2014-06-25 20:49 - 2014-06-25 20:50 - 06964080 _____ (TeamViewer GmbH) C:\Users\ich\Desktop\TeamViewer 8.exe
2014-06-25 20:41 - 2014-06-25 20:41 - 00305472 _____ () C:\Windows\Minidump\062514-23618-01.dmp
2014-06-25 15:38 - 2014-06-25 15:38 - 00003387 _____ () C:\Users\ich\Desktop\Gmer.txt
2014-06-25 15:17 - 2014-06-25 15:18 - 00380416 _____ () C:\Users\ich\Downloads\lz0v1ppf.exe
2014-06-25 15:10 - 2014-06-25 15:12 - 00046847 _____ () C:\Users\ich\Downloads\Addition.txt
2014-06-25 15:08 - 2014-06-27 10:31 - 00016081 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-25 15:08 - 2014-06-27 10:31 - 00000000 ____D () C:\FRST
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:25 - 2014-06-27 09:49 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:24 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:23 - 2014-06-24 11:24 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 15:03 - 2014-06-23 08:10 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-11 09:11 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 09:11 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 09:11 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 09:11 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 09:11 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 09:11 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 09:11 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 09:11 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 09:11 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 09:11 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 09:11 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 09:11 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 09:11 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 09:11 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 09:11 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 09:11 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 09:11 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 09:11 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 09:11 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 09:11 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 09:11 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 09:11 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 09:11 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 09:11 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 09:11 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 09:11 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 09:11 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 09:11 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 09:11 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 09:11 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 09:11 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 09:11 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 09:11 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 09:11 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 09:11 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 09:11 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 09:11 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 09:11 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 09:11 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 09:11 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 09:11 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 09:11 - 2013-11-26 13:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-03 22:42 - 2014-05-29 14:40 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:33 - 2014-06-04 10:07 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:33 - 2014-06-02 12:34 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:31 - 2014-06-02 12:34 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
==================== One Month Modified Files and Folders =======
2014-06-27 10:31 - 2014-06-25 15:08 - 00016081 _____ () C:\Users\ich\Downloads\FRST.txt
2014-06-27 10:31 - 2014-06-25 15:08 - 00000000 ____D () C:\FRST
2014-06-27 10:29 - 2013-07-04 13:00 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 10:23 - 2014-06-27 10:23 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64(1).exe
2014-06-27 10:21 - 2013-03-15 14:48 - 01273749 _____ () C:\Windows\WindowsUpdate.log
2014-06-27 10:16 - 2014-06-27 10:16 - 00001199 _____ () C:\Users\ich\Desktop\JRT.txt
2014-06-27 10:14 - 2013-03-15 15:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 10:10 - 2014-06-27 10:10 - 00000000 ____D () C:\Windows\ERUNT
2014-06-27 10:09 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-27 10:09 - 2009-07-14 06:45 - 00017136 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-27 10:08 - 2009-07-14 19:58 - 00700342 _____ () C:\Windows\system32\perfh007.dat
2014-06-27 10:08 - 2009-07-14 19:58 - 00149138 _____ () C:\Windows\system32\perfc007.dat
2014-06-27 10:08 - 2009-07-14 07:13 - 01621940 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-27 10:07 - 2014-06-27 10:07 - 01016261 _____ (Thisisu) C:\Users\ich\Downloads\JRT.exe
2014-06-27 10:05 - 2014-06-27 09:37 - 00028274 _____ () C:\Users\ich\Desktop\AdwCleaner[S0].txt
2014-06-27 10:01 - 2013-07-04 12:59 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-27 10:00 - 2013-08-09 03:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-27 10:00 - 2013-03-18 11:59 - 00047252 _____ () C:\Windows\PFRO.log
2014-06-27 10:00 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-27 10:00 - 2009-07-14 06:51 - 00034793 _____ () C:\Windows\setupact.log
2014-06-27 09:58 - 2014-06-27 09:09 - 00000000 ____D () C:\AdwCleaner
2014-06-27 09:55 - 2014-06-27 09:55 - 01342659 _____ () C:\Users\ich\Downloads\adwcleaner_3.213.exe
2014-06-27 09:51 - 2014-03-11 12:37 - 00000000 ____D () C:\Program Files (x86)\Smart File Advisor
2014-06-27 09:49 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Skype
2014-06-27 09:48 - 2013-03-15 14:52 - 00000000 ____D () C:\Users\ich
2014-06-27 09:47 - 2014-06-26 12:18 - 00000000 ___SD () C:\ComboFix
2014-06-27 09:47 - 2014-06-26 12:18 - 00000000 ____D () C:\Windows\erdnt
2014-06-27 09:47 - 2013-03-15 16:07 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-27 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2014-06-27 09:47 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\AppCompat
2014-06-27 09:11 - 2013-03-15 19:01 - 00000000 ____D () C:\Users\ich\AppData\Roaming\CheckPoint
2014-06-26 16:03 - 2014-06-26 12:18 - 00000000 ____D () C:\Qoobox
2014-06-26 16:02 - 2014-06-26 16:02 - 00028063 _____ () C:\ComboFix.txt
2014-06-26 15:30 - 2014-04-01 07:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-26 15:27 - 2014-06-26 15:27 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-26 15:25 - 2014-06-26 15:25 - 00918952 _____ (Oracle Corporation) C:\Users\ich\Downloads\jxpiinstall.exe
2014-06-26 15:23 - 2014-06-26 15:23 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-06-26 15:23 - 2014-06-26 15:23 - 00000000 ____D () C:\ProgramData\Sun
2014-06-26 15:21 - 2014-04-01 07:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy
2014-06-26 15:18 - 2009-07-14 06:45 - 00611536 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-26 15:16 - 2013-03-16 11:57 - 00000000 ____D () C:\Users\ich\AppData\Local\Mozilla
2014-06-26 15:16 - 2013-03-15 15:06 - 00000000 ____D () C:\Users\ich\AppData\Roaming\GHISLER
2014-06-26 15:16 - 2013-03-15 15:04 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Mozilla
2014-06-26 15:16 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-06-26 13:25 - 2013-03-15 15:04 - 00175152 _____ () C:\Users\ich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-26 12:17 - 2014-06-26 12:17 - 05211571 ____R (Swearware) C:\Users\ich\Desktop\ComboFix.exe
2014-06-26 12:12 - 2013-03-19 14:26 - 00000000 ____D () C:\Users\ich\AppData\Roaming\TeamViewer
2014-06-26 12:04 - 2014-06-26 12:04 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 8.lnk
2014-06-26 12:04 - 2014-06-26 12:04 - 00001162 _____ () C:\Users\Public\Desktop\TeamViewer 8.lnk
2014-06-26 12:04 - 2014-06-26 12:04 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-26 11:50 - 2014-06-26 11:50 - 00296568 _____ () C:\Windows\Minidump\062614-17628-01.dmp
2014-06-26 11:50 - 2013-08-16 16:21 - 599142653 _____ () C:\Windows\MEMORY.DMP
2014-06-26 11:50 - 2013-08-16 16:21 - 00000000 ____D () C:\Windows\Minidump
2014-06-25 20:50 - 2014-06-25 20:49 - 06964080 _____ (TeamViewer GmbH) C:\Users\ich\Desktop\TeamViewer 8.exe
2014-06-25 20:41 - 2014-06-25 20:41 - 00305472 _____ () C:\Windows\Minidump\062514-23618-01.dmp
2014-06-25 15:38 - 2014-06-25 15:38 - 00003387 _____ () C:\Users\ich\Desktop\Gmer.txt
2014-06-25 15:18 - 2014-06-25 15:17 - 00380416 _____ () C:\Users\ich\Downloads\lz0v1ppf.exe
2014-06-25 15:12 - 2014-06-25 15:10 - 00046847 _____ () C:\Users\ich\Downloads\Addition.txt
2014-06-25 15:07 - 2014-06-25 15:07 - 02082816 _____ (Farbar) C:\Users\ich\Downloads\FRST64.exe
2014-06-25 15:07 - 2014-06-25 15:07 - 00000538 _____ () C:\Users\ich\Downloads\defogger_disable.log
2014-06-25 15:07 - 2014-06-25 15:07 - 00000168 _____ () C:\Users\ich\defogger_reenable
2014-06-25 15:06 - 2014-06-25 15:06 - 00050477 _____ () C:\Users\ich\Downloads\Defogger.exe
2014-06-25 15:01 - 2013-12-16 16:30 - 00002286 ____H () C:\Users\ich\Documents\Default.rdp
2014-06-25 14:54 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\ich\temp
2014-06-24 11:27 - 2014-06-24 11:27 - 00000000 ____D () C:\Users\ich\AppData\Roaming\NVIDIA
2014-06-24 11:25 - 2014-06-24 11:25 - 00002517 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\Users\ich\AppData\Local\FreemakeVideoConverter
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 11:25 - 2014-06-24 11:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\Documents\Freemake
2014-06-24 11:25 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00001320 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2014-06-24 11:24 - 2014-06-24 11:23 - 00000000 ____D () C:\Program Files (x86)\Freemake
2014-06-24 11:22 - 2014-06-24 11:22 - 01325576 _____ (Ellora Assets Corporation ) C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe
2014-06-23 08:10 - 2014-06-22 15:03 - 00000000 ____D () C:\ProgramData\1992ce1ac21de8ed
2014-06-22 19:03 - 2014-06-22 19:03 - 00000000 ____D () C:\Users\ich\AppData\Local\Packages
2014-06-22 10:34 - 2009-07-14 04:34 - 00000756 _____ () C:\Windows\win.ini
2014-06-21 09:24 - 2013-07-04 13:00 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 09:24 - 2013-07-04 12:59 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-13 11:26 - 2013-07-04 13:01 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 09:46 - 2014-06-12 09:46 - 00296704 _____ () C:\Windows\Minidump\061214-20732-01.dmp
2014-06-12 07:02 - 2014-06-12 07:02 - 00296416 _____ () C:\Windows\Minidump\061214-20560-01.dmp
2014-06-12 04:10 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 03:11 - 2013-08-15 03:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 03:09 - 2013-03-19 16:23 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 03:09 - 2013-03-15 18:46 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-10 12:11 - 2014-06-10 12:11 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-10 12:11 - 2013-03-15 16:07 - 00001931 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-06-10 12:04 - 2014-06-10 12:04 - 00300544 _____ () C:\Windows\Minidump\061014-26847-01.dmp
2014-06-06 15:16 - 2014-06-06 15:16 - 00300832 _____ () C:\Windows\Minidump\060614-27315-01.dmp
2014-06-06 12:02 - 2013-03-20 12:23 - 00023529 ____H () C:\Windows\SysWOW64\BTImages.dat
2014-06-04 10:07 - 2014-06-02 12:33 - 00000000 ____D () C:\Users\ich\AppData\Roaming\FileZilla
2014-06-02 12:37 - 2014-06-02 12:37 - 00000000 ____D () C:\ProgramData\TEMP
2014-06-02 12:34 - 2014-06-02 12:34 - 00000000 ____D () C:\Users\ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2014-06-02 12:34 - 2014-06-02 12:33 - 04996210 _____ (Tim Kosse) C:\Users\ich\Downloads\FileZilla_3.8.1_win32-setup.exe
2014-06-02 12:34 - 2014-06-02 12:31 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-06-02 12:31 - 2014-06-02 12:31 - 04076719 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup [1].exe
2014-06-02 12:30 - 2014-06-02 12:30 - 00667864 _____ () C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe
2014-06-02 10:15 - 2013-05-08 08:45 - 00000000 ____D () C:\mist
2014-05-30 12:21 - 2014-06-11 09:11 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 09:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 09:11 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 09:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 09:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 09:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 09:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 09:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 09:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 09:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 09:11 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 09:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 09:11 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 09:11 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 09:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 09:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 09:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 09:11 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 09:11 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 09:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 09:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 09:11 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 09:11 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 09:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 09:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 09:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 09:11 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 09:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 09:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 09:11 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 09:11 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 09:11 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 09:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 09:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 09:11 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 09:11 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 09:11 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 09:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 09:11 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 09:11 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 09:11 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 09:11 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 09:11 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 09:11 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 09:11 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 09:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 14:40 - 2014-06-03 22:42 - 00060704 _____ (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
Some content of TEMP:
====================
C:\Users\ich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe
C:\Users\ich\AppData\Local\Temp\nso1810.exe
C:\Users\ich\AppData\Local\Temp\nst1D5E.exe
C:\Users\ich\AppData\Local\Temp\nstC240.exe
C:\Users\ich\AppData\Local\Temp\nsyBB5C.exe
C:\Users\ich\AppData\Local\Temp\optprosetup.exe
C:\Users\ich\AppData\Local\Temp\Quarantine.exe
C:\Users\ich\AppData\Local\Temp\SPSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-25 23:16
==================== End Of Log ============================
--- --- --- [/CODE] Addition: FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-06-2014
Ran by ich at 2014-06-27 10:31:45
Running from C:\Users\ich\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (HKLM\...\{52B28CAD-F49D-47BA-9FFE-29C2E85F0D0B}) (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (HKLM-x32\...\{C070121A-C8C5-4D52-9A7D-D240631BD433}) (Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (HKLM\...\AutoCAD 2014 - Deutsch (German)) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (HKLM-x32\...\Autodesk Content Service) (Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (HKLM-x32\...\{F732FEDA-7713-4428-934B-EF83B8DD65D0}) (Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (HKLM-x32\...\{644F9B19-A462-499C-BF4D-300ABC2A28B1}) (Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (HKLM-x32\...\{51BF3210-B825-4092-8E0D-66D689916E02}) (Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (HKLM\...\Autodesk ReCap) (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
den MailShop Bestellassistenten (HKLM-x32\...\MailShop Bestellassistent_is1) (Version: - )
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.24 - DivX, LLC)
DriverTuner 3.1.0.0 (HKLM-x32\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
FARO LS 1.1.501.0 (64bit) (HKLM-x32\...\{8A470330-70B2-49AD-86AF-79885EF9898A}) (Version: 5.1.0.30630 - FARO Scanner Production)
FileZilla Client 3.8.1 (HKCU\...\FileZilla Client) (Version: 3.8.1 - Tim Kosse)
Firefox Browser (remove only) (HKLM-x32\...\Firefox Browser) (Version: - )
Freemake Video Converter Version 4.1.4 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.4 - Ellora Assets Corporation)
Google Calendar Sync (HKLM-x32\...\Google Calendar Sync) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
IncrediMail (x32 Version: 6.3.9.5260 - IncrediMail) Hidden
IncrediMail 2.0 (HKLM-x32\...\IncrediMail) (Version: 6.3.9.5260 - IncrediMail Ltd.)
IsoBuster 3.0 (HKLM-x32\...\IsoBuster_is1) (Version: 3.0 - Smart Projects)
K-Lite Mega Codec Pack 9.8.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.8.0 - )
Kyocera Product Library (HKLM\...\Kyocera Product Library) (Version: 2.0.0713 - Kyocera Mita Corporation)
Kyocera TWAIN Driver (HKLM-x32\...\InstallShield_{FF21E219-85A1-474F-B4D3-7D0505E21731}) (Version: 1.3.1819 - Kyocera Mita)
Kyocera TWAIN Driver (x32 Version: 1.3.1819 - Kyocera Mita) Hidden
Lexware Abschreibungsrechner (HKLM-x32\...\{204294E8-371C-4DFB-8162-EF5BB4FEBFE1}) (Version: 11.00.04.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware büro easy 2012 Vorteilsedition (HKLM-x32\...\{41581163-87FB-4E8E-92C2-10366F8A3291}) (Version: 25.40.04.0060 - Haufe-Lexware GmbH & Co.KG)
Lexware Elster (HKLM-x32\...\{9EFF1D7C-C4B0-4DEF-965C-261CB9604CD9}) (Version: 12.03.00.0188 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}) (Version: 2.80.00.0007 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{CB21905F-BE58-4DC9-8FC1-6EE2EA210423}) (Version: 16.00.00.0001 - Haufe-Lexware GmbH & Co.KG)
Lexware Sepa Check (x32 Version: 1.00.00.0003 - Haufe-Lexware GmbH & Co.KG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Opera Stable 21.0.1432.67 (HKLM-x32\...\Opera 21.0.1432.67) (Version: 21.0.1432.67 - Opera Software ASA)
Photo Notifier and Animation Creator (HKLM-x32\...\Photo Notifier and Animation Creator) (Version: 1.0.0.1009 - IncrediMail Ltd.)
Photo Notifier and Animation Creator (x32 Version: 1.0.0.1009 - Ihr Firmenname) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6602 - Realtek Semiconductor Corp.)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.0.13074_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
SketchUp Import for AutoCAD 2014 (HKLM-x32\...\{644E9589-F73A-49A4-AC61-A953B9DE5669}) (Version: 1.1.0 - Autodesk)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Smart File Advisor 1.1.1 (HKLM-x32\...\Smart File Advisor_is1) (Version: 1.1.1 - Filefacts.net)
SPR532 SmartCard Reader V1.88 (HKLM-x32\...\{FB8EAB8D-9AA9-464F-8800-613B251C6C3C}) (Version: 1.88 - Identive)
StarMoney (x32 Version: 3.0.6.28 - StarFinanz) Hidden
StarMoney 8.0 S-Edition (HKLM-x32\...\{D68D8330-DFA9-4437-8CB7-F684149EA310}) (Version: 8.0 - Star Finanz GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.221 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.221 - TuneUp Software) Hidden
Turbo Lister 2 (HKLM-x32\...\{8927E07C-97F7-4A54-88FB-D976F50DD46E}) (Version: 2.00.0000 - eBay Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2881065) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{B7EF38F7-1D58-4085-A9A4-0F6C69A5AA1E}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Z-Scan2Send (HKLM-x32\...\{0E062D19-D9B8-4F00-9F1A-3810EA8994F8}) (Version: 3.8.0.16 - IMU Andreas Baumann)
==================== Restore Points =========================
04-06-2014 03:06:17 Windows Update
10-06-2014 10:16:04 Windows Update
12-06-2014 01:03:56 Windows Update
17-06-2014 23:27:27 Windows Update
24-06-2014 19:17:21 Windows Update
26-06-2014 10:18:47 ComboFix created restore point
26-06-2014 13:22:19 Removed Java(TM) 6 Update 21
26-06-2014 13:23:21 Removed Java(TM) 6 Update 13 (64-bit)
26-06-2014 13:24:00 Removed Java 8 Update 5 (64-bit)
26-06-2014 13:26:57 Installed Java 7 Update 60
==================== Hosts content: ==========================
2013-09-06 10:56 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {068E7D48-8B35-485E-BB73-2EDFD4C0AF5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {245F7258-ED71-4D13-ADE4-D192E04243FC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-12-18] (TuneUp Software)
Task: {37A59606-A0D4-4A8D-8F22-78442C7EABA7} - \RegClean Pro No Task File <==== ATTENTION
Task: {3E613ACD-2151-4FB8-9429-70B08193216E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-07-04] (Google Inc.)
Task: {55F28D15-E394-4CE3-8FCD-B8D56B35CCED} - \MySearchDial No Task File <==== ATTENTION
Task: {7FAF3281-F1BC-4950-BD75-510D13D9B3B3} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => c:\Program Files\Java\jre6\bin\jusched.exe
Task: {9D71983D-3CDE-466C-93AC-07E5C46701A0} - System32\Tasks\DivX-Online-Aktualisierungsprogramm => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2013-02-13] ()
Task: {ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E} - \dsmonitor No Task File <==== ATTENTION
Task: {D1DF2E52-B9DC-4ACB-A61A-424461CA679B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {E90989A3-C42A-401C-A9BA-CAF794FF2298} - \Advanced System Protector_startup No Task File <==== ATTENTION
Task: {FA6CCC18-19B3-4773-AEFE-5462F46C19D0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {FC41EEA0-5753-403F-BA1A-1CDC41815C30} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2011-07-31] (Haufe-Lexware GmbH & Co. KG)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-08-09 03:02 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-12-18 11:01 - 2013-12-18 11:01 - 00742200 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00033128 _____ () C:\Program Files (x86)\IncrediMail\Bin\IMHttpComm.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00072104 _____ () C:\Program Files (x86)\IncrediMail\Bin\wlessfp1.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00268712 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImLookExU.dll
2013-01-23 17:17 - 2010-12-29 04:40 - 00107896 _____ () C:\Program Files (x86)\IncrediMail\Bin\pmc.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00133544 _____ () C:\Program Files (x86)\IncrediMail\Bin\ImComUtlU.dll
2013-03-18 09:55 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files (x86)\StarMoney 8.0 S-Edition\ouservice\PATCHW32.dll
2013-03-15 15:03 - 2013-03-15 15:03 - 00080296 _____ () C:\Program Files (x86)\IncrediMail\bin\ImAppRU.dll
2014-05-12 13:35 - 2014-06-22 20:03 - 03852912 _____ () C:\Users\ich\Documents\Firefox Browser\App\Firefox\mozjs.dll
2014-05-14 16:15 - 2014-05-14 16:15 - 16361136 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Smartcard
Description: Smartcard
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
Error: (05/21/2013 03:43:59 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 133 seconds with 0 seconds of active time. This session ended with a crash.
CodeIntegrity Errors:
===================================
Date: 2014-06-26 15:44:58.843
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-06-26 15:44:58.763
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-08-15 06:56:11.038
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-15 04:33:15.525
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:32:48.666
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:24:05.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 10:00:27.723
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:49:50.245
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:42:30.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-08-08 09:33:22.680
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3836.49 MB
Available physical RAM: 2196.16 MB
Total Pagefile: 7671.16 MB
Available Pagefile: 5782.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.51 GB) (Free:249.1 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:698.64 GB) (Free:276.5 GB) NTFS
Drive e: (PRJ_20140401) (CDROM) (Total:2.78 GB) (Free:0 GB) UDF
Drive s: () (Network) (Total:1831.63 GB) (Free:155.91 GB)
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 699 GB) (Disk ID: A5CC7935)
Partition 1: (Not Active) - (Size=699 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AE4957B6)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
27.06.2014, 10:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704 2014-05-29] (StdLib)
Task: {37A59606-A0D4-4A8D-8F22-78442C7EABA7} - \RegClean Pro No Task File <==== ATTENTION
Task: {55F28D15-E394-4CE3-8FCD-B8D56B35CCED} - \MySearchDial No Task File <==== ATTENTION
Task: {ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E} - \dsmonitor No Task File <==== ATTENTION
Task: {E90989A3-C42A-401C-A9BA-CAF794FF2298} - \Advanced System Protector_startup No Task File <==== ATTENTION
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
C:\ProgramData\1992ce1ac21de8ed
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.06.2014, 12:22
| #11 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer MailCode:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 25-06-2014
Ran by ich at 2014-06-27 13:21:31 Run:1
Running from C:\Users\ich\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}w64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys [60704 2014-05-29] (StdLib)
Task: {37A59606-A0D4-4A8D-8F22-78442C7EABA7} - \RegClean Pro No Task File <==== ATTENTION
Task: {55F28D15-E394-4CE3-8FCD-B8D56B35CCED} - \MySearchDial No Task File <==== ATTENTION
Task: {ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E} - \dsmonitor No Task File <==== ATTENTION
Task: {E90989A3-C42A-401C-A9BA-CAF794FF2298} - \Advanced System Protector_startup No Task File <==== ATTENTION
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys
C:\ProgramData\1992ce1ac21de8ed
*****************
'HKLM\SOFTWARE\Policies\Google' => Key deleted successfully.
{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64 => Service stopped successfully.
{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64 => Service deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{37A59606-A0D4-4A8D-8F22-78442C7EABA7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{37A59606-A0D4-4A8D-8F22-78442C7EABA7}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55F28D15-E394-4CE3-8FCD-B8D56B35CCED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55F28D15-E394-4CE3-8FCD-B8D56B35CCED}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySearchDial' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADEE556E-FF1A-4AF8-8DA9-7BDE3A60B86E}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\dsmonitor' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E90989A3-C42A-401C-A9BA-CAF794FF2298}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E90989A3-C42A-401C-A9BA-CAF794FF2298}' => Key deleted successfully.
'HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Advanced System Protector_startup' => Key deleted successfully.
C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}w64.sys => Moved successfully.
C:\ProgramData\1992ce1ac21de8ed => Moved successfully.
==== End of Fixlog ====
|
|
27.06.2014, 13:46
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.06.2014, 10:03
| #13 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail MBAM: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 27.06.2014 Suchlauf-Zeit: 16:27:01 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.27.05 Rootkit Datenbank: v2014.06.23.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: ich Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 326046 Verstrichene Zeit: 8 Min, 24 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 1 PUP.Optional.NewTab.A, C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd, In Quarantäne, [ee835429bbc0e452efef4065a85aab55], Dateien: 9 PUP.Optional.Conduit.A, C:\Users\ich\AppData\Local\Temp\nso1810.exe, In Quarantäne, [59183e3fbebdcb6bff3d3354b150f709], PUP.Optional.Conduit.A, C:\Users\ich\AppData\Local\Temp\nst1D5E.exe, In Quarantäne, [6d0475083645b48265d7adda7988926e], PUP.Optional.Conduit.A, C:\Users\ich\AppData\Local\Temp\nstC240.exe, In Quarantäne, [bfb2423bc9b2e551e5576621df2242be], PUP.Optional.Conduit.A, C:\Users\ich\AppData\Local\Temp\nsyBB5C.exe, In Quarantäne, [3f3238452f4ca29486b6f09716ebc838], PUP.Optional.SearchProtect.A, C:\Users\ich\AppData\Local\Temp\SPSetup.exe, In Quarantäne, [28493d40700b3cfa0062801114ed38c8], PUP.Optional.OpenCandy, C:\Users\ich\Downloads\DTLite4481-0347.exe, In Quarantäne, [c2af324b6f0c68cedaad812ca95b847c], Trojan.Strictor, C:\Users\ich\Downloads\Z scan2send 3.0 keygen.exe, In Quarantäne, [73fe027bfd7e70c634d8a3b1bd444bb5], PUP.Optional.NewTab.A, C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage, In Quarantäne, [4b267706710a2e083ea1e91a8084dc24], PUP.Optional.NewTab.A, C:\Users\ich\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bakijjialdiiboeaknfpmflphhmljfkd_0.localstorage-journal, In Quarantäne, [2849532a5a21f244489701023dc7f010], Physische Sektoren: 0 (No malicious items detected) (end) ESET: Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=285c1d9858d9364eb9d1ada6e6e07e49
# engine=18917
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-27 04:28:28
# local_time=2014-06-27 06:28:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 30915 155516358 0 0
# scanned=220370
# found=46
# cleaned=0
# scan_time=5120
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IncrediMail_MediaBar_2\tbInc1.dll.vir"
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll.vir"
sh=506DAD297BB816ABB037F7BC7EEF85C6DABA78D0 ft=1 fh=170d2b39611042a0 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=5338817F8BF7E131E63F39FA981869B7B6EC5AB5 ft=1 fh=3042cff9d66adae0 vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir"
sh=3BCCF906A196D5100A6B78C73457B8C27C587058 ft=1 fh=8e6c2dd3375ae8f1 vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=30285CFB31450D66315EA5CFBF9C6AA8103D85FB ft=1 fh=4f8559a9423b21b3 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir"
sh=D32F0FDADF60DB90AD2A77D5A4603A41267C14F5 ft=1 fh=bfcbfa2d39a80210 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=F3A519FEA87537A9C5B878C46E968B81CABB7EC1 ft=1 fh=4ad970790352d11e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir"
sh=6FE1B471FD52A5F3B15FB5BE6741D12A59AA25D7 ft=1 fh=769d0ad4f9691f61 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=14F1C7C2EF88143C6B747354682BC9E17BF4A505 ft=1 fh=de9bc436b4e84ec0 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=3A8E78954083E4716AA6C15FD8676BC0B76A8560 ft=1 fh=aac886c419c57bdd vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=D0AF956DA9B991461DBDC53FEECCC42352968886 ft=1 fh=6df2a6f459a47c08 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=668814F50C9E52AAD4664905A79DC7E1EDD9D704 ft=1 fh=17d3482ebc258b23 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ich\AppData\Roaming\OpenCandy\87F3045A91034884B4C9B31480B5ECE4\sp-downloader.exe.vir"
sh=BC7F6756E76FAF672ED4C176B2DFC2CEDE7DC8CA ft=1 fh=894a45bc0255cd5b vn="Variante von Win32/Keygen.HA potenziell unsichere Anwendung" ac=I fn="C:\mist\keygen\xf-adsk64.exe"
sh=8068EB4D7B7FCDC91FE23D8EBC325E55A654DDE6 ft=1 fh=aca2fb68c7a53c8e vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=A893D4F8C879E48BCC8EF252C92FF6FE51DE5F03 ft=1 fh=7af50601de6215a5 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=2E242807248C7FFB16FC0A6CCEABED819AA4A30C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip"
sh=B27A84ABCA455E68027CC6A4AED41A3A18B2F0A7 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro15.zip"
sh=6FE1B471FD52A5F3B15FB5BE6741D12A59AA25D7 ft=1 fh=769d0ad4f9691f61 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=14F1C7C2EF88143C6B747354682BC9E17BF4A505 ft=1 fh=de9bc436b4e84ec0 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=3A8E78954083E4716AA6C15FD8676BC0B76A8560 ft=1 fh=aac886c419c57bdd vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=D0AF956DA9B991461DBDC53FEECCC42352968886 ft=1 fh=6df2a6f459a47c08 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=668814F50C9E52AAD4664905A79DC7E1EDD9D704 ft=1 fh=17d3482ebc258b23 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=2E242807248C7FFB16FC0A6CCEABED819AA4A30C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip"
sh=B27A84ABCA455E68027CC6A4AED41A3A18B2F0A7 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro15.zip"
sh=4C097D4BEAA75A6394C21D0A3D997A5E2A3FE00F ft=0 fh=0000000000000000 vn="Win32/Emotet.AA Trojaner" ac=I fn="C:\Users\ich\AppData\Local\IM\Identities\{3EE2526F-D1A7-4619-9947-A60374E1037A}\Message Store\Attachments\2014_06rechnung_67563324691233_sign.zip"
sh=F86DE140D0A493E978944C40162B87AFB83DD0F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.BGCD Trojaner" ac=I fn="C:\Users\ich\AppData\Local\IM\Identities\{3EE2526F-D1A7-4619-9947-A60374E1037A}\Message Store\Attachments\fax_B2342D2C1212A2423F30.zip"
sh=8C7D6F8B00DF702851C5834E1C4A8B1E2141BA8E ft=1 fh=a274282234ec09b4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUM5WPT3\SPSetup[1].exe"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZAX1DJF\spstub[1].exe"
sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe"
sh=FA0A84A102325374F455A7B12EB1C998E8719D11 ft=1 fh=54b63c39bab0ee86 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\ich\AppData\Local\Temp\optprosetup.exe"
sh=520F0D8B3803CE096F70144A06515FD3103AC38E ft=1 fh=ee3be8126730583a vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Temp\is1751165634\426215921_stp\OptimizerPro_600.exe"
sh=CEC6D5B7D6F8A2D613069F3D0F882CFE23C4B92A ft=1 fh=d853b3542beb8cb3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\Downloads\ac3filter_2_5b.exe"
sh=973A5801DC32C3B565C0ABA0F18DE1CEB8134F67 ft=1 fh=c71c00114a9ca8d1 vn="Variante von Win32/InstallCore.OG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe"
sh=F28137A9C28D2B6A2281274D29121449EE6F3120 ft=1 fh=646c1af7ad51374b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe"
sh=3D8D8E1E61288F409B90DF54E13B10166777C763 ft=0 fh=0000000000000000 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\IsoBuster.3.0.Pro.Final.Multilangual.Bussiness-Serial-Internal-VSO_mov-world.net.rar"
sh=945F3479479D3E0645D3A4D6B53762FF06AC4C13 ft=1 fh=8695d40ef5c846b6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\windows-7-service-pack-1-64-bit.exe"
sh=CA93F551F47686F132C9F17E0247E4068DCB2CB1 ft=1 fh=e47c41f0d041cd21 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zafwSetupWeb_110_000_504.exe"
sh=ED7355A316782251BCDBD3DEEDBF63CA9E2B4ADF ft=1 fh=ce9ba4db6ccdbbb2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zafwSetupWeb_120_104_000.exe"
sh=8BB167ED9A9AFE73A153B41B3DE2C76201EB0AA2 ft=1 fh=5452131db29a51e2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_000_057.exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000(1).exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000(2).exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000.exe"
sh=91383B640994B28642F80210309D5A1B633BB16A ft=1 fh=41c1ed006122fdcf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_120_118_000(1).exe"
sh=91383B640994B28642F80210309D5A1B633BB16A ft=1 fh=41c1ed006122fdcf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_120_118_000.exe"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=285c1d9858d9364eb9d1ada6e6e07e49
# engine=18923
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-28 08:55:07
# local_time=2014-06-28 10:55:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 90114 155575557 0 0
# scanned=220452
# found=46
# cleaned=0
# scan_time=5133
sh=57CD8DEAF43DF3A2F4703E5219A69935B119D0DB ft=1 fh=311781f1ea21501f vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IncrediMail_MediaBar_2\tbInc1.dll.vir"
sh=F0BB5A9D05FF1097B1D41A7721580EF8EBA21735 ft=1 fh=ba8b584196e26284 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll.vir"
sh=506DAD297BB816ABB037F7BC7EEF85C6DABA78D0 ft=1 fh=170d2b39611042a0 vn="Variante von Win32/SpeedingUpMyPC Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptimizerPro.exe.vir"
sh=5338817F8BF7E131E63F39FA981869B7B6EC5AB5 ft=1 fh=3042cff9d66adae0 vn="Variante von Win32/SProtector.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash.dll.vir"
sh=3BCCF906A196D5100A6B78C73457B8C27C587058 ft=1 fh=8e6c2dd3375ae8f1 vn="Variante von Win32/SProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll.vir"
sh=30285CFB31450D66315EA5CFBF9C6AA8103D85FB ft=1 fh=4f8559a9423b21b3 vn="Variante von Win64/SProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProCrash_x64.dll.vir"
sh=D32F0FDADF60DB90AD2A77D5A4603A41267C14F5 ft=1 fh=bfcbfa2d39a80210 vn="Variante von Win32/AdWare.SpeedingUpMyPC.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProLauncher.exe.vir"
sh=F3A519FEA87537A9C5B878C46E968B81CABB7EC1 ft=1 fh=4ad970790352d11e vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe.vir"
sh=6FE1B471FD52A5F3B15FB5BE6741D12A59AA25D7 ft=1 fh=769d0ad4f9691f61 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=14F1C7C2EF88143C6B747354682BC9E17BF4A505 ft=1 fh=de9bc436b4e84ec0 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=3A8E78954083E4716AA6C15FD8676BC0B76A8560 ft=1 fh=aac886c419c57bdd vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=D0AF956DA9B991461DBDC53FEECCC42352968886 ft=1 fh=6df2a6f459a47c08 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=668814F50C9E52AAD4664905A79DC7E1EDD9D704 ft=1 fh=17d3482ebc258b23 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=C4420C6E94B8CAACCB3811384280D8A93CB0A37D ft=1 fh=25f111c507a31a21 vn="Win32/Toolbar.Conduit.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\ich\AppData\Roaming\OpenCandy\87F3045A91034884B4C9B31480B5ECE4\sp-downloader.exe.vir"
sh=BC7F6756E76FAF672ED4C176B2DFC2CEDE7DC8CA ft=1 fh=894a45bc0255cd5b vn="Variante von Win32/Keygen.HA potenziell unsichere Anwendung" ac=I fn="C:\mist\keygen\xf-adsk64.exe"
sh=8068EB4D7B7FCDC91FE23D8EBC325E55A654DDE6 ft=1 fh=aca2fb68c7a53c8e vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa.exe"
sh=A893D4F8C879E48BCC8EF252C92FF6FE51DE5F03 ft=1 fh=7af50601de6215a5 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=2E242807248C7FFB16FC0A6CCEABED819AA4A30C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip"
sh=B27A84ABCA455E68027CC6A4AED41A3A18B2F0A7 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\ProgramData\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro15.zip"
sh=6FE1B471FD52A5F3B15FB5BE6741D12A59AA25D7 ft=1 fh=769d0ad4f9691f61 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=14F1C7C2EF88143C6B747354682BC9E17BF4A505 ft=1 fh=de9bc436b4e84ec0 vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=3A8E78954083E4716AA6C15FD8676BC0B76A8560 ft=1 fh=aac886c419c57bdd vn="möglicherweise Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=D0AF956DA9B991461DBDC53FEECCC42352968886 ft=1 fh=6df2a6f459a47c08 vn="Variante von Win32/Conduit.SearchProtect.I evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=668814F50C9E52AAD4664905A79DC7E1EDD9D704 ft=1 fh=17d3482ebc258b23 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=2E242807248C7FFB16FC0A6CCEABED819AA4A30C ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro1.zip"
sh=B27A84ABCA455E68027CC6A4AED41A3A18B2F0A7 ft=0 fh=0000000000000000 vn="Win32/Bagle.gen.zip Wurm" ac=I fn="C:\Users\All Users\Spybot - Search & Destroy\Recovery\PCUtilitiesOptimizerPro15.zip"
sh=4C097D4BEAA75A6394C21D0A3D997A5E2A3FE00F ft=0 fh=0000000000000000 vn="Win32/Emotet.AA Trojaner" ac=I fn="C:\Users\ich\AppData\Local\IM\Identities\{3EE2526F-D1A7-4619-9947-A60374E1037A}\Message Store\Attachments\2014_06rechnung_67563324691233_sign.zip"
sh=F86DE140D0A493E978944C40162B87AFB83DD0F1 ft=0 fh=0000000000000000 vn="Variante von Win32/Injector.BGCD Trojaner" ac=I fn="C:\Users\ich\AppData\Local\IM\Identities\{3EE2526F-D1A7-4619-9947-A60374E1037A}\Message Store\Attachments\fax_B2342D2C1212A2423F30.zip"
sh=8C7D6F8B00DF702851C5834E1C4A8B1E2141BA8E ft=1 fh=a274282234ec09b4 vn="Variante von Win32/Conduit.SearchProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VUM5WPT3\SPSetup[1].exe"
sh=C8ED85CBB679DFF0D72E7D8C79CE5E74B5EFADE0 ft=1 fh=37dd7ede875c1f3d vn="Variante von Win32/Conduit.SearchProtect.N evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WZAX1DJF\spstub[1].exe"
sh=3AB435FCF59A46DF0272F814BF2020AF97063F31 ft=1 fh=14cbd1b40b619cb5 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Temp\FreemakeVideoConverter_4.1.4.1.exe"
sh=FA0A84A102325374F455A7B12EB1C998E8719D11 ft=1 fh=54b63c39bab0ee86 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\ich\AppData\Local\Temp\optprosetup.exe"
sh=520F0D8B3803CE096F70144A06515FD3103AC38E ft=1 fh=ee3be8126730583a vn="Variante von Win32/AdWare.SpeedingUpMyPC.N Anwendung" ac=I fn="C:\Users\ich\AppData\Local\Temp\is1751165634\426215921_stp\OptimizerPro_600.exe"
sh=CEC6D5B7D6F8A2D613069F3D0F882CFE23C4B92A ft=1 fh=d853b3542beb8cb3 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\Downloads\ac3filter_2_5b.exe"
sh=973A5801DC32C3B565C0ABA0F18DE1CEB8134F67 ft=1 fh=c71c00114a9ca8d1 vn="Variante von Win32/InstallCore.OG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\FileZilla_3.2.7.1_win32-setup.exe"
sh=F28137A9C28D2B6A2281274D29121449EE6F3120 ft=1 fh=646c1af7ad51374b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\ich\Downloads\FreemakeVideoConverterSetup.exe"
sh=3D8D8E1E61288F409B90DF54E13B10166777C763 ft=0 fh=0000000000000000 vn="Variante von Win32/SmartFileAdvisor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\IsoBuster.3.0.Pro.Final.Multilangual.Bussiness-Serial-Internal-VSO_mov-world.net.rar"
sh=945F3479479D3E0645D3A4D6B53762FF06AC4C13 ft=1 fh=8695d40ef5c846b6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\windows-7-service-pack-1-64-bit.exe"
sh=CA93F551F47686F132C9F17E0247E4068DCB2CB1 ft=1 fh=e47c41f0d041cd21 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zafwSetupWeb_110_000_504.exe"
sh=ED7355A316782251BCDBD3DEEDBF63CA9E2B4ADF ft=1 fh=ce9ba4db6ccdbbb2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zafwSetupWeb_120_104_000.exe"
sh=8BB167ED9A9AFE73A153B41B3DE2C76201EB0AA2 ft=1 fh=5452131db29a51e2 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_000_057.exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000(1).exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000(2).exe"
sh=8830B8D7CD0FEBD8E8DCEB95FCB0315FC17E03D5 ft=1 fh=a42b4b81f0781c56 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_110_768_000.exe"
sh=91383B640994B28642F80210309D5A1B633BB16A ft=1 fh=41c1ed006122fdcf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_120_118_000(1).exe"
sh=91383B640994B28642F80210309D5A1B633BB16A ft=1 fh=41c1ed006122fdcf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\ich\Downloads\zaSetupWeb_120_118_000.exe"
|
|
28.06.2014, 20:08
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer MailZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2014, 09:26
| #15 |
| | Rechner extrem langsam nach versehentlichem Öffnen eines Anhangs einer Mail OK, gelöscht und deinstalliert. Was nun? |
|
WARNUNG an die MITLESER: 
