dieselyogi | 01.02.2014 18:52 | defogger_disable Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:14 on 01/02/2014 (mifoerst)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 03
Ran by mifoerst (administrator) on SKULLBONE on 01-02-2014 14:16:14
Running from C:\Users\mifoerst\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
(Programming Sunrise) C:\Program Files\KooRaRoo Media\KooRaRooMediaServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
() C:\ProgramData\QuickSet\SK.Enhancer\SK.Enhancer.exe
() C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(ITSamples.com) C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\FwebProt.exe
(AVM Berlin) C:\Program Files\FRITZ!DSL\StCenter.exe
() C:\Program Files (x86)\KatMouse\KatMouse.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-02] (Intel(R) Corporation)
HKLM\...\Run: [THXCfg64] - C:\Windows\system32\THXCfg64.dll [25600 2010-09-14] (Creative Technology Ltd.)
HKLM\...\Run: [Cm108Sound] - C:\Windows\Syswow64\cm108.dll [8146944 2009-09-07] (C-Media Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [THX Audio Control Panel] - C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1374720 2010-11-01] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [VirtualCloneDrive] - C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [162856 2013-07-22] (Geek Software GmbH)
HKLM-x32\...\Run: [LGODDFU] - C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-12] (Bitleader)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-4181698632-867033564-3789602947-1000\...\Run: [NetworkIndicator] - C:\Program Files (x86)\NetworkIndicator\NetworkIndicator.exe [344064 2010-10-25] (ITSamples.com)
AppInit_DLLs: C:\PROGRA~3\BROWSE~1\BROWSE~2.DLL => C:\ProgramData\Browser Stabilizer\BrowserStabilizer_x64.dll [4204032 2013-12-27] ()
AppInit_DLLs-x32: c:\progra~3\browse~1\browse~1.dll => C:\ProgramData\Browser Stabilizer\BrowserStabilizer.dll [4240896 2013-12-27] ()
Startup: C:\Users\mifoerst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutoHotkeyU64.exe - Verknüpfung.lnk
ShortcutTarget: AutoHotkeyU64.exe - Verknüpfung.lnk -> C:\Program Files\AutoHotkey\AutoHotkeyU64.exe (No File)
Startup: C:\Users\mifoerst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Startcenter.lnk
ShortcutTarget: FRITZ!DSL Startcenter.lnk -> C:\Users\mifoerst\AppData\Roaming\Microsoft\Installer\{2D5D9603-22CF-4B99-83F6-0CD20330F62E}\Icon8CF9C550.exe ()
Startup: C:\Users\mifoerst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KatMouse.lnk
ShortcutTarget: KatMouse.lnk -> C:\Program Files (x86)\KatMouse\KatMouse.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e9904d5b-aeb8-82df-f5b8-52d7ea00e1fa&searchtype=ds&q={searchTerms}&installDate=10/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchbomb.info/?pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e9904d5b-aeb8-82df-f5b8-52d7ea00e1fa&searchtype=ds&q={searchTerms}&installDate=10/10/2013
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372965757647&tguid=46364-3869-1372965757647-2AA16466C7CD2168981FD7FE8084D69A&st=chrome&q=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.searchbomb.info/?pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=46364&tid=3869&ver=3.2&ts=1372965757647&tguid=46364-3869-1372965757647-2AA16466C7CD2168981FD7FE8084D69A&st=chrome&q=
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=TJ&userid=e9904d5b-aeb8-82df-f5b8-52d7ea00e1fa&searchtype=ds&q={searchTerms}&installDate=10/10/2013
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=TJ&userid=e9904d5b-aeb8-82df-f5b8-52d7ea00e1fa&searchtype=ds&q={searchTerms}&installDate=10/10/2013
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=DE&userid=e9904d5b-aeb8-82df-f5b8-52d7ea00e1fa&searchtype=ds&q={searchTerms}&installDate=10/10/2013
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchbomb.info/?l=1&q={searchTerms}&pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WWatchItAdBlocke - {B6920DDC-0C32-80CF-BAD8-81A0C6A7B30A} - C:\ProgramData\WWatchItAdBlocke\Z1hZRumYI.x64.dll ()
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WWatchItAdBlocke - {B6920DDC-0C32-80CF-BAD8-81A0C6A7B30A} - C:\ProgramData\WWatchItAdBlocke\Z1hZRumYI.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog5 10 %ProgramFiles(x86)%\FRITZ!DSL\\sarah.dll File Not found ()
Winsock: Catalog9 01 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog9 15 C:\Program Files (x86)\FRITZ!DSL\\sarah.dll [28472] (AVM Berlin)
Winsock: Catalog5-x64 10 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 01 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 02 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 03 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Winsock: Catalog9-x64 15 %ProgramFiles%\FRITZ!DSL\\sarah.dll [34104] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800
FF user.js: detected! => C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\user.js
FF DefaultSearchEngine: Wikipedia (de)
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: https://startpage.com/do/mypage.pl?prf=22fc2d9afeec178a2caa67ec0849a39e
FF Keyword.URL: hxxp://websearch.searchbomb.info/?pid=377&r=2013/11/29&hid=1326314432059202310&lg=EN&cc=DE&unqvl=42&l=1&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.6 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\searchplugins\startpage-http---deutsch.xml
FF SearchPlugin: C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\searchplugins\startpage-https---deutsch.xml
FF SearchPlugin: C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WWatchItAdBlocke - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\aei9x@oiyoay-.edu [2014-01-31]
FF Extension: NetVideoHunter - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\netvideohunter@netvideohunter.com [2013-12-31]
FF Extension: ColorfulTabs - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-01-22]
FF Extension: Flashblock - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-12-31]
FF Extension: CSHelper - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473} [2013-12-31]
FF Extension: Status-4-Evar - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\status4evar@caligonstudios.com.xpi [2013-12-31]
FF Extension: Download Status Bar - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-01-22]
FF Extension: NoScript - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-12-31]
FF Extension: BugMeNot - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{987311C6-B504-4aa2-90BF-60CC49808D42}.xpi [2013-12-31]
FF Extension: FireFTP button - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{9BAE5926-8513-417d-8E47-774955A7C60D}.xpi [2013-12-31]
FF Extension: FireFTP - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi [2013-12-31]
FF Extension: Adblock Plus - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-31]
FF Extension: Tab Mix Plus - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-31]
FF Extension: DownThemAll! - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-12-31]
FF Extension: WorldIP - C:\Users\mifoerst\AppData\Roaming\Mozilla\Firefox\Profiles\fwd4xbhn.default-1369154230800\Extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}.xpi [2013-12-31]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-07-18]
FF HKLM-x32\...\Firefox\Extensions: [{5FE7198A-5950-4068-9FBF-1A60395CC4E9}] - C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox
FF Extension: 1&1 SoftPhone - C:\Program Files (x86)\1&1\1&1 SoftPhone\Firefox [2013-08-21]
FF HKLM-x32\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\ocr@babylon.com
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: ""
CHR Extension: (No Name) - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmngdafhphhngbbglfddamicpllkanak [2013-11-29]
CHR Extension: (SweetIM for Facebook) - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2013-11-28]
CHR Extension: (EnjeoyCoouupoan) - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcokagikdhoalceoikcopjpdbdjhigoc [2013-12-31]
CHR Extension: (Google Wallet) - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-28]
CHR Extension: (Mehr Leistung und Videoformate f\xC3\xBCr dein HTML5 <video>) - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2012-07-18]
CHR Extension: (CheapME) - C:\ProgramData\hmhfdagmigjmecakafcknfcnicmakgkj [2013-12-31]
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\mifoerst\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-12-30]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 2db04d42; C:\ProgramData\Browser Stabilizer\BrowserStabilizerSvc.dll [180048 2013-12-27] ()
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [242664 2012-05-09] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)
R2 CyberLink PowerDVD 13 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)
R2 IGDCTRL; C:\Program Files\FRITZ!DSL\IGDCTRL.EXE [88888 2009-07-28] (AVM Berlin)
R2 KooRaRooMediaServer; C:\Program Files\KooRaRoo Media\KooRaRooMediaServer.exe [6094008 2013-03-22] (Programming Sunrise)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-02] ()
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
R2 PowerBiosServer; C:\Program Files (x86)\Hotkey\PowerBiosServer.exe [33792 2011-02-15] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390672 2012-12-21] ()
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2012-06-28] ()
S2 SystemStoreService; C:\Program Files\SoftwareUpdater\SystemStore.exe [297984 2014-01-21] ()
==================== Drivers (Whitelisted) ====================
S3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2012-10-25] (GEAR Software Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; C:\Program Files (x86)\CyberLink\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 EverestDriver; \??\C:\Program Files (x86)\Lavalys\EVEREST Ultimate Edition\kerneld.amd64 [x]
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-01 14:14 - 2014-02-01 14:16 - 00026019 _____ () C:\Users\mifoerst\Desktop\FRST.txt
2014-02-01 14:13 - 2014-02-01 14:13 - 02080256 _____ (Farbar) C:\Users\mifoerst\Desktop\FRST64.exe
2014-02-01 14:12 - 2014-02-01 14:12 - 00000478 _____ () C:\Users\mifoerst\Desktop\defogger_disable.log
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 _____ () C:\Users\mifoerst\defogger_reenable
2014-02-01 14:10 - 2014-02-01 14:10 - 00050477 _____ () C:\Users\mifoerst\Desktop\Defogger.exe
2014-02-01 13:29 - 2014-02-01 14:16 - 00000000 ____D () C:\FRST
2014-01-31 00:32 - 2014-01-31 00:32 - 00000000 ____D () C:\ProgramData\WWatchItAdBlocke
2014-01-31 00:32 - 2014-01-31 00:32 - 00000000 ____D () C:\ProgramData\fidjaklomdnamkgohngajfnikaadkgej
2014-01-30 23:13 - 2014-01-30 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Mathematics Add-in
2014-01-30 23:10 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-01-30 23:10 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-01-30 23:09 - 2014-01-30 23:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics
2014-01-21 18:06 - 2014-01-21 18:06 - 00000000 ____D () C:\Users\mifoerst\AppData\Local\SoftwareUpdater
2014-01-19 11:03 - 2014-01-31 04:17 - 00035123 _____ () C:\Users\mifoerst\Desktop\Gewichtsverlauf_2014.xlsx
2014-01-17 18:11 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-17 18:11 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-17 18:11 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-17 18:11 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-17 18:10 - 2014-01-17 18:11 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 18:09 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-17 18:09 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-17 18:09 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-17 18:09 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-07 05:23 - 2014-01-07 05:23 - 00000000 ____D () C:\Users\mifoerst\AppData\Local\IsolatedStorage
2014-01-05 03:31 - 2014-01-05 03:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-05 03:28 - 2014-01-17 18:11 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-05 01:52 - 2014-01-05 01:52 - 00003234 _____ () C:\Windows\System32\Tasks\{02BCE6A5-97D1-4D11-A99E-943297361973}
2014-01-03 13:19 - 2014-01-03 13:19 - 00406304 _____ () C:\Windows\Minidump\010314-73289-01.dmp
2014-01-03 13:18 - 2014-01-03 13:18 - 606307090 _____ () C:\Windows\MEMORY.DMP
==================== One Month Modified Files and Folders =======
2014-02-01 14:16 - 2014-02-01 14:14 - 00026019 _____ () C:\Users\mifoerst\Desktop\FRST.txt
2014-02-01 14:16 - 2014-02-01 13:29 - 00000000 ____D () C:\FRST
2014-02-01 14:13 - 2014-02-01 14:13 - 02080256 _____ (Farbar) C:\Users\mifoerst\Desktop\FRST64.exe
2014-02-01 14:12 - 2014-02-01 14:12 - 00000478 _____ () C:\Users\mifoerst\Desktop\defogger_disable.log
2014-02-01 14:12 - 2014-02-01 14:12 - 00000000 _____ () C:\Users\mifoerst\defogger_reenable
2014-02-01 14:12 - 2012-04-27 06:16 - 00000000 ____D () C:\Users\mifoerst
2014-02-01 14:11 - 2013-04-02 19:03 - 00054913 _____ () C:\Windows\Q-Dir.ini
2014-02-01 14:11 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 14:11 - 2009-07-14 05:45 - 00021696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 14:10 - 2014-02-01 14:10 - 00050477 _____ () C:\Users\mifoerst\Desktop\Defogger.exe
2014-02-01 14:07 - 2012-04-27 06:06 - 01369318 _____ () C:\Windows\WindowsUpdate.log
2014-02-01 14:03 - 2013-10-27 14:44 - 00000344 _____ () C:\Windows\lgfwup.ini
2014-02-01 14:03 - 2013-10-27 14:44 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-02-01 14:03 - 2012-04-27 09:47 - 46371836 _____ () C:\Users\mifoerst\DesktopStCenter.txt
2014-02-01 14:02 - 2013-12-31 18:25 - 00003562 _____ () C:\Windows\setupact.log
2014-02-01 14:02 - 2013-11-29 06:14 - 00000454 ____H () C:\Windows\Tasks\SK.Enhancer-S-161304646.job
2014-02-01 14:02 - 2013-07-04 21:16 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-02-01 14:02 - 2012-04-27 09:57 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 14:02 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-01 13:49 - 2012-04-27 09:57 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 13:13 - 2012-04-27 09:47 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\FRITZ!
2014-01-31 04:27 - 2012-07-18 00:23 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\vlc
2014-01-31 04:17 - 2014-01-19 11:03 - 00035123 _____ () C:\Users\mifoerst\Desktop\Gewichtsverlauf_2014.xlsx
2014-01-31 04:00 - 2012-08-10 00:52 - 00000173 _____ () C:\Users\mifoerst\AppData\Local\msmathematics.qat.mifoerst
2014-01-31 03:59 - 2012-04-27 05:37 - 00036789 _____ () C:\Users\mifoerst\Desktop\Gewichtsverlauf_2011-2012.xlsx
2014-01-31 00:32 - 2014-01-31 00:32 - 00000000 ____D () C:\ProgramData\WWatchItAdBlocke
2014-01-31 00:32 - 2014-01-31 00:32 - 00000000 ____D () C:\ProgramData\fidjaklomdnamkgohngajfnikaadkgej
2014-01-31 00:32 - 2013-11-29 06:13 - 00000000 ____D () C:\ProgramData\5c1fd25ecffdebf4
2014-01-31 00:32 - 2012-11-13 01:16 - 00002598 __RSH () C:\ProgramData\ntuser.pol
2014-01-31 00:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-01-30 23:13 - 2014-01-30 23:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft Mathematics Add-in
2014-01-30 23:09 - 2014-01-30 23:09 - 00000000 ____D () C:\Program Files\Microsoft Mathematics
2014-01-21 18:06 - 2014-01-21 18:06 - 00000000 ____D () C:\Users\mifoerst\AppData\Local\SoftwareUpdater
2014-01-21 17:41 - 2013-07-04 20:23 - 00004196 _____ () C:\Windows\System32\Tasks\Software Updater
2014-01-19 08:33 - 2010-11-21 04:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-17 21:55 - 2009-07-14 05:45 - 00357520 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-17 18:15 - 2013-07-11 12:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-17 18:11 - 2014-01-17 18:10 - 00005298 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-17 18:11 - 2014-01-05 03:28 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-17 18:11 - 2013-03-13 00:57 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-17 18:10 - 2012-04-27 08:35 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-14 07:46 - 2012-12-30 03:06 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\MediaMonkey
2014-01-07 05:23 - 2014-01-07 05:23 - 00000000 ____D () C:\Users\mifoerst\AppData\Local\IsolatedStorage
2014-01-07 05:16 - 2013-11-29 04:18 - 00000000 ____D () C:\Program Files\Calibre2
2014-01-06 20:36 - 2012-04-27 09:31 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\Media Player Classic
2014-01-06 17:03 - 2012-11-13 00:20 - 00000000 ____D () C:\Windows\pss
2014-01-06 17:03 - 2012-04-27 06:17 - 00000000 ___RD () C:\Users\mifoerst\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-05 05:06 - 2011-04-12 08:55 - 00000000 ____D () C:\Windows\ShellNew
2014-01-05 04:14 - 2012-12-30 20:24 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\Mipony
2014-01-05 04:09 - 2013-09-27 00:55 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-01-05 03:31 - 2014-01-05 03:31 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-05 03:31 - 2014-01-05 03:31 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-01-05 03:19 - 2012-09-15 20:11 - 00000000 ____D () C:\Program Files\Java
2014-01-05 02:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-05 01:52 - 2014-01-05 01:52 - 00003234 _____ () C:\Windows\System32\Tasks\{02BCE6A5-97D1-4D11-A99E-943297361973}
2014-01-05 00:04 - 2013-09-02 22:25 - 00000995 _____ () C:\Users\UpdatusUser\Desktop\MiPony.lnk
2014-01-05 00:04 - 2013-09-02 22:25 - 00000995 _____ () C:\Users\Mcx1-SKULLBONE\Desktop\MiPony.lnk
2014-01-03 13:55 - 2011-04-12 08:43 - 00699740 _____ () C:\Windows\system32\perfh007.dat
2014-01-03 13:55 - 2011-04-12 08:43 - 00149848 _____ () C:\Windows\system32\perfc007.dat
2014-01-03 13:55 - 2009-07-14 06:13 - 01620932 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-03 13:19 - 2014-01-03 13:19 - 00406304 _____ () C:\Windows\Minidump\010314-73289-01.dmp
2014-01-03 13:19 - 2012-08-10 09:22 - 00000000 ____D () C:\Windows\Minidump
2014-01-03 13:18 - 2014-01-03 13:18 - 606307090 _____ () C:\Windows\MEMORY.DMP
2014-01-02 03:45 - 2013-11-29 01:59 - 00000000 ____D () C:\Users\mifoerst\AppData\Roaming\calibre
2014-01-02 03:45 - 2013-11-29 01:59 - 00000000 ____D () C:\Users\mifoerst\AppData\Local\calibre-cache
Files to move or delete:
====================
C:\ProgramData\mazuki.dll
Some content of TEMP:
====================
C:\Users\mifoerst\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\mifoerst\AppData\Local\Temp\vlc-2.1.2-win64.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-30 08:55
==================== End Of Log ============================ --- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 03
Ran by mifoerst at 2014-02-01 14:16:35
Running from C:\Users\mifoerst\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
1&1 EasyLogin (x32 Version: - )
1&1 SoftPhone (x32 Version: 2.60.1179 - 1&1 Internet AG)
1und1 Internet Explorer Add-On (x32 Version: - 1&1 Internet AG)
1und1 Internet Explorer Add-On (x32 Version: 1.0 - 1&1 Internet AG) Hidden
ACDSee 17 (x32 Version: 17.0.41 - ACD Systems International Inc.)
Adobe Digital Editions 2.0 (x32 Version: 2.0.1 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Amazon Kindle (x32 Version: - Amazon)
AviSynth 2.5 (x32 Version: - )
Browser Stabilizer (x32 Version: - Appdev Ltd)
calibre 64bit (Version: 1.18.0 - Kovid Goyal)
CBR (Version: 0.7 - G.Waser)
CCleaner (Version: 3.25 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
CyberLink BD_3D Advisor 2.0 (x32 Version: 2.0.5425 - CyberLink Corp.)
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5311 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.2021 - CyberLink Corp.) Hidden
CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3019_44673 - CyberLink Corp.) Hidden
CyberLink MediaShow 6 (x32 Version: 6.0.4312 - CyberLink Corp.) Hidden
CyberLink Power2Go 7 (x32 Version: 7.0.0.3126b - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 (Version: 11.0.0.2418 - Ihr Firmenname) Hidden
CyberLink PowerDirector 11 (x32 Version: 11.0.0.2418 - CyberLink Corp.)
CyberLink PowerDirector 11 Content Pack Essential (x32 Version: 11 - CyberLink Corp.)
CyberLink PowerDirector 11 Content Pack Essential (x32 Version: 11 - CyberLink Corp.) Hidden
CyberLink PowerDirector 11 Content Pack Premium (x32 Version: 11 - CyberLink Corp.)
CyberLink PowerDirector 11 Content Pack Premium (x32 Version: 11 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4125.52 - CyberLink Corp.) Hidden
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.)
CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118 - CyberLink Corp.)
CyberLink PowerProducer 5.5 (x32 Version: 5.5.3.4118 - CyberLink Corp.) Hidden
CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.)
CyberLink WaveEditor 2 (x32 Version: 2.0.3206 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DivX-Setup (x32 Version: 2.6.1.9 - DivX, LLC)
DVDFab 9.0.6.3 (09/09/2013) (x32 Version: - Fengtao Software Inc.)
eMule (x32 Version: - )
Eraser 6.0.9.2343 (Version: 6.0.2343 - The Eraser Project)
ESBCalc (x32 Version: 7.3.1.0 - ESB Consultancy)
FastStone Capture 5.3 (x32 Version: 5.3 - FastStone Soft)
FastStone Image Viewer 4.7 (x32 Version: 4.7 - FastStone Soft)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
FRITZ!DSL64 (Version: 2.04.03 - AVM Berlin)
GeoGebra (x32 Version: 4.0.38.0 - International GeoGebra Institute)
Google Books Downloader version 2.3 (x32 Version: 2.3 - GBOOKSDOWNLOADER.COM)
Google Chrome (x32 Version: 31.0.1650.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hotkey 3.3028 (x32 Version: 3.3028 - NoteBook)
Hotkey 3.3028 (x32 Version: 3.3028 - NoteBook) Hidden
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (Version: 14.00.0000 - Intel Corporation)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
ITE Infrared Transceiver (x32 Version: 1.00.0000 - ITE)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (x32 Version: 0.9 - AppWork GmbH)
JDownloader 2 (x32 Version: 2 - AppWork GmbH)
JMicron Ethernet Adapter NDIS Driver (x32 Version: 6.0.26.6 - JMicron Technology Corp.)
JMicron Flash Media Controller Driver (x32 Version: 1.0.54.1 - JMicron Technology Corp.)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
KatMouse (remove only) (x32 Version: - )
K-Lite Codec Pack 8.9.5 (Full) (x32 Version: 8.9.5 - )
KooRaRoo Media (Version: 1.6.0.0 - Programming Sunrise)
LG ODD Auto Firmware Update (x32 Version: 10.01.0712.01 - )
MediaMonkey 4.0 (x32 Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8107.0 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (64-bit) (Version: 4.0 - Microsoft Corporation)
Microsoft Mathematics Add-in (32-bit) (x32 Version: 2.0.040811.01 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.0.0657.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (x32 Version: 10.0.30319 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
MiPony 2.1.1 (x32 Version: 2.1.1 - )
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (x32 Version: - Pavel Cvrcek)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
Mp3tag v2.51 (x32 Version: v2.51 - Florian Heidenreich)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Network Activity Indicator for Windows 7 (x32 Version: 1.6 - IT Samples)
Newblue Art Effects for PowerDirector (Version: 2.0 - NewBlue)
NVIDIA 3D Vision Treiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0604 (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2049 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Opera 12.02 (x32 Version: 12.02.1578 - Opera Software ASA)
Opera 12.16 (Version: 12.16.1860 - Opera Software ASA)
PDF24 Creator 5.7.0 (x32 Version: - PDF24.org)
PDFCreator (x32 Version: 1.3.2 - Frank Heindörfer, Philip Chinery)
PDF-Viewer (Version: 2.5.213.1 - Tracker Software Products Ltd)
PDF-XChange Editor (Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.) Hidden
PDF-XChange Editor (x32 Version: 3.0.306.1 - Tracker Software Products (Canada) Ltd.)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
QuickTime (x32 Version: 7.72.80.56 - Apple Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6307 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.)
Samsung AllShare (x32 Version: 2.1.0.12031_10 - Samsung Electronics Co., Ltd.) Hidden
SearchNewTab (x32 Version: 4.2.0.1405 - SearchNewTab) <==== ATTENTION
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SK.Enhancer (x32 Version: 4.0.0.1461 - PremiumSoft) <==== ATTENTION
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.)
SmartSound Quicktracks 5 (x32 Version: 5.1.8 - SmartSound Software Inc.) Hidden
suurf uandu keeep (x32 Version: 3.3.0.1260 - sUrf anad keEp) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 15.1.14.0 - Synaptics Incorporated)
THX TruStudio Pro (x32 Version: TAMB-CVS1D-1-LB R07 - Creative Technology Limited)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
USB PnP Sound Device (Version: - )
USBFast (x32 Version: 1.3.0.30 - Prolific Technology Inc.)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
VirtualCloneDrive (x32 Version: - Elaborate Bytes)
Visual C++ 9.0 ATL (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 2.1.2 (Version: 2.1.2 - VideoLAN)
VobSub v2.23 (Remove Only) (x32 Version: - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR (Version: - )
WWatchItAdBlocke (x32 Version: - WeaTChItAdBloocke)
XnView 1.99.6 (x32 Version: 1.99.6 - Gougelet Pierre-e)
XviD MPEG4 Video Codec (remove only) (x32 Version: - )
Xvid Video Codec (x32 Version: 1.3.2 - Xvid Team)
YoutubeAdblocker (x32 Version: 2.2.0.1723 - YoutubeAdblocker) <==== ATTENTION
Zattoo4 4.0.5 (x32 Version: 4.0.5 - Zattoo Inc.)
==================== Restore Points =========================
05-01-2014 02:19:51 JavaFX 2.1.1 wird entfernt
05-01-2014 02:27:51 Installed Java 7 Update 45
05-01-2014 02:31:08 Installed Java 7 Update 45 (64-bit)
07-01-2014 04:15:21 Installed calibre 64bit
07-01-2014 04:16:06 Installed calibre 64bit
07-01-2014 04:21:42 Installed CBR
07-01-2014 16:36:43 Windows Update
11-01-2014 16:22:46 Windows Update
15-01-2014 16:42:25 Windows Update
17-01-2014 17:09:50 Windows Update
21-01-2014 06:22:54 Windows Update
24-01-2014 19:25:02 Windows Update
27-01-2014 20:02:27 Windows Update
30-01-2014 22:08:38 Microsoft Mathematics (64-Bit) wird entfernt
30-01-2014 22:09:37 Installed Microsoft Mathematics (64-bit)
30-01-2014 22:09:58 DirectX wurde installiert
30-01-2014 22:13:02 Installed Microsoft Mathematics Add-in (32-bit)
30-01-2014 22:13:16 DirectX wurde installiert
31-01-2014 07:22:17 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-12-20 18:59 - 00000060 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0651F152-0749-4F32-8768-34013E3CBB0C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {0F5D38F0-5495-4D97-B7D8-3FB5C5D6021C} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {24B096C6-EB37-45F6-BD63-C36AEE514CFA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {2D16166F-CC96-4CD4-94AD-9E40F7C3FD41} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {43008E48-A1EA-4DE5-B565-7CB466952166} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {51F1FEB8-D0B5-43F3-B55E-3CFC42B1943A} - System32\Tasks\SK.Enhancer-S-161304646 => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe [2012-11-29] () <==== ATTENTION
Task: {6AA819C4-E5C6-4A9B-BAC2-8036DE4EF67B} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {72212E4E-CD13-4339-AAD4-7B490E9663EE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-27] (Google Inc.)
Task: {7FA77666-8186-4668-83CD-9BD05C042953} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {8FA8787B-1071-425D-BC86-1FDE5EBD76F8} - System32\Tasks\Software Updater Ui => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Ui.exe [2014-01-21] ()
Task: {98E78101-108F-4556-B2E5-C7A50457A62C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: {9AA037C9-E461-45C4-B709-AD7998E2F70A} - System32\Tasks\FreeDriverScout => C:\Program Files\Covus Freemium\Free Driver Scout\1Click.exe
Task: {B2FE53F6-B654-4026-ADEE-418A30964BB5} - System32\Tasks\Software Updater => C:\Program Files\SoftwareUpdater\SoftwareUpdater.Bootstrapper.exe [2013-12-18] ()
Task: {D1100223-1735-4857-A2FB-E68A787ED075} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-SKULLBONE => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation)
Task: {D31EF223-97CC-4B53-8DAB-878AB55FB296} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {EBCF5C42-6962-4247-86F3-6DD0A1445B77} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SK.Enhancer-S-161304646.job => c:\programdata\quickset\sk.enhancer\SK.Enhancer.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2013-08-12 23:57 - 2013-06-21 11:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-11-02 11:58 - 2010-11-02 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2013-12-27 17:13 - 2013-12-27 17:13 - 04204032 _____ () C:\ProgramData\Browser Stabilizer\BrowserStabilizer_x64.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 08062464 _____ () C:\Program Files\KooRaRoo Media\avcodec-54.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00237056 _____ () C:\Program Files\KooRaRoo Media\avutil-52.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00520192 _____ () C:\Program Files\KooRaRoo Media\avdevice-54.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00475648 _____ () C:\Program Files\KooRaRoo Media\avfilter-3.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 01543168 _____ () C:\Program Files\KooRaRoo Media\avformat-54.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00151552 _____ () C:\Program Files\KooRaRoo Media\avresample-1.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00122368 _____ () C:\Program Files\KooRaRoo Media\swresample-0.dll
2013-03-19 20:12 - 2013-02-23 13:13 - 00363520 _____ () C:\Program Files\KooRaRoo Media\swscale-2.dll
2010-11-02 11:58 - 2010-11-02 11:58 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2012-04-27 08:06 - 2010-11-12 11:38 - 00241152 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL
2012-04-27 09:37 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-27 17:13 - 2013-12-27 17:13 - 04240896 _____ () C:\ProgramData\Browser Stabilizer\BrowserStabilizer.dll
2013-12-27 17:13 - 2013-12-27 17:13 - 00180048 _____ () C:\ProgramData\Browser Stabilizer\BrowserStabilizerSvc.dll
2007-06-22 15:48 - 2007-06-22 15:48 - 00044032 _____ () C:\Program Files (x86)\KatMouse\KatMouseS.dll
2008-12-30 17:23 - 2008-12-30 17:23 - 00214528 _____ () C:\Program Files (x86)\KatMouse\KatMouseH.dll
2012-04-27 08:06 - 2010-11-01 16:34 - 00159744 ____N () C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll
2013-12-14 19:50 - 2013-12-14 19:50 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-14 19:50 - 2013-12-14 19:50 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-14 19:50 - 2013-12-14 19:50 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-11-22 15:46 - 2012-11-21 06:26 - 00008704 _____ () C:\Users\mifoerst\AppData\Roaming\Thunderbird\Profiles\y3oe9vh7.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2013-12-20 18:05 - 2013-12-20 18:05 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-08-16 22:48 - 2013-08-16 22:48 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2012-04-28 02:10 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/01/2014 02:03:43 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 01:06:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 02:48:05 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 08:05:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf
Name des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe, Version: 11.9.900.170, Zeitstempel: 0x529b79bf
Ausnahmecode: 0x40000015
Fehleroffset: 0x00017b60
ID des fehlerhaften Prozesses: 0x1278
Startzeit der fehlerhaften Anwendung: 0xFlashPlayerPlugin_11_9_900_170.exe0
Pfad der fehlerhaften Anwendung: FlashPlayerPlugin_11_9_900_170.exe1
Pfad des fehlerhaften Moduls: FlashPlayerPlugin_11_9_900_170.exe2
Berichtskennung: FlashPlayerPlugin_11_9_900_170.exe3
Error: (01/30/2014 08:12:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 05:27:57 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2014 07:13:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 08:50:57 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 08:15:24 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 07:29:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (02/01/2014 02:02:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/01/2014 02:02:44 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1331
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/01/2014 02:02:13 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 01.02.2014 um 14:00:44 unerwartet heruntergefahren.
Error: (02/01/2014 01:05:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/01/2014 01:05:22 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1331
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/01/2014 01:04:50 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 01.02.2014 um 04:09:48 unerwartet heruntergefahren.
Error: (02/01/2014 02:47:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/01/2014 02:47:58 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1331
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/01/2014 02:47:44 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 01.02.2014 um 01:48:20 unerwartet heruntergefahren.
Error: (01/30/2014 08:11:13 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (02/01/2014 02:03:43 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 01:06:13 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2014 02:48:05 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 08:05:10 PM) (Source: Application Error)(User: )
Description: FlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bfFlashPlayerPlugin_11_9_900_170.exe11.9.900.170529b79bf4000001500017b60127801cf1d8af3f9f5f6C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exeC:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe706325f9-89e1-11e3-bb2d-0090f5be60fb
Error: (01/30/2014 08:12:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/30/2014 05:27:57 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/28/2014 07:13:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/27/2014 08:50:57 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/24/2014 08:15:24 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/23/2014 07:29:36 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2012-11-15 23:58:09.591
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-15 23:58:09.581
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-15 23:58:09.570
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-15 23:58:09.558
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-15 23:49:53.886
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Public\{3B7E09EC-0673-449d-A46F-16A0E33E8DC2}.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-15 23:49:53.839
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Public\{3B7E09EC-0673-449d-A46F-16A0E33E8DC2}.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-12 23:10:28.409
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-12 23:10:28.398
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-12 20:33:26.610
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Public\{F5116583-1BE0-40c0-8E92-09738F0DC442}.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-11-12 20:33:26.564
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Public\{F5116583-1BE0-40c0-8E92-09738F0DC442}.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 36%
Total physical RAM: 8169.51 MB
Available physical RAM: 5166.64 MB
Total Pagefile: 16337.2 MB
Available Pagefile: 12672.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:250 GB) (Free:170.85 GB) NTFS
Drive d: () (Fixed) (Total:1147.17 GB) (Free:1054.74 GB) NTFS
Drive k: (Elements) (Fixed) (Total:1397.26 GB) (Free:652 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: C49304CF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-967259979776) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: 00035B79)
Partition 1: (Not Active) - (Size=-698727006208) - (Type=07 NTFS)
==================== End Of Log ============================ gmer Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-02-01 14:53:29
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 1397,27GB
Running: tb4lzd1k.exe; Driver: C:\Users\mifoerst\AppData\Local\Temp\pwtcrpod.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b6000 46 bytes [0C, 48, 03, C8, 48, 8B, C6, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b602f 23 bytes [00, 00, 07, 4C, 8B, 49, 68, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[2300] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076ca8769 5 bytes JMP 00000001727d1170
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75]
.text C:\Program Files (x86)\CyberLink\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe[2300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[3652] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75]
.text ... * 2
.text C:\Program Files (x86)\KatMouse\KatMouse.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754f1465 2 bytes [4F, 75]
.text C:\Program Files (x86)\KatMouse\KatMouse.exe[3992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754f14bb 2 bytes [4F, 75]
.text ... * 2
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[3624] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 322 0000000073df1a22 2 bytes [DF, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[3624] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 496 0000000073df1ad0 2 bytes [DF, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[3624] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 552 0000000073df1b08 2 bytes [DF, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[3624] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 730 0000000073df1bba 2 bytes [DF, 73]
.text C:\Windows\SysWOW64\ieconfig_1und1_svc.exe[3624] C:\Windows\SysWOW64\wsock32.dll!setsockopt + 762 0000000073df1bda 2 bytes [DF, 73]
---- Threads - GMER 2.1 ----
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2328:5332] 000007fef0ffc0d0
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2308:6408] 000007fef59e3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2308:6412] 000007fef1157c4c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2308:6416] 000007fef59e3e0c
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2308:6420] 000007fef0ffc0d0
Thread C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2308:6424] 000007fef59e3e0c
Thread C:\Windows\System32\svchost.exe [4956:4616] 000007fefc269688
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\88532e05dd21
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\88532e05dd21 (not active ControlSet)
---- EOF - GMER 2.1 ---- |