Recommended Posts

Hallo zusammen,

Habe mir diese Nation Zoom eingefangen. Es lässt sich nicht entfernen.

Wer kann mir weiterhelfen. Bin total "unbegabt" in solchen Dingen. Bitte so erklären, dass ich es auch verstehen kann ;-)

Danke

Sabine

Share this post


Link to post
Share on other sites

Hi Sabine und Herzlich Willkommen beim Emsisoft Support Forum!

Systemscan mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit

(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Beide Logfiles bitte in der nächsten Antwort anhängen

Share this post


Link to post
Share on other sites

HIer die Ergebnisse des Scans:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2013 01

Ran by ADMIN (administrator) on PC on 14-12-2013 17:39:46

Running from C:\Users\ADMIN\Desktop

Windows 8.1 (X64) OS Language: German Standard

Internet Explorer Version 11

Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

() C:\Program Files (x86)\Polar\Daemon\polard.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.2.241.0\SeaPort.EXE

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe

(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oacat.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe

(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe

(NewSoft Technology Corporation) C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe

(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe

(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe

(Emsisoft GmbH) C:\Program Files (x86)\Online Armor\oahlp.exe

(SEIKO EPSON CORPORATION) C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

() C:\Program Files (x86)\Polar\WebSync\WebSync.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe

(SEIKO EPSON CORPORATION) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

(NewSoft Technology Corporation) C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe

(Visicom Media Inc.) C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe

(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

(Microsoft Corporation) C:\Windows\splwow64.exe

(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteUser.exe

() C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing-tray.exe

(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\WWAHost.exe

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [beatsOSDApp] - C:\Program Files\IDT\WDM\Beats64.exe [37888 2012-08-10] (Hewlett-Packard )

HKLM\...\Run: [WrtMon.exe] - C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe [26448 2008-05-24] (NewSoft Technology Corporation)

HKLM\...\Run: [sysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-08-10] (IDT, Inc.)

HKLM\...\Run: [@OnlineArmor GUI] - C:\Program Files (x86)\Online Armor\oaui.exe [7558464 2013-10-11] (Emsisoft GmbH)

HKCU\...\Run: [TomTomHOME.exe] - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)

HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\Windows\System32\spool\drivers\x64\3\E_YATIJHE.EXE [283232 2012-02-28] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)

HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-02] (CyberLink Corp.)

HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] - [x]

HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [FUFAXRCV] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [502912 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [FUFAXSTM] - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863360 2012-04-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058912 2012-04-02] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [PMSpeed] - C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSpeed.exe [116632 2010-07-29] (NewSoft Technology Corporation)

HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)

HKLM-x32\...\Run: [Anti-phishing Domain Advisor] - C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe [235072 2013-05-31] (Visicom Media Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)

HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [4329408 2013-12-04] (Emsisoft GmbH)

AppInit_DLLs: [ ] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.uk.msn.com/HPDSK13/4

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.nationzoom.com/web/?type=ds&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.nationzoom.com/web/?type=ds&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.nationzoom.com/?type=hp&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.nationzoom.com/?type=hp&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = http://www.nationzoom.com/web/?type=ds&ts=1386860198&from=tugs&uid=HitachiXHDS723020BLA642_MN1240FA00WRWD00WRWDX&q={searchTerms}

SearchScopes: HKLM - {5C066E4E-BF62-492A-99B2-2FE1F400FF94} URL = http://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?publisher=Bundlore&dpid=Bundlore&co=DE&userid=58e6af27-ddaa-26e6-2635-a825e1dc31df&searchtype=ds&q={searchTerms}&installDate=26/08/2013

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPDTDFJS

SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =

BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM-x32 - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - No File

Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:

========

FF ProfilePath: C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\hprg8g14.default

FF user.js: detected! => C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\hprg8g14.default\user.js

FF DefaultSearchEngine: nationzoom

FF SearchEngineOrder.1: metaCrawler

FF SelectedSearchEngine: nationzoom

FF Keyword.URL: user_pref("keyword.URL", "");

FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\nationzoom.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\testlog.txt

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahootc.xml

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Users\hp\AppData\Roaming\Mozilla\Extensions\[email protected]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:

=======

CHR DefaultSearchKeyword: google.de

CHR DefaultSearchProvider: Google

CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}

CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}

CHR Extension: (Docs) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0

CHR Extension: (Google Drive) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0

CHR Extension: (YouTube) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0

CHR Extension: (Google Search) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0

CHR Extension: (Plus-HD-1.3) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhlmghjmomaoodfgjeikphfdljhpcpkl\1.25.113_0

CHR Extension: (Google Wallet) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

CHR Extension: (Gmail) - C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\hp\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4161512 2013-12-04] (Emsisoft GmbH)

R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)

R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)

R2 HPConnectedRemote; c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPConnectedRemoteService.exe [35232 2012-08-29] (Hewlett-Packard)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)

S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)

S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)

R2 OAcat; C:\Program Files (x86)\Online Armor\OAcat.exe [584864 2013-10-11] (Emsisoft GmbH)

R2 Polar Daemon; C:\Program Files (x86)\Polar\Daemon\polard.exe [419536 2012-12-12] ()

S2 SvcOnlineArmor; C:\Program Files (x86)\Online Armor\oasrv.exe [4457688 2013-10-11] (Emsisoft GmbH)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-10-19] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [70960 2013-08-24] (Emsisoft GmbH)

R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH)

R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH)

R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [17384 2013-03-28] (Emsisoft GmbH)

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)

S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows ® Win 7 DDK provider)

R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)

R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)

R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)

S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)

S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)

S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)

R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-10-08] (Microsoft Corporation)

S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)

S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)

R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)

S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)

R1 OADevice; C:\WINDOWS\SysWow64\Drivers\OADriver.sys [64720 2013-10-11] ()

R1 oahlpXX; C:\WINDOWS\syswow64\drivers\oahlp64.sys [62008 2013-10-11] ()

R1 OAmon; C:\WINDOWS\SysWOW64\Drivers\OAmon.sys [52360 2013-10-11] (Emsisoft)

R3 OAnet; C:\Windows\system32\DRIVERS\oanet.sys [35368 2013-10-11] (Emsisoft)

S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)

S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146272 2013-08-22] (Microsoft Corporation)

S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-10-05] (Microsoft Corporation)

S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)

R3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]

R4 EsgScanner; system32\DRIVERS\EsgScanner.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-12-14 17:39 - 2013-12-14 17:39 - 00021869 _____ C:\Users\ADMIN\Desktop\FRST.txt

2013-12-14 17:39 - 2013-12-14 17:39 - 00000000 ____D C:\FRST

2013-12-14 17:38 - 2013-12-14 17:38 - 01927796 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64 (1).exe

2013-12-14 17:37 - 2013-12-14 17:37 - 01927796 _____ (Farbar) C:\Users\ADMIN\Desktop\FRST64.exe

2013-12-14 17:36 - 2013-12-14 17:37 - 01927796 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe

2013-12-14 10:46 - 2013-12-14 10:46 - 00003314 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup

2013-12-13 16:11 - 2013-12-13 16:15 - 00000000 ____D C:\Program Files (x86)\Online Armor

2013-12-13 16:11 - 2013-12-13 16:12 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\OnlineArmor

2013-12-13 16:11 - 2013-12-13 16:12 - 00000000 ____D C:\ProgramData\OnlineArmor

2013-12-13 16:11 - 2013-10-11 03:41 - 00062008 _____ C:\WINDOWS\SysWOW64\Drivers\oahlp64.sys

2013-12-13 16:11 - 2013-10-11 03:40 - 00064720 _____ C:\WINDOWS\SysWOW64\Drivers\OADriver.sys

2013-12-13 16:11 - 2013-10-11 03:40 - 00052360 _____ (Emsisoft) C:\WINDOWS\SysWOW64\Drivers\OAmon.sys

2013-12-13 16:11 - 2013-10-11 03:40 - 00035368 _____ (Emsisoft) C:\WINDOWS\system32\Drivers\OAnet.sys

2013-12-13 16:10 - 2013-12-13 16:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\ADMIN\Downloads\OnlineArmorSetup.exe

2013-12-13 16:02 - 2013-12-13 16:02 - 00001109 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2013-12-13 16:01 - 2013-12-14 17:26 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware

2013-12-13 16:01 - 2013-12-13 16:01 - 00000000 ____D C:\Users\ADMIN\Documents\Anti-Malware

2013-12-13 15:51 - 2013-12-13 15:57 - 231302192 _____ (Emsisoft GmbH ) C:\Users\ADMIN\Downloads\EmsisoftAntiMalwareSetup.exe

2013-12-13 15:43 - 2013-12-13 15:43 - 00000000 ____D C:\Users\ADMIN\AppData\Local\toolbarcleaner

2013-12-13 07:35 - 2013-12-13 07:35 - 01214896 _____ (Visicom Media Inc.) C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe

2013-12-13 07:35 - 2013-12-13 07:35 - 00001104 _____ C:\Users\ADMIN\Desktop\Toolbar Cleaner.lnk

2013-12-13 07:35 - 2013-12-13 07:35 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

2013-12-12 21:39 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-12-12 21:39 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-12-12 21:39 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-12-12 21:39 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-12-12 21:39 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-12-12 21:39 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-12-12 21:39 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-12-12 21:39 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2013-12-12 21:39 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-12-12 21:39 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2013-12-12 21:39 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-12-12 21:39 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-12-12 21:39 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-12-12 21:39 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2013-12-12 21:39 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2013-12-12 21:39 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-12-12 21:39 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-12-12 21:39 - 2013-11-23 05:34 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2013-12-12 21:39 - 2013-11-23 05:13 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2013-12-12 21:39 - 2013-11-23 04:32 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2013-12-12 21:39 - 2013-11-23 04:10 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2013-12-12 21:39 - 2013-11-09 07:34 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe

2013-12-12 21:39 - 2013-11-09 07:34 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2013-12-12 21:39 - 2013-11-09 06:52 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2013-12-12 21:39 - 2013-11-08 08:21 - 04191744 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2013-12-12 21:39 - 2013-10-19 09:53 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll

2013-12-12 21:39 - 2013-10-19 08:14 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll

2013-12-12 21:39 - 2013-10-15 09:54 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll

2013-12-12 21:39 - 2013-10-15 09:03 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll

2013-12-12 19:34 - 2013-12-12 19:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-12 19:34 - 2013-12-12 19:34 - 00001127 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Malwarebytes

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-12 19:34 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2013-12-12 17:13 - 2013-12-12 17:13 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-12-12 17:13 - 2013-12-12 17:13 - 00000000 _____ C:\autoexec.bat

2013-12-12 17:12 - 2013-12-14 12:01 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP

2013-12-12 15:57 - 2013-12-12 16:25 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-12-12 15:56 - 2013-12-12 17:16 - 00000000 ____D C:\Program Files (x86)\Re-markit

2013-12-12 15:56 - 2013-12-12 16:28 - 00000000 ____D C:\ProgramData\WPM

2013-12-09 21:49 - 2013-12-11 19:46 - 00012192 _____ C:\Users\ADMIN\Desktop\Busplan ab 16.12.2013.xlsx

2013-12-09 21:49 - 2013-12-09 21:49 - 00011804 _____ C:\Users\ADMIN\Documents\Busplan ab 16.12.2013.xlsx

2013-12-03 20:00 - 2013-12-03 20:00 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Cyberlink

2013-12-03 17:35 - 2013-12-03 17:35 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\WebApp

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\Documents\CyberLink

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\NVIDIA

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\CyberLink

2013-11-30 11:21 - 2013-11-30 11:21 - 00009728 ___SH C:\Users\Jonas\Downloads\Thumbs.db

2013-11-30 10:43 - 2013-11-30 10:54 - 429727279 _____ C:\Users\Jonas\Downloads\HAUPTFILM - Imagefilm der Freiwilligen Feuerwehr Stadt Jever 2012.mp4

2013-11-25 20:15 - 2013-11-25 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-25 18:55 - 2013-11-25 19:16 - 00000000 ____D C:\Users\ADMIN\Desktop\SharePod_3.99

2013-11-25 18:55 - 2013-11-25 18:55 - 02140631 _____ C:\Users\ADMIN\Desktop\SharePod_3.99.zip

2013-11-22 20:10 - 2013-11-22 20:10 - 00000000 ____D C:\Users\Jonas\AppData\Local\Google

2013-11-22 20:02 - 2013-11-22 20:02 - 00005938 _____ C:\Users\Jonas\Desktop\Silena.odt

2013-11-22 19:05 - 2013-11-22 19:05 - 00000000 ____D C:\Users\Jonas\AppData\Local\Apple

2013-11-22 18:59 - 2013-11-22 18:59 - 1698913557 _____ C:\WINDOWS\MEMORY.DMP

2013-11-22 18:59 - 2013-11-22 18:59 - 00300440 _____ C:\WINDOWS\Minidump\112213-30171-01.dmp

2013-11-22 18:59 - 2013-11-22 18:59 - 00000000 ____D C:\WINDOWS\Minidump

2013-11-22 18:52 - 2013-11-22 18:52 - 00000000 ____D C:\Users\Jonas\AppData\Local\Apple Computer

2013-11-19 20:05 - 2013-11-19 20:20 - 562335264 _____ C:\Users\ADMIN\Downloads\WISOSteuersoftware2014.exe

2013-11-17 14:38 - 2013-11-17 14:38 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files\iTunes

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files\iPod

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-16 08:46 - 2013-11-05 21:21 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2013-11-16 08:46 - 2013-11-05 19:51 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2013-11-16 08:46 - 2013-11-05 17:20 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2013-11-16 08:46 - 2013-11-05 17:11 - 18577408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2013-11-16 08:46 - 2013-11-05 15:30 - 11674112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2013-11-16 08:46 - 2013-11-05 15:29 - 13176320 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2013-11-16 08:46 - 2013-10-23 12:29 - 00044936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll

2013-11-16 08:46 - 2013-10-23 12:21 - 00155480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2013-11-16 08:46 - 2013-10-23 12:13 - 00171864 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_8086.dll

2013-11-16 08:46 - 2013-10-23 06:27 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2013-11-16 08:46 - 2013-10-23 06:04 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2013-11-16 08:46 - 2013-10-23 05:55 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2013-11-16 08:46 - 2013-10-23 05:46 - 00700928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2013-11-16 08:46 - 2013-10-22 09:18 - 01287064 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll

2013-11-16 08:46 - 2013-10-22 08:55 - 02328872 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2013-11-16 08:46 - 2013-10-22 07:03 - 02065448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2013-11-16 08:46 - 2013-10-22 06:15 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\apphelp.dll

2013-11-16 08:46 - 2013-10-22 05:04 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apphelp.dll

2013-11-16 08:46 - 2013-10-22 05:02 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll

2013-11-16 08:46 - 2013-10-22 04:56 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2013-11-16 08:46 - 2013-10-22 04:44 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2013-11-16 08:46 - 2013-10-22 03:38 - 01362944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2013-11-16 08:46 - 2013-10-22 03:22 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2013-11-16 08:46 - 2013-10-22 03:13 - 01704448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2013-11-16 08:46 - 2013-10-22 03:07 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2013-11-16 08:46 - 2013-10-22 02:53 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2013-11-16 08:46 - 2013-10-22 02:47 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2013-11-16 08:46 - 2013-10-19 10:13 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2013-11-16 08:46 - 2013-10-19 09:51 - 00481392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2013-11-16 08:46 - 2013-10-19 08:12 - 00380656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2013-11-16 08:46 - 2013-10-19 05:48 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2013-11-16 08:46 - 2013-10-19 05:03 - 00531968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2013-11-16 08:46 - 2013-10-19 04:57 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2013-11-16 08:46 - 2013-10-19 04:28 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2013-11-16 08:46 - 2013-10-19 04:26 - 01231360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2013-11-16 08:46 - 2013-10-19 04:14 - 00888832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2013-11-16 08:46 - 2013-10-17 16:42 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2013-11-16 08:46 - 2013-10-17 16:42 - 01373872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2013-11-16 08:46 - 2013-10-17 15:04 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2013-11-16 08:46 - 2013-10-16 10:34 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2013-11-16 08:46 - 2013-10-16 10:33 - 00631296 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2013-11-16 08:46 - 2013-10-13 04:06 - 00258904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys

2013-11-16 08:46 - 2013-10-13 03:43 - 00708616 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

2013-11-16 08:46 - 2013-10-11 16:11 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2013-11-16 08:46 - 2013-10-11 15:22 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2013-11-16 08:46 - 2013-10-11 14:24 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll

2013-11-16 08:46 - 2013-10-11 14:04 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2013-11-16 08:46 - 2013-10-11 14:03 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll

2013-11-16 08:46 - 2013-10-10 17:44 - 00031064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll

2013-11-16 08:46 - 2013-10-10 17:26 - 00317616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll

2013-11-16 08:46 - 2013-10-10 17:26 - 00104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll

2013-11-16 08:46 - 2013-10-10 17:23 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll

2013-11-16 08:46 - 2013-10-10 15:53 - 00235960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll

2013-11-16 08:46 - 2013-10-10 15:53 - 00088272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll

2013-11-16 08:46 - 2013-10-10 12:53 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll

2013-11-16 08:46 - 2013-10-10 12:38 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2013-11-16 08:46 - 2013-10-10 12:26 - 02801664 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2013-11-16 08:46 - 2013-10-10 12:21 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll

2013-11-16 08:46 - 2013-10-10 12:05 - 01019392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2013-11-16 08:46 - 2013-10-10 11:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2013-11-16 08:46 - 2013-10-10 11:34 - 01085952 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2013-11-16 08:46 - 2013-10-10 11:27 - 00869888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2013-11-16 08:46 - 2013-10-10 11:19 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2013-11-16 08:46 - 2013-10-09 06:40 - 00385528 _____ C:\WINDOWS\system32\ApnDatabase.xml

2013-11-16 08:46 - 2013-10-08 12:07 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys

2013-11-16 08:46 - 2013-10-08 11:28 - 00523096 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys

2013-11-16 08:46 - 2013-10-08 11:13 - 02551640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2013-11-16 08:46 - 2013-10-08 07:46 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shsetup.dll

2013-11-16 08:46 - 2013-10-08 06:58 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shsetup.dll

2013-11-16 08:46 - 2013-10-08 06:50 - 00656384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2013-11-16 08:46 - 2013-10-08 06:48 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2013-11-16 08:46 - 2013-10-08 06:15 - 00492544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2013-11-16 08:46 - 2013-10-08 06:09 - 01160704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2013-11-16 08:46 - 2013-10-08 05:50 - 00903168 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2013-11-16 08:46 - 2013-10-08 05:50 - 00762368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2013-11-16 08:46 - 2013-10-07 08:21 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2013-11-16 08:46 - 2013-10-07 08:21 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2013-11-16 08:46 - 2013-10-07 03:13 - 03532288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2013-11-16 08:46 - 2013-10-05 16:25 - 00371032 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2013-11-16 08:46 - 2013-10-05 16:25 - 00057176 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys

2013-11-16 08:46 - 2013-10-05 15:21 - 00699840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll

2013-11-16 08:46 - 2013-10-05 13:05 - 00578952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll

2013-11-16 08:46 - 2013-10-05 12:01 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2013-11-16 08:46 - 2013-10-05 10:36 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe

2013-11-16 08:46 - 2013-10-05 10:18 - 01011712 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll

2013-11-16 08:46 - 2013-10-05 10:07 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2013-11-16 08:46 - 2013-10-05 09:56 - 01147904 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2013-11-16 08:46 - 2013-10-05 09:55 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\miutils.dll

2013-11-16 08:46 - 2013-10-05 09:40 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSWorkspace.dll

2013-11-16 08:46 - 2013-10-05 09:24 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miutils.dll

2013-11-16 08:46 - 2013-10-05 09:21 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2013-11-16 08:46 - 2013-10-05 09:15 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll

2013-11-16 08:46 - 2013-10-05 08:43 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2013-11-16 08:46 - 2013-10-05 08:39 - 06639616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2013-11-16 08:46 - 2013-10-05 08:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2013-11-16 08:46 - 2013-10-05 08:32 - 05769728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2013-11-16 08:46 - 2013-10-04 09:10 - 00533504 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll

2013-11-16 08:46 - 2013-09-19 06:04 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2013-11-16 08:46 - 2013-09-17 10:06 - 01067080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2013-11-16 08:46 - 2013-09-17 10:06 - 00465960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2013-11-16 08:46 - 2013-09-17 07:31 - 00883184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2013-11-16 08:46 - 2013-09-17 07:31 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2013-11-16 08:46 - 2013-09-17 05:37 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2013-11-16 08:46 - 2013-09-14 15:07 - 02134120 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll

2013-11-16 08:46 - 2013-09-14 15:00 - 00391512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll

2013-11-16 08:46 - 2013-09-14 13:39 - 01799944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll

2013-11-16 08:46 - 2013-09-14 13:33 - 00345552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsmf.dll

2013-11-16 08:46 - 2013-09-14 11:05 - 00338944 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpclip.exe

2013-11-16 08:46 - 2013-09-14 10:11 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2013-11-16 08:46 - 2013-09-13 09:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ftp.exe

2013-11-16 08:46 - 2013-09-13 08:47 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ftp.exe

2013-11-16 08:46 - 2013-09-12 09:45 - 00101888 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappgnui.dll

2013-11-16 08:46 - 2013-09-12 09:08 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapp3hst.dll

2013-11-16 08:46 - 2013-09-12 09:08 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2013-11-16 08:46 - 2013-09-12 09:02 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappgnui.dll

2013-11-16 08:46 - 2013-09-12 08:44 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapphost.dll

2013-11-16 08:46 - 2013-09-12 08:37 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapp3hst.dll

2013-11-16 08:46 - 2013-09-12 08:37 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll

2013-11-16 08:46 - 2013-09-12 08:21 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eapphost.dll

2013-11-16 08:46 - 2013-09-12 08:16 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\system32\eappcfg.dll

2013-11-16 08:46 - 2013-09-12 08:01 - 00272896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eappcfg.dll

2013-11-16 08:46 - 2013-09-11 13:46 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2013-11-16 08:46 - 2013-09-10 06:26 - 04599808 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2013-11-16 08:46 - 2013-09-10 05:52 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\msched.dll

2013-11-16 08:46 - 2013-09-10 05:34 - 03934208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2013-11-16 08:35 - 2013-12-13 15:38 - 00077982 _____ C:\WINDOWS\PFRO.log

2013-11-15 16:07 - 2013-11-22 20:10 - 00002273 _____ C:\Users\Jonas\Desktop\Google Chrome.lnk

==================== One Month Modified Files and Folders =======

2013-12-14 17:39 - 2013-12-14 17:39 - 00021869 _____ C:\Users\ADMIN\Desktop\FRST.txt

2013-12-14 17:39 - 2013-12-14 17:39 - 00000000 ____D C:\FRST

2013-12-14 17:38 - 2013-12-14 17:38 - 01927796 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64 (1).exe

2013-12-14 17:37 - 2013-12-14 17:37 - 01927796 _____ (Farbar) C:\Users\ADMIN\Desktop\FRST64.exe

2013-12-14 17:37 - 2013-12-14 17:36 - 01927796 _____ (Farbar) C:\Users\ADMIN\Downloads\FRST64.exe

2013-12-14 17:30 - 2013-10-20 10:03 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\ClassicShell

2013-12-14 17:26 - 2013-12-13 16:01 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware

2013-12-14 17:03 - 2013-01-05 16:32 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2013-12-14 17:02 - 2013-10-22 06:11 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2013-12-14 17:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru

2013-12-14 16:52 - 2013-10-20 10:07 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1011

2013-12-14 16:45 - 2013-11-12 13:46 - 01542962 _____ C:\WINDOWS\WindowsUpdate.log

2013-12-14 16:01 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2013-12-14 15:34 - 2013-01-05 17:13 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-12-14 15:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness

2013-12-14 12:20 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\rescache

2013-12-14 12:01 - 2013-12-12 17:12 - 00000000 ____D C:\WINDOWS\72AAF4551E54475BB0AB5413C78D0E63.TMP

2013-12-14 11:56 - 2012-11-01 23:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2013-12-14 11:55 - 2012-07-26 06:26 - 00000111 _____ C:\WINDOWS\win.ini

2013-12-14 10:46 - 2013-12-14 10:46 - 00003314 _____ C:\WINDOWS\System32\Tasks\SpyHunter4Startup

2013-12-14 10:33 - 2013-10-20 10:08 - 00000000 ____D C:\Users\ADMIN\Documents\WISO Mein Geld

2013-12-14 10:00 - 2013-10-25 12:14 - 00029291 _____ C:\Users\ADMIN\Sti_Trace.log

2013-12-14 10:00 - 2013-10-19 14:51 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\.oit

2013-12-14 10:00 - 2013-01-05 16:32 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2013-12-13 18:46 - 2013-08-30 08:50 - 00000000 ____D C:\Program Files (x86)\Toolbar Cleaner

2013-12-13 18:19 - 2013-10-31 13:58 - 00000000 ____D C:\Users\ADMIN\AppData\Local\PasswordSafe

2013-12-13 16:15 - 2013-12-13 16:11 - 00000000 ____D C:\Program Files (x86)\Online Armor

2013-12-13 16:12 - 2013-12-13 16:11 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\OnlineArmor

2013-12-13 16:12 - 2013-12-13 16:11 - 00000000 ____D C:\ProgramData\OnlineArmor

2013-12-13 16:10 - 2013-12-13 16:10 - 10696960 _____ (Emsisoft GmbH ) C:\Users\ADMIN\Downloads\OnlineArmorSetup.exe

2013-12-13 16:02 - 2013-12-13 16:02 - 00001109 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk

2013-12-13 16:01 - 2013-12-13 16:01 - 00000000 ____D C:\Users\ADMIN\Documents\Anti-Malware

2013-12-13 15:57 - 2013-12-13 15:51 - 231302192 _____ (Emsisoft GmbH ) C:\Users\ADMIN\Downloads\EmsisoftAntiMalwareSetup.exe

2013-12-13 15:43 - 2013-12-13 15:43 - 00000000 ____D C:\Users\ADMIN\AppData\Local\toolbarcleaner

2013-12-13 15:38 - 2013-11-16 08:35 - 00077982 _____ C:\WINDOWS\PFRO.log

2013-12-13 15:38 - 2013-08-30 08:50 - 00000000 ____D C:\ProgramData\Anti-phishing Domain Advisor

2013-12-13 15:38 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2013-12-13 15:38 - 2013-08-22 15:44 - 00430376 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2013-12-13 15:37 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2013-12-13 15:36 - 2013-11-11 19:30 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\DigitalSite

2013-12-13 15:36 - 2013-09-14 09:14 - 00000000 ____D C:\ProgramData\BitGuard

2013-12-13 15:36 - 2013-01-05 20:52 - 00000000 ____D C:\Program Files (x86)\SweetIM

2013-12-13 14:52 - 2013-11-13 16:41 - 00002273 _____ C:\Users\ADMIN\Desktop\Google Chrome.lnk

2013-12-13 13:39 - 2013-10-20 10:11 - 00003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{845F5C89-0D5B-4D13-82C1-9DB328CAFE6E}

2013-12-13 07:35 - 2013-12-13 07:35 - 01214896 _____ (Visicom Media Inc.) C:\Users\ADMIN\Downloads\toolbarcleaner_setup.exe

2013-12-13 07:35 - 2013-12-13 07:35 - 00001104 _____ C:\Users\ADMIN\Desktop\Toolbar Cleaner.lnk

2013-12-13 07:35 - 2013-12-13 07:35 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

2013-12-12 19:44 - 2013-09-30 05:14 - 01980934 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2013-12-12 19:44 - 2013-09-30 04:56 - 00841326 _____ C:\WINDOWS\system32\perfh007.dat

2013-12-12 19:44 - 2013-09-30 04:56 - 00191558 _____ C:\WINDOWS\system32\perfc007.dat

2013-12-12 19:34 - 2013-12-12 19:34 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ADMIN\Downloads\mbam-setup-1.75.0.1300.exe

2013-12-12 19:34 - 2013-12-12 19:34 - 00001127 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Malwarebytes

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\ProgramData\Malwarebytes

2013-12-12 19:34 - 2013-12-12 19:34 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-12-12 17:16 - 2013-12-12 15:56 - 00000000 ____D C:\Program Files (x86)\Re-markit

2013-12-12 17:16 - 2013-10-22 06:07 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2013-12-12 17:13 - 2013-12-12 17:13 - 00000000 ____D C:\Program Files\Enigma Software Group

2013-12-12 17:13 - 2013-12-12 17:13 - 00000000 _____ C:\autoexec.bat

2013-12-12 16:28 - 2013-12-12 15:56 - 00000000 ____D C:\ProgramData\WPM

2013-12-12 16:25 - 2013-12-12 15:57 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro

2013-12-12 16:24 - 2013-11-11 19:32 - 00000000 ____D C:\Program Files (x86)\MyPC Backup

2013-12-12 16:24 - 2013-10-19 14:51 - 00000000 ___RD C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-12-12 15:56 - 2013-10-22 06:07 - 00001383 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk

2013-12-12 15:56 - 2013-10-19 14:51 - 00001686 _____ C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2013-12-11 19:46 - 2013-12-09 21:49 - 00012192 _____ C:\Users\ADMIN\Desktop\Busplan ab 16.12.2013.xlsx

2013-12-11 07:02 - 2013-10-22 06:11 - 00003772 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater

2013-12-09 21:49 - 2013-12-09 21:49 - 00011804 _____ C:\Users\ADMIN\Documents\Busplan ab 16.12.2013.xlsx

2013-12-06 22:21 - 2013-10-20 12:42 - 00000000 ____D C:\Users\Jonas\AppData\Roaming\ClassicShell

2013-12-06 21:59 - 2013-10-22 14:34 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2824886842-1903998303-2860717336-1012

2013-12-06 21:49 - 2013-10-28 12:37 - 00005123 _____ C:\Users\Jonas\Sti_Trace.log

2013-12-06 21:49 - 2013-10-20 12:40 - 00000000 ____D C:\Users\Jonas\AppData\Roaming\.oit

2013-12-06 21:48 - 2013-11-12 17:15 - 00006444 _____ C:\WINDOWS\setupact.log

2013-12-04 01:05 - 2013-08-22 16:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2013-12-04 01:05 - 2013-08-22 16:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2013-12-03 20:00 - 2013-12-03 20:00 - 00000000 ____D C:\Users\ADMIN\AppData\Local\Cyberlink

2013-12-03 19:58 - 2013-01-05 16:32 - 00004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2013-12-03 19:58 - 2013-01-05 16:32 - 00003844 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2013-12-03 17:35 - 2013-12-03 17:35 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\WebApp

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\Documents\CyberLink

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\NVIDIA

2013-12-03 17:31 - 2013-12-03 17:31 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\CyberLink

2013-11-30 11:21 - 2013-11-30 11:21 - 00009728 ___SH C:\Users\Jonas\Downloads\Thumbs.db

2013-11-30 10:54 - 2013-11-30 10:43 - 429727279 _____ C:\Users\Jonas\Downloads\HAUPTFILM - Imagefilm der Freiwilligen Feuerwehr Stadt Jever 2012.mp4

2013-11-26 12:54 - 2013-12-12 21:39 - 23183360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2013-11-26 11:11 - 2013-12-12 21:39 - 17112576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2013-11-26 10:41 - 2013-12-12 21:39 - 02764288 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2013-11-26 09:57 - 2013-12-12 21:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2013-11-26 09:38 - 2013-12-12 21:39 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2013-11-26 09:35 - 2013-12-12 21:39 - 05769216 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2013-11-26 09:16 - 2013-12-12 21:39 - 04243968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2013-11-26 09:02 - 2013-12-12 21:39 - 01995264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2013-11-26 08:48 - 2013-12-12 21:39 - 12996608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2013-11-26 08:32 - 2013-12-12 21:39 - 01928192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2013-11-26 08:26 - 2013-12-12 21:39 - 11221504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2013-11-26 08:07 - 2013-12-12 21:39 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2013-11-26 07:40 - 2013-12-12 21:39 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2013-11-26 07:34 - 2013-12-12 21:39 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2013-11-26 07:34 - 2013-12-12 21:39 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2013-11-26 07:33 - 2013-12-12 21:39 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2013-11-26 07:27 - 2013-12-12 21:39 - 01157632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2013-11-25 20:15 - 2013-11-25 20:15 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

2013-11-25 19:16 - 2013-11-25 18:55 - 00000000 ____D C:\Users\ADMIN\Desktop\SharePod_3.99

2013-11-25 18:55 - 2013-11-25 18:55 - 02140631 _____ C:\Users\ADMIN\Desktop\SharePod_3.99.zip

2013-11-24 12:04 - 2013-10-20 10:53 - 00000000 ____D C:\Users\ADMIN\Documents\JOHANNES

2013-11-23 05:34 - 2013-12-12 21:39 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll

2013-11-23 05:13 - 2013-12-12 21:39 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll

2013-11-23 04:32 - 2013-12-12 21:39 - 04105728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll

2013-11-23 04:10 - 2013-12-12 21:39 - 00568832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe

2013-11-22 20:35 - 2013-10-20 12:37 - 00000000 ____D C:\Users\Jonas

2013-11-22 20:10 - 2013-11-22 20:10 - 00000000 ____D C:\Users\Jonas\AppData\Local\Google

2013-11-22 20:10 - 2013-11-15 16:07 - 00002273 _____ C:\Users\Jonas\Desktop\Google Chrome.lnk

2013-11-22 20:02 - 2013-11-22 20:02 - 00005938 _____ C:\Users\Jonas\Desktop\Silena.odt

2013-11-22 19:31 - 2013-10-20 12:40 - 00000000 ____D C:\Users\Jonas\AppData\Roaming\Apple Computer

2013-11-22 19:23 - 2013-10-19 14:50 - 00000000 ____D C:\Users\ADMIN

2013-11-22 19:05 - 2013-11-22 19:05 - 00000000 ____D C:\Users\Jonas\AppData\Local\Apple

2013-11-22 19:03 - 2013-10-22 14:51 - 00003906 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{012F7537-F055-4139-AA14-E9571EDAD020}

2013-11-22 18:59 - 2013-11-22 18:59 - 1698913557 _____ C:\WINDOWS\MEMORY.DMP

2013-11-22 18:59 - 2013-11-22 18:59 - 00300440 _____ C:\WINDOWS\Minidump\112213-30171-01.dmp

2013-11-22 18:59 - 2013-11-22 18:59 - 00000000 ____D C:\WINDOWS\Minidump

2013-11-22 18:58 - 2012-11-01 22:57 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2013-11-22 18:52 - 2013-11-22 18:52 - 00000000 ____D C:\Users\Jonas\AppData\Local\Apple Computer

2013-11-19 20:25 - 2013-01-06 11:48 - 00000672 _____ C:\WINDOWS\wiso.ini

2013-11-19 20:24 - 2013-01-06 11:46 - 00000000 ____D C:\Program Files (x86)\WISO

2013-11-19 20:20 - 2013-11-19 20:05 - 562335264 _____ C:\Users\ADMIN\Downloads\WISOSteuersoftware2014.exe

2013-11-19 19:12 - 2013-10-22 06:59 - 00000000 ____D C:\Program Files\McAfee Security Scan

2013-11-19 19:12 - 2013-10-22 06:11 - 00001949 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk

2013-11-19 11:30 - 2013-01-06 21:52 - 00267936 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2013-11-18 18:00 - 2013-10-20 12:37 - 00000000 ___RD C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2013-11-18 17:59 - 2013-10-20 12:38 - 00000000 ___RD C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup

2013-11-18 17:59 - 2013-10-20 12:38 - 00000000 ___RD C:\Users\Jonas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-11-17 20:29 - 2013-10-31 13:58 - 00000000 ____D C:\Users\ADMIN\Documents\My Safes

2013-11-17 14:38 - 2013-11-17 14:38 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files\iTunes

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files\iPod

2013-11-17 14:37 - 2013-11-17 14:37 - 00000000 ____D C:\Program Files (x86)\iTunes

2013-11-17 14:02 - 2013-10-19 14:51 - 00000000 ___RD C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools

2013-11-17 14:00 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData

2013-11-17 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore

2013-11-17 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\migwiz

2013-11-17 14:00 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2013-11-16 08:42 - 2013-10-19 14:51 - 00000000 ____D C:\Users\ADMIN\AppData\Roaming\Apple Computer

Some content of TEMP:

====================

C:\Users\ADMIN\AppData\Local\Temp\39736uninstall.exe

C:\Users\ADMIN\AppData\Local\Temp\BackupSetup.exe

C:\Users\ADMIN\AppData\Local\Temp\ose00000.exe

C:\Users\ADMIN\AppData\Local\Temp\SHSetup.exe

C:\Users\ADMIN\AppData\Local\Temp\Sqlite3.dll

C:\Users\ADMIN\AppData\Local\Temp\vcredist_x64.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-12-13 18:01

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2013 01

Ran by ADMIN at 2013-12-14 17:40:09

Running from C:\Users\ADMIN\Desktop

Boot Mode: Normal

==========================================================

==================== Security Center ========================

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2. 8)

Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)

Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05)

AIO_CDA_ProductContext (x32 Version: 140.0.425.000)

AIO_CDA_Software (x32 Version: 140.0.428.000)

AIO_Scan (x32 Version: 130.0.421.000)

Anleitung für Epson Connect (x32)

Anti-phishing Domain Advisor (x32 Version: 1.0.1.106)

Apple Application Support (x32 Version: 2.3.6)

Apple Mobile Device Support (Version: 7.0.0.117)

Apple Software Update (x32 Version: 2.1.3.127)

Belarc Advisor 8.3 (x32 Version: 8.3.2.0)

Bing Bar (x32 Version: 7.2.241.0)

Bonjour (Version: 3.0.0.10)

BTUpdater 1.3 (x32)

BufferChm (x32 Version: 140.0.298.000)

C7100 (x32 Version: 140.0.425.000)

c7100_Help (x32 Version: 82.0.256.000)

CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.7.2.11)

Canon Internet Library for ZoomBrowser EX (x32 Version: 1.6.3.9)

Canon MOV Decoder (x32 Version: 1.5.0.7)

Canon MOV Encoder (x32 Version: 1.3.1.3)

Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.4.1.9)

Canon Utilities Digital Photo Professional 3.8 (x32 Version: 3.8.0.0)

Canon Utilities EOS Utility (x32 Version: 2.8.1.0)

Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)

Canon Utilities Picture Style Editor (x32 Version: 1.7.0.0)

Canon Utilities WFT Utility (x32 Version: 3.5.1.1)

Canon Utilities ZoomBrowser EX (x32 Version: 6.5.1.15)

Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.3.0.4)

CCleaner (Version: 4.06)

CDBurnerXP (x32 Version: 4.5.2.4214)

Classic Shell (Version: 4.0.0)

Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0)

Copy (x32 Version: 140.0.298.000)

CyberLink LabelPrint (x32 Version: 2.5.1.5510)

CyberLink Media Suite 10 (x32 Version: 10.0.1.1916)

CyberLink PhotoDirector (x32 Version: 2.0.1.3109)

CyberLink Power2Go 8 (x32 Version: 8.0.1.1902)

CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925)

CyberLink PowerDVD (x32 Version: 10.0.1.4319)

D3DX10 (x32 Version: 15.4.2368.0902)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)

Destinations (x32 Version: 140.0.253.000)

DeviceDiscovery (x32 Version: 140.0.298.000)

Die Siedler II - Die nächste Generation (x32)

Diktattrainer plus 5-6 (x32)

DocProc (x32 Version: 140.0.185.000)

DomaIQ Uninstaller (x32)

Download Navigator (x32 Version: 3.4.1)

Druckerdeinstallation für EPSON WF-3540 Series

Emsisoft Anti-Malware (x32 Version: 8.1)

EnBW StromRadar (x32 Version: 2.2.4.1)

Epson Benutzerhandbuch WF-3540 Series (x32)

Epson Connect Printer Setup (x32 Version: 1.1.1)

Epson Easy Photo Print 2 (x32 Version: 2.4.0.0)

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000)

Epson Event Manager (x32 Version: 3.01.0005)

Epson E-Web Print (x32 Version: 1.17.0000)

Epson FAX Utility (x32 Version: 1.30.00)

Epson Netzwerkhandbuch WF-3540 Series (x32)

EPSON Printer Finder (x32 Version: 1.0.0)

EPSON Scan (x32)

EpsonNet Print (x32 Version: 2.5.00)

ExpressCache (Version: 1.0.86)

Fax (x32 Version: 140.0.307.000)

Fotogalerie (x32 Version: 16.4.3505.0912)

Google Chrome (x32 Version: 31.0.1650.63)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0)

Google Toolbar for Internet Explorer (x32 Version: 7.5.4805.320)

Google Update Helper (x32 Version: 1.3.22.3)

GPBaseService2 (x32 Version: 140.0.297.000)

HP Connected Music (Meridian - installer) (x32 Version: v1.0)

HP Connected Remote (x32 Version: 1.0.1206)

HP Customer Experience Enhancements (x32 Version: 6.0.1.7)

HP Customer Participation Program 14.0 (Version: 14.0)

HP Imaging Device Functions 14.0 (Version: 14.0)

HP Photosmart All-In-One Driver Software (Version: 14.0)

HP Postscript Converter (Version: 3.1.3591)

HP Registration Service (Version: 1.0.5976.4186)

HP Solution Center 14.0 (Version: 14.0)

HP Support Assistant (x32 Version: 7.0.39.15)

HP Support Information (x32 Version: 12.00.0000)

HP Update (x32 Version: 5.002.006.003)

HPPhotoGadget (x32 Version: 140.0.524.000)

HPProductAssistant (x32 Version: 140.0.298.000)

HPSSupply (x32 Version: 140.0.297.000)

iCloud (Version: 3.0.2.163)

IDT Audio (x32 Version: 1.0.6418.0)

Intel® Management Engine Components (x32 Version: 8.1.0.1252)

Intel® Trusted Connect Service Client (Version: 1.24.388.1)

Internet Explorer Toolbar 4.7 by SweetPacks (x32 Version: 4.7.0002) <==== ATTENTION

iTunes (Version: 11.1.3. 8)

Java 7 Update 45 (x32 Version: 7.0.450)

Java Auto Updater (x32 Version: 2.1.9. 8)

Junk Mail filter update (x32 Version: 16.4.3505.0912)

Landwirtschafts Simulator 2011 (x32 Version: 1.0)

Landwirtschafts Simulator 2013 (x32 Version: 1.0)

Langenscheidt Vokabeltrainer 6.0 Englisch (x32 Version: 6.0.1)

MailStore Home 8.0.2.8361 (x32 Version: 8.0.2.8361)

Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)

MarketResearch (x32 Version: 140.0.299.000)

McAfee Security Scan Plus (Version: 3.8.130.10)

Microsoft Application Error Reporting (Version: 12.0.6015.5000)

Microsoft Office (x32 Version: 14.0.6120.5004)

Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)

Microsoft Office Home and Student 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000)

Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)

Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000)

Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000)

Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000)

Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)

Movie Maker (x32 Version: 16.4.3505.0912)

Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)

Mozilla Maintenance Service (x32 Version: 25.0.1)

MSVCRT (x32 Version: 15.4.2862.0708)

MSVCRT_amd64 (x32 Version: 15.4.2862.0708)

MSVCRT110 (x32 Version: 16.4.1108.0727)

MSVCRT110_amd64 (Version: 16.4.1109.0912)

MyTomTom 3.2.0.1116 (x32 Version: 3.2.0.1116)

Network64 (Version: 140.0.306.000)

NVIDIA 3D Vision Treiber 327.02 (Version: 327.02)

NVIDIA Grafiktreiber 327.02 (Version: 327.02)

NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4)

NVIDIA Install Application (Version: 2.1002.133.889)

NVIDIA PhysX (x32 Version: 9.12.0613)

NVIDIA PhysX System Software 9.12.0613 (Version: 9.12.0613)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702)

NVIDIA Systemsteuerung 327.02 (Version: 327.02)

OCR Software by I.R.I.S. 14.0 (Version: 14.0)

Online Armor 7.0 (x32 Version: 7.0)

Password Safe (x32)

Personal Backup 5.5 (Version: 5.3)

phase-6 2.3.3 (x32 Version: 2.3.3)

Photo Gallery (x32 Version: 16.4.3505.0912)

Polar Daemon (x32 Version: 2.2.20000)

Polar WebSync (x32 Version: 2.8.10006)

Presto! PageManager 9.03 SE (x32 Version: 9.03.06)

QuickTime (x32 Version: 7.74.80.86)

Recovery Manager (x32 Version: 5.5.0.5530)

RegUtility version 4.1 (x32 Version: 4.1)

Scan (x32 Version: 140.0.253.000)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32)

Shop for HP Supplies (Version: 14.0)

Sigma Data Center 3.1 (x32 Version: 3.1)

Sigma Data Center 3.2 (x32 Version: 3.2)

Software Informer 1.2

Software Updater (x32 Version: 4.1.7)

SolutionCenter (x32 Version: 140.0.299.000)

Status (x32 Version: 140.0.342.000)

SweetIM for Messenger 3.7 (x32 Version: 3.7.0007) <==== ATTENTION

Sweetpacks Bundle Uninstaller (x32 Version: 1.0.0.0) <==== ATTENTION

System Power Shortcuts (x32 Version: 1.3.8209)

Tippmaster v3.5.0 (x32 Version: 3.5.0)

TomTom HOME (x32 Version: 2.9.7)

TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)

Toolbar Cleaner (x32)

Toolbox (x32 Version: 140.0.596.000)

Trackplanner 1.1.12 (x32)

TrayApp (x32 Version: 140.0.297.000)

Tyre (x32 Version: 6.3.1.3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)

Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32)

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)

Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32)

Update Manager for SweetPacks 1.1 (x32 Version: 1.1.0008) <==== ATTENTION

Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)

Vokabeltrainer-Update 6.0.18 (x32 Version: 6.0.18)

WebReg (x32 Version: 140.0.297.017)

Windows Live Communications Platform (x32 Version: 16.4.3505.0912)

Windows Live Essentials (x32 Version: 16.4.3505.0912)

Windows Live Installer (x32 Version: 16.4.3505.0912)

Windows Live Mail (x32 Version: 16.4.3505.0912)

Windows Live Messenger (x32 Version: 16.4.3505.0912)

Windows Live MIME IFilter (Version: 16.4.3505.0912)

Windows Live Photo Common (x32 Version: 16.4.3505.0912)

Windows Live PIMT Platform (x32 Version: 16.4.3505.0912)

Windows Live SOXE (x32 Version: 16.4.3505.0912)

Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912)

Windows Live UX Platform (x32 Version: 16.4.3505.0912)

Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912)

Windows Live Writer (x32 Version: 16.4.3505.0912)

Windows Live Writer Resources (x32 Version: 16.4.3505.0912)

Windows-Treiberpaket - SIGMA Elektro GmbH (usbser) Ports (04/27/2012 5.1.2600.5512) (Version: 04/27/2012 5.1.2600.5512)

WISO Mein Geld 2014 Professional (x32 Version: 16.0.1.0)

WISO Mein Geld 2014 Professional (x32)

WISO Steuer-Sparbuch 2013 (x32 Version: 20.00.8137)

WISO Steuer-Sparbuch 2014 (x32 Version: 21.00.8480)

Zip Opener Packages (HKCU) <==== ATTENTION

==================== Restore Points =========================

12-12-2013 16:12:31 Installed SpyHunter

14-12-2013 09:45:32 Installed SpyHunter

==================== Hosts content: ==========================

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {02797F86-78B4-4B09-987D-C80E2A1EC280} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B5168E2-CCB8-4007-B47F-B39B8700A6F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {4559AA2A-3E4B-49F3-B8F6-6BCADD31DA0E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-05] (Google Inc.)

Task: {487F7CF2-5302-4468-86DE-D2BD852E6CB5} - System32\Tasks\BitGuard => Sc.exe start BitGuard <==== ATTENTION

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {72B10459-4590-4B08-9AC1-0D5EA9820A72} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-11-13] (Microsoft Corporation)

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {79D5B119-27D0-476B-9DA2-1D4FD0B11983} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => C:\Windows\System32\AppXDeploymentClient.dll [2013-09-30] (Microsoft Corporation)

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {B1174188-13B8-48E9-B74E-1A850D5DE550} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)

Task: {B6C86806-D2D5-4E97-AF6B-C7CFA4D8E278} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\Thoosje Vista Sidebar\Thoosje Sidebar.exe

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {F7A07D5A-174A-40AD-AD19-A2971920551D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2012-08-06 22:50 - 2012-08-06 22:50 - 00607744 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\JobCapsA.dll

2012-08-29 11:02 - 2012-08-29 11:02 - 00120224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesModule.dll

2013-10-19 14:53 - 2013-10-19 14:53 - 00120224 _____ () C:\Users\ADMIN\AppData\Local\assembly\dl3\P614JHN7.VQO\W1HP4Z1K.AEP\71599d0e\0017145d_cd85cd01\HPItunesModule.DLL

2012-08-29 11:02 - 2012-08-29 11:02 - 00048544 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\HPItunesProxy.dll

2012-08-29 11:02 - 2012-08-29 11:02 - 00180224 _____ () c:\Program Files (x86)\Hewlett-Packard\HP Connected Remote\zxing.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2012-12-12 14:20 - 2012-12-12 14:20 - 03483856 _____ () C:\Program Files (x86)\Polar\Daemon\libpolar.dll

2012-11-01 22:57 - 2012-07-18 09:50 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2012-11-01 23:03 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2012-06-08 12:34 - 2012-06-08 12:34 - 00016400 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2013-02-26 15:59 - 2013-02-26 15:59 - 00110648 _____ () C:\Program Files (x86)\Polar\WebSync\PTransform.dll

2013-02-26 15:59 - 2013-02-26 15:59 - 03722296 _____ () C:\Program Files (x86)\Polar\WebSync\libpolar.dll

2010-02-10 15:06 - 2010-02-10 15:06 - 00334848 _____ () C:\Program Files (x86)\Polar\WebSync\QtXml4.dll

2010-02-10 15:22 - 2010-02-10 15:22 - 07971840 _____ () C:\Program Files (x86)\Polar\WebSync\QtGui4.dll

2010-02-10 15:07 - 2010-02-10 15:07 - 00929280 _____ () C:\Program Files (x86)\Polar\WebSync\QtNetwork4.dll

2011-01-14 15:01 - 2011-01-14 15:01 - 02142720 _____ () C:\Program Files (x86)\Polar\WebSync\QtCore4.dll

2010-02-10 17:45 - 2010-02-10 17:45 - 00025600 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qgif4.dll

2010-02-10 17:45 - 2010-02-10 17:45 - 00119808 _____ () C:\Program Files (x86)\Polar\WebSync\imageformats\qjpeg4.dll

2013-02-02 19:26 - 2008-11-17 14:56 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\nsSign.dll

2013-02-02 19:26 - 2010-05-07 11:46 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PerformOcr.dll

2013-02-02 19:26 - 2010-12-23 13:17 - 00057344 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMISM.dll

2013-02-02 19:26 - 2010-12-29 17:52 - 00147456 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMCommon.dll

2013-02-02 19:26 - 2008-08-25 17:19 - 00069632 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll

2013-02-02 19:26 - 2007-03-30 10:24 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Qem.dll

2013-02-02 19:26 - 2009-11-26 17:49 - 00081920 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NetFun2k.dll

2013-02-02 19:26 - 2011-03-11 10:47 - 00151040 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ScanModule.dll

2013-02-02 19:26 - 2009-09-09 14:44 - 00151552 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMANO.dll

2013-02-02 19:26 - 2007-03-30 09:49 - 00104528 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\ComClass.dll

2013-02-02 19:26 - 2010-11-30 16:42 - 00352256 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMTree.dll

2013-02-02 19:26 - 2010-10-22 10:01 - 00139264 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSet.dll

2013-02-02 19:26 - 2010-12-29 18:32 - 00614400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDB_N.dll

2013-02-02 19:26 - 2010-07-13 10:48 - 00106496 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMProp.dll

2013-02-02 19:26 - 2010-09-09 18:00 - 00061440 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMINSO.dll

2013-02-02 19:26 - 2007-08-31 17:51 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMVoice.dll

2013-02-02 19:26 - 2010-09-08 17:10 - 00073728 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll

2013-02-02 19:26 - 2009-08-06 10:22 - 00421888 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\FT.dll

2013-02-02 19:26 - 2009-11-27 17:38 - 00331776 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAppBar.dll

2013-02-02 19:26 - 2010-11-26 10:33 - 04583424 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMView.dll

2013-02-02 19:26 - 2007-03-30 10:01 - 00038992 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll

2013-02-02 19:26 - 2010-10-22 10:22 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMSave.dll

2013-02-02 19:26 - 2010-08-03 10:44 - 00049152 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMOffice.dll

2013-02-02 19:26 - 2010-09-26 11:13 - 00430080 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPageVW.dll

2013-02-02 19:26 - 2010-03-02 15:09 - 00102400 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMDocVW.dll

2013-02-02 19:26 - 2010-08-03 10:51 - 01036288 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll

2013-02-02 19:26 - 2010-09-26 11:13 - 00184320 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImgVW.dll

2013-02-02 19:26 - 2008-08-25 16:16 - 00040960 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMIEVW.dll

2013-02-02 19:26 - 2010-09-08 10:52 - 00036864 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMPDFView.dll

2013-02-02 19:26 - 2009-06-26 09:03 - 00086016 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMApSet.dll

2013-02-02 19:26 - 2009-12-04 17:20 - 00323584 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll

2013-02-02 19:26 - 2010-04-27 15:20 - 00065536 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMStatus.dll

2013-02-02 19:26 - 2011-01-21 15:05 - 00258048 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMScnSet.dll

2013-02-02 19:26 - 2007-03-30 09:57 - 00034896 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\Import.dll

2013-02-02 19:26 - 2010-11-26 10:45 - 00090112 _____ () C:\Program Files (x86)\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (12/14/2013 02:59:59 PM) (Source: ESENT) (User: )

Description: svchost (2000) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (12/14/2013 00:02:14 PM) (Source: MsiInstaller) (User: PC)

Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5

Error: (12/14/2013 11:55:51 AM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: MsiExec.exe, Version: 5.0.9600.16384, Zeitstempel: 0x52158c02

Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.16408, Zeitstempel: 0x523d45fa

Ausnahmecode: 0xc0000005

Fehleroffset: 0x000279a4

ID des fehlerhaften Prozesses: 0x1208

Startzeit der fehlerhaften Anwendung: 0xMsiExec.exe0

Pfad der fehlerhaften Anwendung: MsiExec.exe1

Pfad des fehlerhaften Moduls: MsiExec.exe2

Berichtskennung: MsiExec.exe3

Vollständiger Name des fehlerhaften Pakets: MsiExec.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: MsiExec.exe5

Error: (12/13/2013 04:15:54 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: oasrv.exe, Version: 7.0.0.1866, Zeitstempel: 0x2a425e19

Name des fehlerhaften Moduls: oasrv.exe, Version: 7.0.0.1866, Zeitstempel: 0x2a425e19

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00004a5f

ID des fehlerhaften Prozesses: 0x1ecc

Startzeit der fehlerhaften Anwendung: 0xoasrv.exe0

Pfad der fehlerhaften Anwendung: oasrv.exe1

Pfad des fehlerhaften Moduls: oasrv.exe2

Berichtskennung: oasrv.exe3

Vollständiger Name des fehlerhaften Pakets: oasrv.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: oasrv.exe5

Error: (12/13/2013 09:54:35 AM) (Source: ESENT) (User: )

Description: svchost (656) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (12/13/2013 07:29:56 AM) (Source: ESENT) (User: )

Description: svchost (9404) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (12/12/2013 09:48:08 PM) (Source: Application Error) (User: )

Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 25.0.1.5064, Zeitstempel: 0x5282f204

Name des fehlerhaften Moduls: xul.dll, Version: 25.0.1.5064, Zeitstempel: 0x5282f10e

Ausnahmecode: 0xc0000005

Fehleroffset: 0x00118f87

ID des fehlerhaften Prozesses: 0x14f4

Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0

Pfad der fehlerhaften Anwendung: firefox.exe1

Pfad des fehlerhaften Moduls: firefox.exe2

Berichtskennung: firefox.exe3

Vollständiger Name des fehlerhaften Pakets: firefox.exe4

Anwendungs-ID, die relativ zum fehlerhaften Paket ist: firefox.exe5

Error: (12/12/2013 03:09:41 PM) (Source: ESENT) (User: )

Description: svchost (2532) Instance: Bei Überprüfung der aus Datei "C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb" bei Offset 12943360 (0x0000000000c58000) (Datenbankseite svchost0) für 32768 (0x00008000) Bytes gelesenen Datenbankseite ist durch eine Inkonsistenz der Seitenprüfsumme ein Fehler aufgetreten. Die gespeicherte Prüfsumme war [3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09], die berechnete Prüfsumme [0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]. Der Lesevorgang wird mit dem Fehler -1018 (0xfffffc06) beendet. Wenn dieser Zustand andauert, stellen Sie die Datenbank aus einer vorherigen Sicherung wieder her. Dieses Problem ist vermutlich durch fehlerhafte Hardware bedingt. Wenden Sie sich für weitere Unterstützung bei der Diagnose des Problems an Ihren Hardwarehersteller.

Error: (12/11/2013 07:47:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15218

Error: (12/11/2013 07:47:12 PM) (Source: Bonjour Service) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15218

System errors:

=============

Error: (12/14/2013 03:46:52 PM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Es wurde eine schwerwiegende Warnung generiert und an den Remoteendpunkt gesendet. Dies kann dazu führen, dass die Verbindung beendet wird. Die schwerwiegende Warnung hat folgenden für das TLS-Protokoll definierten Code: 40. Der Windows-SChannel-Fehlerstatus lautet: 252.

Error: (12/14/2013 11:42:22 AM) (Source: DCOM) (User: PC)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (12/14/2013 10:42:38 AM) (Source: Service Control Manager) (User: )

Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/14/2013 10:42:38 AM) (Source: Service Control Manager) (User: )

Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (12/14/2013 10:00:17 AM) (Source: Schannel) (User: NT-AUTORITÄT)

Description: Schwerwiegender Fehler beim Zugriff auf den privaten Schlüssel der Anmeldeinformationen Server für SSL. Der vom kryptografischen Modul zurückgegebene Fehlercode lautet 0x8009030d. Der interne Fehlerstatus ist 10001.

Error: (12/14/2013 09:56:56 AM) (Source: disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Error: (12/14/2013 09:56:56 AM) (Source: disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR5 gefunden.

Error: (12/14/2013 09:56:56 AM) (Source: disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (12/13/2013 07:15:20 PM) (Source: disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.

Error: (12/13/2013 07:15:20 PM) (Source: disk) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.

Microsoft Office Sessions:

=========================

Error: (12/14/2013 02:59:59 PM) (Source: ESENT)(User: )

Description: svchost2000Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (12/14/2013 00:02:14 PM) (Source: MsiInstaller)(User: PC)

Description: Produkt: SpyHunter -- Fehler 1721. Es liegt ein dieses Windows Installer-Paket betreffendes Problem vor. Ein für den Abschluss der Installation erforderliches Programm konnte nicht ausgeführt werden. Wenden Sie sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: , Pfad: WiseCustomCall, Befehl: g5 (NULL)(NULL)(NULL)(NULL)(NULL)

Error: (12/14/2013 11:55:51 AM) (Source: Application Error)(User: )

Description: MsiExec.exe5.0.9600.1638452158c02ntdll.dll6.3.9600.16408523d45fac0000005000279a4120801cef8baf5e22221C:\Windows\syswow64\MsiExec.exeC:\WINDOWS\SYSTEM32\ntdll.dll4b5d47d6-64ae-11e3-bfd1-4c72b994d0f4

Error: (12/13/2013 04:15:54 PM) (Source: Application Error)(User: )

Description: oasrv.exe7.0.0.18662a425e19oasrv.exe7.0.0.18662a425e19c000000500004a5f1ecc01cef815a9f0c6beC:\Program Files (x86)\Online Armor\oasrv.exeC:\Program Files (x86)\Online Armor\oasrv.exe74f16b82-6409-11e3-bfd1-4c72b994d0f4

Error: (12/13/2013 09:54:35 AM) (Source: ESENT)(User: )

Description: svchost656Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (12/13/2013 07:29:56 AM) (Source: ESENT)(User: )

Description: svchost9404Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (12/12/2013 09:48:08 PM) (Source: Application Error)(User: )

Description: firefox.exe25.0.1.50645282f204xul.dll25.0.1.50645282f10ec000000500118f8714f401cef7690a839666C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dllb481bcf9-636e-11e3-bfd0-4c72b994d0f4

Error: (12/12/2013 03:09:41 PM) (Source: ESENT)(User: )

Description: svchost2532Instance: C:\ProgramData\Microsoft\Windows\AppRepository\PackageRepository.edb12943360 (0x0000000000c58000)32768 (0x00008000)-1018 (0xfffffc06)[3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09:3ce8da093ce8da09][0000018ab54317e6:0000000000000000:0000000000000000:0000000000000000]394 (0x18A)

Error: (12/11/2013 07:47:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 15218

Error: (12/11/2013 07:47:12 PM) (Source: Bonjour Service)(User: )

Description: Task Scheduling Error: m->NextScheduledEvent 15218

CodeIntegrity Errors:

===================================

Date: 2013-12-13 16:11:21.549

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-13 16:11:21.518

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 17:10:25.312

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 17:10:25.296

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 16:20:46.473

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 16:20:46.454

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 15:56:21.018

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2013-12-12 15:56:20.995

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Percentage of memory in use: 33%

Total physical RAM: 12227.55 MB

Available physical RAM: 8100.66 MB

Total Pagefile: 24515.55 MB

Available Pagefile: 20155.32 MB

Total Virtual: 131072 MB

Available Virtual: 131071.78 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.95 GB) (Free:1610.85 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (Recovery Image) (Fixed) (Total:11.25 GB) (Free:1.32 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive j: (Elements) (Fixed) (Total:931.51 GB) (Free:488.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 1863 GB) (Disk ID: D65FE7C9)

Partition: GPT Partition Type

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 15 GB) (Disk ID: ECA99B82)

Partition 1: (Not Active) - (Size=15 GB) - (Type=73)

========================================================

Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00039E2E)

Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

Share this post


Link to post
Share on other sites

Hi,

Logfiles bitte anhängen :)

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[s1].txt.
Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
  • Starte die sc-cleaner.exe mit einem Doppelclick.
  • Bestätige die Meldung Shortcut Cleaner Finished am Ende des Suchlaufs mit Ok.
  • Eine Logdatei wird sich öffnen (sc-cleaner.txt).
  • Poste den Inhalt mit deiner nächsten Antwort.

Und ein frisches FRST Logfile bitte. Noch Probleme? :)

Share this post


Link to post
Share on other sites

Guten Morgen,
 
habe alle Anweisungen befolgt.
Im IE und Google Chrome erscheint Nation Zoom nicht mehr - leider aber immer noch im Mozilla.
Die Scanergebnisse versuche ich anzuhängen. Ich hoffe das klappt :unsure:

 

Danke

Sabine

 

 

 

 

 

Share this post


Link to post
Share on other sites

Hi,

Firefox bitte komplett deinstallieren, keine Daten behalten, neu installieren. Sicherstellen das keine Shortcuts des Programmes mehr da sind, bevor es neu installiert wird (Desktop, Startmenü....)

Fix mit FRST

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

AppInit_DLLs:   [ ] ()
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
C:\Program Files\Enigma Software Group
 
 
 
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Fix Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.
Noch Probleme?

Share this post


Link to post
Share on other sites

Hallo,

 

Mozilla hab ich gelöscht und neu installiert. Von Nation Zoom keine Spur mehr.

 

Fixlog hänge ich an.

 

Bei der ganzen Aktion ist mir mein Qutlook verloren gegangen!?

Ansonsten siehts glaube ich gut aus.

Share this post


Link to post
Share on other sites

Guten Morgen,

Also ich konnte es nirgends finden. Hab den komplette PC nach Outlook durchsucht.

Blöd dachte ich mir. Mein Mann war leicht angesäuert.

Hab's dann mit der Office cd installiert und im Programmeordner gefunden. Doppelklick darauf um wieder alles einzustellen, aber es war noch alles da. Die Postfächer, Kontakte alles.

Share this post


Link to post
Share on other sites

Hallo nochmal,

 

ja der Rechner funktioniert wieder einwandfrei. Besser als vorher.

Vielen lieben Dank nochmal für die Hilfe.

 

Eine Frage hab ich noch. Die ganzen Tools die wir benutzt haben, bleiben die am Rechner oder sollte ich die löschen??

Und warum findet die Emsisoft -Malware Software diese fiesen Dinge nicht??

 

Schönen Abend noch und hoffentlich benötige ich Ihre Hilfe nicht so schnell wieder.

 

Sabine

Share this post


Link to post
Share on other sites

das Aufräumen kommt jetzt :).

Achtung bitte nicht auf die Werbung auf der Seite klicken!

Downloade dir bitte delfix auf deinen Desktop.

  • Schließe alle offenen Programme.
  • Starte die delfix.exe mit einem Doppelklick.
  • Setze vor jede Funktion ein Häkchen.
  • Klicke auf Start.
  • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

  • Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.
  • Software Updates

    Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.

    Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software
  • Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.
Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

  • Mozilla Firefox.
    • Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
    • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
  • AdblockPlus

    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.

    Es spart ausserdem Downloadkapazität.Performance

    Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC

    Halte dich fern von jedlichen Registry Cleanern.

    Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links

    Miekemoes Blogspot ( MVP )

    Bill Castner ( MVP )

    Don'ts

    • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
    • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
    • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
    • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe
    Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

    Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Share this post


Link to post
Share on other sites

So, da bin ich wieder,

 

habe endlich die Zeit gefunden "aufzuräumen".

 

Ich habe alles wie beschrieben getan, und ich denke alles ist gut.

 

Vielen Dank noch mal

 

Sabine

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.