Kerstin

Trojan.GenericKD.1750064 (Engine A)

By Kerstin, in Hilfe, mein PC ist infiziert!

Recommended Posts

Kerstin    0

Kerstin
Posted

Hallo,

 

mein Virenprogramm (G-Data) hat Trojan.GenericKD festgestellt und kann diesen leider nicht beseitigen.

Könnte mir bitte jemand helfen?

 

Vielen Dank derweilen,

Kerstin

Share this post

Link to post
Share on other sites

schrauber    30

schrauber
Posted

Hi und Herzlich Willkommen beim Emsisoft Support Forum!

Systemscan mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit

(Wenn du nicht sicher bist: Start > Computer (Rechtsklick) > Eigenschaften)

  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Scan.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Bitte beide Logfiles in der nächsten Antwort anhängen

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

... habe mich leider verdrückt.

Ich kann die Dateien leider nicht hochladen.

Es kommt eine Fehlermeldung "The server returned an error during upload"

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

Hier mal die FRST kopiert:

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-07-2014
Ran by User (administrator) on PC on 23-07-2014 12:43:01
Running from C:\Users\User\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe [36352 2013-08-07] (Intel Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1756792 2014-05-20] (G Data Software AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
HKLM\...\Winlogon: [userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1288194900-4253203852-1844218772-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKU\S-1-5-21-1288194900-4253203852-1844218772-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [122200 2014-06-09] (Garmin Ltd or its subsidiaries)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x8B7F85B9336ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll (Microsoft Corporation.)
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default
FF Homepage: hxxp://www.parandian.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @garmin.com/GpsControl - C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2014-05-07]
FF Extension: Tab Mix Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\zom9p3wc.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2014-05-07]

==================== Services (Whitelisted) =================

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-07] ()
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2250360 2014-05-27] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2683760 2014-05-20] (G Data Software AG)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R3 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [3203392 2014-05-20] (G Data Software AG)
R3 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700536 2014-05-20] (G Data Software AG)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-19] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [204576 2014-04-30] (Microsoft)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 cleanhlp; C:\Users\User\Desktop\EEK\Run\cleanhlp64.sys [57024 2014-07-22] (Emsisoft GmbH)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [55808 2014-07-02] (G Data Software AG)
R1 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [20992 2014-07-02] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [142336 2014-07-02] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [64000 2014-07-02] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [67584 2014-07-02] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-05-12] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [61440 2014-07-02] (G Data Software AG)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-19] (Intel Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-23 12:43 - 2014-07-23 12:43 - 00013563 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-23 12:42 - 2014-07-23 12:43 - 00000000 ____D () C:\FRST
2014-07-23 11:25 - 2014-07-23 11:25 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-23 10:54 - 2014-07-23 10:54 - 00104418 _____ () C:\Users\User\Desktop\OTL.Txt
2014-07-23 10:48 - 2014-07-23 10:48 - 00054910 _____ () C:\Users\User\Desktop\Extras.Txt
2014-07-23 10:43 - 2014-07-23 10:43 - 00000076 _____ () C:\Users\User\Desktop\230714_a2scan_140723-103216.txt
2014-07-22 16:49 - 2014-07-22 16:50 - 00000000 ____D () C:\Users\User\Desktop\EEK
2014-07-22 16:32 - 2014-07-22 16:48 - 218241662 _____ () C:\Users\User\Desktop\EmsisoftEmergencyKit.zip
2014-07-22 16:32 - 2014-07-22 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-22 15:38 - 2014-07-22 15:39 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\User\Desktop\yet_another_cleaner_sk.exe
2014-07-21 16:59 - 2014-07-21 16:59 - 00002270 _____ () C:\Users\Public\Desktop\Ulead VideoStudio 7.lnk
2014-07-21 16:59 - 2014-07-21 16:59 - 00000872 _____ () C:\Windows\DirectX.log
2014-07-21 16:59 - 2014-07-21 16:59 - 00000216 _____ () C:\Windows\Ulead32.ini
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Users\User\Documents\Ulead VideoStudio
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ulead Systems
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 7
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Program Files (x86)\Ulead Systems
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\User\Documents\Pinnacle Studio
2014-07-21 16:31 - 2014-07-21 16:32 - 00006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-21 16:01 - 2014-07-21 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
2014-07-21 16:01 - 2014-07-21 16:01 - 00000000 ____D () C:\Program Files (x86)\LooksBuilderSE
2014-07-21 16:01 - 2004-03-29 17:23 - 00090112 _____ (MindVision Software) C:\Windows\unvise32.exe
2014-07-21 15:57 - 2014-07-21 15:57 - 00001214 _____ () C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\Users\User\AppData\Local\Pinnacle
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\Users\Public\Documents\My Projects
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\ProgramData\Pinnacle Studio Ultimate Collection
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 _____ () C:\Windows\SysWOW64\OGLdpf.log
2014-07-21 15:56 - 2014-07-21 15:57 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-21 15:56 - 2014-07-21 15:56 - 00000000 ____D () C:\ProgramData\Studio 14
2014-07-21 15:56 - 2014-07-21 15:56 - 00000000 ____D () C:\ProgramData\Pinnacle Studio Plus
2014-07-21 15:55 - 2014-07-21 16:22 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-21 15:53 - 2014-07-21 16:01 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-21 15:53 - 2014-07-21 15:57 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-21 15:51 - 2014-07-21 15:51 - 00001638 _____ () C:\Users\User\Desktop\Photoshop 7.0.lnk
2014-07-21 15:48 - 2014-07-21 15:48 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2014-07-21 15:48 - 2014-07-21 15:48 - 00001187 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2014-07-21 15:47 - 1998-11-05 11:08 - 00087392 ____N (Twain Working Group) C:\Windows\twain.dll
2014-07-21 15:44 - 1998-10-21 18:43 - 00328704 _____ (InstallShield Software Corporation ) C:\Windows\IsUn0407.exe
2014-07-21 15:34 - 2014-07-21 15:28 - 00002497 _____ () C:\Users\User\Desktop\Adobe Illustrator CS.lnk
2014-07-21 15:28 - 2014-07-21 15:28 - 00002605 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS.lnk
2014-07-21 15:28 - 2014-07-21 15:28 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-21 15:28 - 2001-11-14 20:19 - 00016384 _____ () C:\Windows\SysWOW64\FileOps.exe
2014-07-21 15:22 - 2014-07-21 15:22 - 00000000 ____D () C:\Windows\Adobe Illustrator CS
2014-07-16 20:00 - 2014-07-16 20:00 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WinRAR
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-11 14:00 - 2014-07-11 14:00 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-11 11:22 - 2014-07-11 11:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-10 20:43 - 2014-07-21 15:46 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-10 20:43 - 2014-07-10 20:43 - 00001013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-07-10 20:43 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-10 20:43 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-10 20:42 - 2014-07-21 15:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-10 20:39 - 2014-07-21 15:24 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-07-10 19:31 - 2014-07-10 19:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-10 19:30 - 2014-07-10 19:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-10 11:07 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 10:59 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-10 10:59 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-10 10:59 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-10 10:59 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-10 10:59 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-10 10:59 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-10 10:59 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-10 10:59 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-10 10:59 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-10 10:59 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-10 10:59 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-10 10:59 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-10 10:59 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-10 10:59 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-10 10:59 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-10 10:59 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-10 10:59 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-10 10:59 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-10 10:59 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-10 10:59 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-10 10:59 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-10 10:59 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-10 10:59 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-10 10:59 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-10 10:59 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-10 10:59 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-10 10:59 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-10 10:59 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-10 10:59 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-10 10:59 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-10 10:59 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-10 10:59 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-07-10 10:59 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-07-10 10:59 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-07-10 10:59 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-07-10 10:59 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-07-10 10:59 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-10 10:58 - 2014-07-01 00:45 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-10 10:58 - 2014-06-28 09:48 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-10 10:58 - 2014-06-28 09:07 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-07-10 10:58 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-10 10:58 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-10 10:58 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-10 10:58 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2014-07-10 10:58 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-07-10 10:58 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-07-10 10:58 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:58 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-10 10:58 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-10 10:58 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-10 10:58 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-10 10:58 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-10 10:58 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-10 10:58 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\twinui.appcore.dll
2014-07-10 10:58 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-07-10 10:58 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.appcore.dll
2014-07-10 10:58 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-07-10 10:57 - 2014-07-10 10:57 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-02 12:52 - 2014-07-02 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-06-28 16:39 - 2014-07-21 18:11 - 00012265 _____ () C:\Users\User\Desktop\to do_kerstin.odt
2014-06-24 13:33 - 2014-07-23 12:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2014-07-23 12:43 - 2014-07-23 12:43 - 00013563 _____ () C:\Users\User\Desktop\FRST.txt
2014-07-23 12:43 - 2014-07-23 12:42 - 00000000 ____D () C:\FRST
2014-07-23 12:40 - 2014-05-07 17:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-23 12:36 - 2014-05-07 22:34 - 00003902 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{73C4427F-4D97-43F8-9302-E7C9E66FCA95}
2014-07-23 12:16 - 2014-04-02 22:32 - 01570646 _____ () C:\Windows\WindowsUpdate.log
2014-07-23 12:08 - 2014-06-24 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-23 11:25 - 2014-07-23 11:25 - 02090496 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-07-23 11:02 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\system32\sru
2014-07-23 10:54 - 2014-07-23 10:54 - 00104418 _____ () C:\Users\User\Desktop\OTL.Txt
2014-07-23 10:48 - 2014-07-23 10:48 - 00054910 _____ () C:\Users\User\Desktop\Extras.Txt
2014-07-23 10:43 - 2014-07-23 10:43 - 00000076 _____ () C:\Users\User\Desktop\230714_a2scan_140723-103216.txt
2014-07-23 10:35 - 2014-04-02 22:36 - 01780340 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-23 10:35 - 2013-08-23 01:24 - 00765378 _____ () C:\Windows\system32\perfh007.dat
2014-07-23 10:35 - 2013-08-23 01:24 - 00159696 _____ () C:\Windows\system32\perfc007.dat
2014-07-23 10:29 - 2013-08-22 16:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-23 10:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-07-23 10:16 - 2014-04-02 22:37 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1288194900-4253203852-1844218772-1001
2014-07-23 09:51 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-07-23 09:40 - 2013-08-22 16:44 - 05008616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-22 16:50 - 2014-07-22 16:49 - 00000000 ____D () C:\Users\User\Desktop\EEK
2014-07-22 16:48 - 2014-07-22 16:32 - 218241662 _____ () C:\Users\User\Desktop\EmsisoftEmergencyKit.zip
2014-07-22 16:32 - 2014-07-22 16:32 - 00602112 _____ (OldTimer Tools) C:\Users\User\Desktop\OTL.exe
2014-07-22 15:39 - 2014-07-22 15:38 - 12787224 _____ (Elex do Brasil Participações Ltda) C:\Users\User\Desktop\yet_another_cleaner_sk.exe
2014-07-21 18:11 - 2014-06-28 16:39 - 00012265 _____ () C:\Users\User\Desktop\to do_kerstin.odt
2014-07-21 16:59 - 2014-07-21 16:59 - 00002270 _____ () C:\Users\Public\Desktop\Ulead VideoStudio 7.lnk
2014-07-21 16:59 - 2014-07-21 16:59 - 00000872 _____ () C:\Windows\DirectX.log
2014-07-21 16:59 - 2014-07-21 16:59 - 00000216 _____ () C:\Windows\Ulead32.ini
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Users\User\Documents\Ulead VideoStudio
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Ulead Systems
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\ProgramData\Ulead Systems
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ulead VideoStudio 7
2014-07-21 16:59 - 2014-07-21 16:59 - 00000000 ____D () C:\Program Files (x86)\Ulead Systems
2014-07-21 16:59 - 2014-04-02 23:26 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-21 16:32 - 2014-07-21 16:32 - 00000000 ____D () C:\Users\User\Documents\Pinnacle Studio
2014-07-21 16:32 - 2014-07-21 16:31 - 00006656 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-21 16:22 - 2014-07-21 15:55 - 00000349 _____ () C:\Users\Public\Documents\PCLECHAL.INI
2014-07-21 16:02 - 2014-07-21 16:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Studio Plugins
2014-07-21 16:01 - 2014-07-21 16:01 - 00000000 ____D () C:\Program Files (x86)\LooksBuilderSE
2014-07-21 16:01 - 2014-07-21 15:53 - 00000000 ____D () C:\Program Files (x86)\Pinnacle
2014-07-21 15:58 - 2014-06-03 16:06 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-07-21 15:57 - 2014-07-21 15:57 - 00001214 _____ () C:\Users\Public\Desktop\Pinnacle Studio 14.lnk
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\Users\User\AppData\Local\Pinnacle
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\Users\Public\Documents\My Projects
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\ProgramData\Pinnacle Studio Ultimate Collection
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pinnacle Studio 14
2014-07-21 15:57 - 2014-07-21 15:57 - 00000000 _____ () C:\Windows\SysWOW64\OGLdpf.log
2014-07-21 15:57 - 2014-07-21 15:56 - 00000000 ____D () C:\Users\Public\Documents\Pinnacle
2014-07-21 15:57 - 2014-07-21 15:53 - 00000000 ____D () C:\ProgramData\Pinnacle
2014-07-21 15:56 - 2014-07-21 15:56 - 00000000 ____D () C:\ProgramData\Studio 14
2014-07-21 15:56 - 2014-07-21 15:56 - 00000000 ____D () C:\ProgramData\Pinnacle Studio Plus
2014-07-21 15:51 - 2014-07-21 15:51 - 00001638 _____ () C:\Users\User\Desktop\Photoshop 7.0.lnk
2014-07-21 15:48 - 2014-07-21 15:48 - 00001192 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2014-07-21 15:48 - 2014-07-21 15:48 - 00001187 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2014-07-21 15:48 - 2014-04-02 22:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-07-21 15:46 - 2014-07-10 20:43 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-21 15:35 - 2014-07-10 20:42 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-21 15:34 - 2014-04-02 22:32 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-07-21 15:28 - 2014-07-21 15:34 - 00002497 _____ () C:\Users\User\Desktop\Adobe Illustrator CS.lnk
2014-07-21 15:28 - 2014-07-21 15:28 - 00002605 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CS.lnk
2014-07-21 15:28 - 2014-07-21 15:28 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-07-21 15:24 - 2014-07-10 20:39 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-07-21 15:22 - 2014-07-21 15:22 - 00000000 ____D () C:\Windows\Adobe Illustrator CS
2014-07-17 12:58 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\rescache
2014-07-16 20:00 - 2014-07-16 20:00 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files\iTunes
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files\iPod
2014-07-16 20:00 - 2014-07-16 20:00 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-07-15 15:26 - 2013-08-22 16:46 - 00025645 _____ () C:\Windows\setupact.log
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\WinRAR
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-11 15:26 - 2014-07-11 15:26 - 00000000 ____D () C:\Program Files\7-Zip
2014-07-11 14:00 - 2014-07-11 14:00 - 00000000 ____D () C:\Program Files\WinRAR
2014-07-11 13:36 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2014-07-11 11:38 - 2014-05-09 14:52 - 00000000 ____D () C:\Users\User\Documents\Eigene Scans
2014-07-11 11:22 - 2014-07-11 11:22 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-07-10 20:43 - 2014-07-10 20:43 - 00001013 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-07-10 20:43 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2014-07-10 20:43 - 2014-07-10 20:43 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2014-07-10 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Windows\ToastData
2014-07-10 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 20:25 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-10 20:25 - 2013-08-22 17:36 - 00000000 ____D () C:\Windows\WinStore
2014-07-10 19:43 - 2014-05-29 12:37 - 00000000 ____D () C:\Users\User\AppData\Roaming\Apple Computer
2014-07-10 19:31 - 2014-07-10 19:31 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-07-10 19:30 - 2014-07-10 19:30 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_netaapl64_01009.Wdf
2014-07-10 19:20 - 2014-06-03 15:55 - 00012250 _____ () C:\Users\User\Desktop\to do_laurenz.odt
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-10 14:56 - 2014-07-10 14:56 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-10 11:08 - 2013-08-22 17:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-07-10 11:07 - 2014-05-07 18:35 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-10 11:07 - 2014-05-07 18:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-10 11:07 - 2013-08-23 01:26 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-10 11:07 - 2013-08-22 15:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-07-10 11:06 - 2014-07-10 11:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-10 10:57 - 2014-07-10 10:57 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe
2014-07-08 19:40 - 2014-05-07 17:18 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-02 12:52 - 2014-07-02 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-07-02 12:52 - 2014-05-08 10:41 - 00020992 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-07-02 12:52 - 2014-05-08 10:41 - 00001998 _____ () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-07-02 12:52 - 2014-05-07 17:06 - 00064000 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-07-02 12:52 - 2014-05-07 17:05 - 00142336 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-07-02 12:52 - 2014-05-07 17:05 - 00067584 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-07-02 12:52 - 2014-05-07 17:05 - 00061440 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-07-02 12:52 - 2014-05-07 17:05 - 00055808 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-07-02 12:52 - 2014-05-07 16:56 - 00000000 ____D () C:\ProgramData\G Data
2014-07-02 12:51 - 2014-05-07 17:05 - 00051984 _____ () C:\Windows\DPINST.LOG
2014-07-01 00:45 - 2014-07-10 10:58 - 00688128 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-28 15:12 - 2014-05-07 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-28 09:48 - 2014-07-10 10:58 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-28 09:07 - 2014-07-10 10:58 - 00385536 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2014-06-26 22:55 - 2013-08-22 17:38 - 00703968 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-26 22:55 - 2013-08-22 17:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-24 12:37 - 2014-05-07 22:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\Bootstrapper.exe
C:\Users\User\AppData\Local\Temp\BootstrapperARA.dll
C:\Users\User\AppData\Local\Temp\BootstrapperARU.dll
C:\Users\User\AppData\Local\Temp\BootstrapperCHS.dll
C:\Users\User\AppData\Local\Temp\BootstrapperCHT.dll
C:\Users\User\AppData\Local\Temp\BootstrapperCSY.dll
C:\Users\User\AppData\Local\Temp\BootstrapperDAN.dll
C:\Users\User\AppData\Local\Temp\BootstrapperDEU.dll
C:\Users\User\AppData\Local\Temp\BootstrapperELL.dll
C:\Users\User\AppData\Local\Temp\BootstrapperENU.dll
C:\Users\User\AppData\Local\Temp\BootstrapperESN.dll
C:\Users\User\AppData\Local\Temp\BootstrapperESP.dll
C:\Users\User\AppData\Local\Temp\BootstrapperFIN.dll
C:\Users\User\AppData\Local\Temp\BootstrapperFRA.dll
C:\Users\User\AppData\Local\Temp\BootstrapperHEB.dll
C:\Users\User\AppData\Local\Temp\BootstrapperHRV.dll
C:\Users\User\AppData\Local\Temp\BootstrapperHUN.dll
C:\Users\User\AppData\Local\Temp\BootstrapperITA.dll
C:\Users\User\AppData\Local\Temp\BootstrapperJPN.dll
C:\Users\User\AppData\Local\Temp\BootstrapperKOR.dll
C:\Users\User\AppData\Local\Temp\BootstrapperLOC.dll
C:\Users\User\AppData\Local\Temp\BootstrapperNLD.dll
C:\Users\User\AppData\Local\Temp\BootstrapperNOR.dll
C:\Users\User\AppData\Local\Temp\BootstrapperPLK.dll
C:\Users\User\AppData\Local\Temp\BootstrapperPTB.dll
C:\Users\User\AppData\Local\Temp\BootstrapperPTG.dll
C:\Users\User\AppData\Local\Temp\BootstrapperRUS.dll
C:\Users\User\AppData\Local\Temp\BootstrapperSKY.dll
C:\Users\User\AppData\Local\Temp\BootstrapperSLV.dll
C:\Users\User\AppData\Local\Temp\BootstrapperSVE.dll
C:\Users\User\AppData\Local\Temp\BootstrapperTHA.dll
C:\Users\User\AppData\Local\Temp\BootstrapperTRK.dll
C:\Users\User\AppData\Local\Temp\BootstrapperUKR.dll
C:\Users\User\AppData\Local\Temp\dotnetfx35setup.exe
C:\Users\User\AppData\Local\Temp\GarminInstall.exe
C:\Users\User\AppData\Local\Temp\_is24FE.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-15 11:47

==================== End Of Log ============================

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

... und hier die Addition kopiert:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-07-2014
Ran by User at 2014-07-23 12:43:17
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Illustrator CS (HKLM-x32\...\{91A4AD99-69CE-4745-97B7-0E0DFBECFDE5}) (Version: 11 - Adobe Systems, Inc.)
Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (HKLM-x32\...\{21ECABC3-40B2-42DF-8E21-ACF3A4D0D95A}) (Version: 3.0.5 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C309a (x32 Version: 140.0.846.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
doPDF (Version: 8.0.906 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{a137ef5e-56f5-4cca-89f8-80df47fc4521}) (Version: 8.0.906.0 - Softland)
Elevated Installer (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.4 - G Data Software AG)
Garmin Communicator Plugin (HKLM-x32\...\{71DBFBF2-F7EB-4268-8485-9471D83C4E66}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Communicator Plugin x64 (HKLM\...\{70A381F1-C161-4D61-A20C-BE12FC6777DF}) (Version: 4.2.0 - Garmin Ltd or its subsidiaries)
Garmin Express (HKLM-x32\...\{55ae01f2-f0a8-4342-a9cc-a0327cdaa811}) (Version: 3.2.7.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 3.2.7.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Garmin WebUpdater (HKLM-x32\...\{AE1EC58E-B2AC-4959-A4C2-C38202A25239}) (Version: 2.5.6 - Garmin Ltd or its subsidiaries)
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart C309a All-In-One Driver Software 14.0 Rel. 6 (HKLM\...\{F089B734-1356-484F-A7B8-1B78F1616A15}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3262 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.8.0.1016 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
iTunes (HKLM\...\{33E28B58-7BA0-47B7-AA01-9225ABA2B8A9}) (Version: 11.3.0.54 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Knoll Light Factory EZ Studio (HKLM-x32\...\Knoll Light Factory EZ Studio) (Version:  - )
Magic Bullet Looks Studio (HKLM-x32\...\Magic Bullet Looks Studio) (Version:  - )
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
novaPDF 8 Printer Driver (HKLM\...\{1FE809AB-642F-451E-9F9C-7A2238B5A9FB}) (Version: 8.0.906 - Softland)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OpenOffice 4.1.0 (HKLM-x32\...\{E19483E2-6C18-494D-A307-D4498BCFD2C7}) (Version: 4.10.9764 - Apache Software Foundation)
Pinnacle Studio 14 (HKLM-x32\...\{AADD1C8F-D59F-4D55-A726-768C71A205A8}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Studio Ultimate Collection Plugins (HKLM-x32\...\{F5C372A1-40F3-49DA-A049-F75CDE9177DC}) (Version: 14.0.0.7255 - Pinnacle Systems)
Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
PS_AIO_05_C309_Software_Min (x32 Version: 140.0.855.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Red Giant ToonIt Studio (HKLM-x32\...\Red Giant ToonIt Studio) (Version:  - )
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
Trapcode 3DStroke Studio (HKLM-x32\...\Trapcode 3DStroke Studio) (Version:  - )
Trapcode Particular Studio (HKLM-x32\...\Trapcode Particular Studio) (Version:  - )
Trapcode Shine Studio (HKLM-x32\...\Trapcode Shine Studio) (Version:  - )
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ulead VideoStudio 7 SE Basic (HKLM-x32\...\{757AD3D4-036B-42FA-B0A4-96BD6F4605A0}) (Version: 7.0 - Ulead Systems, Inc.)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Driver Package - Garmin (grmnusb) GARMIN Devices  (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows-Treiberpaket - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows-Treiberpaket - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinRAR 5.10 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

==================== Restore Points  =========================

11-07-2014 13:26:06 Installed 7-Zip 9.20 (x64 edition)
21-07-2014 13:27:21 Installiert Adobe Illustrator CS

==================== Hosts content: ==========================

2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05437506-B845-4749-B97A-063B9B069D2A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {27D962FC-144B-4647-8F50-FB23034BA261} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-04-30] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {5496D42F-8743-4350-A576-3B2CFF9E73AE} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {628CD93E-FFBB-4EA8-9501-2C97C85A4A6E} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {98785033-CC17-4244-A7EF-233C31E2ABDC} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B7E0BF36-99D8-4C24-97B7-A924194FB103} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {B9EC6D45-E19D-4E29-B35E-78AAB3B3BA90} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-10] (Microsoft Corporation)
Task: {BE0FE4D3-AA15-43C5-9A3B-FF642F784E7C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E340CEF3-4118-4922-9801-D4DEF50500AF} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express Self Updater\ExpressSelfUpdater.exe [2014-06-09] ()
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {EC8B436E-964D-4857-B65D-3BE93DE4CDA7} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2014-04-30 15:41 - 2014-04-30 15:41 - 00017920 _____ () C:\Windows\System32\novamn8.dll
2014-04-02 23:21 - 2013-05-07 09:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2014-05-15 19:46 - 2014-05-15 19:46 - 00130933 _____ () C:\Windows\TEMP\bfecfd06-a508-454d-a95b-17cabd8e5c04\AgileDotNetRT64.dll
2014-05-15 19:46 - 2014-05-15 19:46 - 00130933 _____ () C:\Windows\TEMP\ce98dbf9-9a5d-4dd4-aa9f-e7ee1148a36d\AgileDotNetRT64.dll
2014-05-20 03:38 - 2014-05-20 03:38 - 00340088 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-04-02 23:21 - 2014-07-23 10:29 - 00027136 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-04-02 23:21 - 2013-05-07 09:45 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-04-02 23:27 - 2013-08-19 11:10 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-24 13:33 - 2014-06-24 13:33 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Photosmart C309a series
Description: Photosmart C309a series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/21/2014 04:59:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC)
Description: Produkt: Windows Media Encoder 9-Reihe -- Diese Version von Windows Media Encoder 9-Reihe kann nur unter Windows 2000, Windows XP und Windows .NET Server installiert werden.

Error: (07/21/2014 03:48:21 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: There was an error with the Windows Location Provider database

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/21/2014 08:54:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:26:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:26:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:26:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/18/2014 08:26:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"1".
Die abhängige Assemblierung "Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".


System errors:
=============
Error: (07/23/2014 00:22:49 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/23/2014 09:51:28 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/23/2014 09:40:55 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎22.‎07.‎2014 um 17:34:26 unerwartet heruntergefahren.

Error: (07/23/2014 09:40:43 AM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT-AUTORITÄT)
Description: 32212256844794523533248472

Error: (07/22/2014 00:17:58 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/21/2014 08:54:53 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (07/21/2014 08:54:23 AM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/18/2014 02:49:01 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/17/2014 02:31:26 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (07/17/2014 00:59:36 PM) (Source: DCOM) (EventID: 10010) (User: PC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}


Microsoft Office Sessions:
=========================
Error: (07/21/2014 04:59:47 PM) (Source: MsiInstaller) (EventID: 10005) (User: PC)
Description: Produkt: Windows Media Encoder 9-Reihe -- Diese Version von Windows Media Encoder 9-Reihe kann nur unter Windows 2000, Windows XP und Windows .NET Server installiert werden.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (07/21/2014 03:48:21 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT-AUTORITÄT)
Description: -2147024883

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (07/21/2014 08:54:10 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (07/21/2014 08:54:09 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll

Error: (07/18/2014 08:26:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdDefrag.dll

Error: (07/18/2014 08:26:29 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdCaps.dll

Error: (07/18/2014 08:26:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKEngine.dll

Error: (07/18/2014 08:26:28 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="x86",type="win32",version="9.0.30729.1"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\DWA\resources\libraries\ARKCmdFS.dll


==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 8064.19 MB
Available physical RAM: 5952.02 MB
Total Pagefile: 9344.19 MB
Available Pagefile: 6793.97 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:111.45 GB) (Free:52.48 GB) NTFS
Drive i: (Volume) (Fixed) (Total:1863.01 GB) (Free:1252.71 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: AA5A1BA2)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6487F287)
Partition 1: (Not Active) - (Size=-198626508800) - (Type=07 NTFS)

==================== End Of Log ============================

Share this post

Link to post
Share on other sites

schrauber    30

schrauber
Posted

Hi,

wo findet GDATA das denn? Bitte das Log davon posten wenn vorhanden, oder einen Screenshot. Ebenso bitte das Logfile von Emsisoft Antimalware direkt in den Thread posten, ich kann das Attachment aus deinem ersten Post nicht öffnen.

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

Hi Thomas,

 

G-Data findet auf einmal diesen Trojaner nicht mehr.

Ich habe auch eine externe Festplatte gescannt, nichts.

Ich habe heute mehrere Scan´s mit G-Data gemacht, da ich es nicht glauben kann, dass der Trojan weg wäre.

 

Leider kommen bei der Textdatei "a2scan_140724-200748.txt" von Emergency Kit immer nur Hieroglyphen raus

ÿþE#m#s#i#s#o#f#t# #E#m#e#r#g#e#n#c#y# #K#i#t# #-# #V#e#r#s#i#o#n# #4#.#0#

 

Mach ich evtl. etwas beim Abspeichern falsch?

 

 

 

 

 

Meine Mails werden auf einmal über Thunderbird auch wieder abgerufen.

Dies hat die letzten Tage nicht funktioniert.

 

Kann es sein, dass der Trojan.GenericKD auf wundersame Weise verschwunden ist?

 

Bin sehr verunsichert, da ich mich auch nicht gut auskenne.

 

Grüße,

Kerstin

 

 

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

Hallo Thomas,

 

sicher, du müsstest mir nur bitte erklären, was ich dann machen muss.

Leider (eigentlich gottseidank) fahren wir heute auf Urlaub.

Dürfte ich mich bei dir in der KW 34, nach unserer Rückkehr nochmals melden?

 

Vielen herzlichen Dank derweilen für deine Bemühungen.

Schöne Wochen bis dahin,

Kerstin

Share this post

Link to post
Share on other sites

Kerstin    0

Kerstin
Posted

Hallo Thomas,

nun bin ich wieder aus dem Urlaub zurück.

Gestern war der Computerfachmann bei mir, bei dem ich den Rechner vor ein paar Wochen gekauft habe.

Dieser hat alles durchgeschaut und geprüft und nichts gefunden.

Es funktioniert komischerweise auch wieder alles - hoffe, es bleibt so.

Vielen herzlichen Dank an dich und eurem tollen Forum.

Schöne Grüße,

Kerstin

Share this post

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Go To Topic Listing Hilfe, mein PC ist infiziert!

  • Recently Browsing   0 members

    No registered users viewing this page.