|
Plagegeister aller Art und deren Bekämpfung: Connection Vuupc (Virus?)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
31.03.2014, 18:00 | #1 |
| Connection Vuupc (Virus?) Hallo Ich habe seit mehreren Wochen das Problem, das sich ein Programm immer wieder von selbst wiederherstellt. D.h. wenn ich den Computer immer wieder einschalte, das die ganze Zeit das folgende Programm wiederherstellt. Ein Screen ist drin. Zum 2ten ist, das immer wieder im Spiel und woanders irgendwann so eine Komische Anzeige kommt und der Computer sich festfährt. Das Letztere habe ich durch einen Virenscan zum Glück losbekommen (Also das er sich festfährt) Es wäre nett zu wissen, ob das ein Virus/Trojaner whatever ist oder was anderes. Falls ich nochwas Hinzufügen sollte, dann einfach sagen |
31.03.2014, 18:13 | #2 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?)Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...
Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Scan mit FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
31.03.2014, 18:25 | #3 |
| Connection Vuupc (Virus?) Zuerst den FRST - Editor
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Tom (administrator) on TOM-PC on 31-03-2014 19:20:49 Running from C:\Users\Tom\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe () C:\Windows\system32\atwtusb.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE () C:\Windows\System32\WTMKM.exe (Spotify Ltd) C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe () C:\Windows\system32\atwtusb.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [12482048 2012-03-07] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify Web Helper] - C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify] - C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe [6118400 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-09] (Electronic Arts) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-19] (Google Inc.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\MountPoints2: {288dd114-1935-11e2-a04a-806e6f6e6963} - E:\ASRSetup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x314853294CADCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319741&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2ADA3A3C-BA8D-4255-8C60-B76C7482F7F7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {8CBF6C72-6567-46f5-9EC8-2D3B8313A577} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: https://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Extension: (Angry Birds) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-22] CHR Extension: (Kaspersky Protection) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-24] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-18] CHR Extension: (GMX MailCheck) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-03-04] CHR Extension: (Google-Suche) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-08-31] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-08-31] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-08-31] CHR Extension: (Virtual Keyboard) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-08-31] CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Google Mail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 VOsrv; C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] () R2 WTService; C:\Windows\system32\atwtusb.exe [584192 2012-02-07] () S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X] ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:20 - 2014-03-31 19:20 - 00019329 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 00000000 ____D () C:\FRST 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:37 - 2014-03-31 18:37 - 00000056 _____ () C:\Windows\setupact.log 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-28 17:04 - 2014-03-29 12:37 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Fick dich Donner Song Bilder xD - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Ethik (kotz) - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Documents - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\1. Weltkrieg! - Kopie 2014-03-28 17:04 - 2013-10-05 13:21 - 00000000 ____D () C:\Users\Tom\Downloads\Geopraphie - Kopie 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 19:58 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-25 17:09 - 2014-03-27 17:14 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-22 12:25 - 2014-03-31 18:40 - 00285919 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 17:22 - 2014-03-21 17:33 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:21 - 2014-03-21 17:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:21 - 2014-03-21 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-13 18:12 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 18:12 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 18:12 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 18:12 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 18:12 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 18:12 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 18:12 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 18:12 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 18:12 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 18:12 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 18:12 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 18:12 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 18:12 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 18:12 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 18:12 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 18:12 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 18:12 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 18:12 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 18:12 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 18:12 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 18:12 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 18:12 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 18:12 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:54 - 2014-03-21 17:36 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 17:54 - 2014-03-21 17:35 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-11 17:54 - 2014-02-25 12:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-11 17:19 - 2014-03-21 17:35 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-11 17:19 - 2014-03-21 17:32 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 17:55 - 2014-03-29 18:23 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-06 16:55 - 2014-03-06 16:55 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-05 18:05 - 2014-03-31 19:18 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-03-05 18:05 - 2014-03-05 18:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:05 - 2014-03-05 18:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\SearchProtect 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:16 - 2014-03-04 18:40 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX 2014-03-01 14:30 - 2014-03-01 14:30 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Awesomium 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\Users\Tom\Documents\Elder Scrolls Online 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online 2014-03-01 12:20 - 2014-03-01 12:20 - 00001399 _____ () C:\Users\Tom\Desktop\The Elder Scrolls Online Beta.lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:20 - 2014-03-31 19:20 - 00019329 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 00000000 ____D () C:\FRST 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:18 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:53 - 2013-08-31 19:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-31 18:48 - 2012-10-19 16:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-31 18:44 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:44 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:43 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 18:43 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 18:43 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 18:40 - 2014-03-22 12:25 - 00285919 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 18:39 - 2013-12-06 18:33 - 00000000 ____D () C:\ProgramData\Origin 2014-03-31 18:39 - 2012-10-18 19:51 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 18:38 - 2014-02-18 14:22 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-03-31 18:38 - 2013-12-06 18:33 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-31 18:38 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify 2014-03-31 18:38 - 2013-07-23 19:26 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TS3Client 2014-03-31 18:38 - 2012-10-18 19:51 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 18:38 - 2012-10-18 17:18 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-03-31 18:37 - 2014-03-31 18:37 - 00000056 _____ () C:\Windows\setupact.log 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-31 18:37 - 2013-05-22 14:07 - 00000000 ____D () C:\Users\Tom\AppData\Local\LogMeIn Hamachi 2014-03-31 18:37 - 2012-10-18 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-31 18:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 18:37 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini 2014-03-31 17:46 - 2012-10-18 20:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\.minecraft 2014-03-31 17:45 - 2014-01-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-29 18:23 - 2014-03-10 17:55 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-29 12:37 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-29 12:23 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-27 17:14 - 2014-03-25 17:09 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-24 17:40 - 2013-08-31 19:35 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-24 17:40 - 2013-08-31 19:35 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-21 17:37 - 2013-08-17 19:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-21 17:36 - 2014-03-11 17:54 - 00000000 ____D () C:\ProgramData\Avira 2014-03-21 17:36 - 2012-12-08 09:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-21 17:35 - 2014-03-11 17:54 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-21 17:35 - 2014-03-11 17:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-21 17:33 - 2014-03-21 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:33 - 2013-11-18 14:36 - 00000000 ____D () C:\ProgramData\Tablet 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:07 - 00000000 ____D () C:\Users\Tom 2014-03-21 17:32 - 2014-03-11 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-21 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-21 17:23 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:22 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-14 16:09 - 2009-07-14 06:45 - 00490760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 18:36 - 2012-10-18 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 18:08 - 2013-07-23 19:26 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-12 18:48 - 2012-10-19 16:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 18:48 - 2012-10-19 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 18:48 - 2012-10-19 16:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 18:43 - 2014-02-18 14:22 - 00000000 ____D () C:\Program Files (x86)\Fortunitas 2014-03-11 18:10 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 18:03 - 2013-12-27 11:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-08 12:01 - 2012-10-18 17:18 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-03-06 16:55 - 2014-03-06 16:55 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-05 18:13 - 2014-03-05 18:05 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:13 - 2014-03-05 18:05 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:40 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX 2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\SearchProtect 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-03-01 14:30 - 2014-03-01 14:30 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Awesomium 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\Users\Tom\Documents\Elder Scrolls Online 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online 2014-03-01 12:20 - 2014-03-01 12:20 - 00001399 _____ () C:\Users\Tom\Desktop\The Elder Scrolls Online Beta.lnk 2014-03-01 08:05 - 2014-03-13 18:12 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 07:17 - 2014-03-13 18:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 07:16 - 2014-03-13 18:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 06:58 - 2014-03-13 18:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 06:52 - 2014-03-13 18:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 06:51 - 2014-03-13 18:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 06:42 - 2014-03-13 18:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 06:40 - 2014-03-13 18:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 06:37 - 2014-03-13 18:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 06:33 - 2014-03-13 18:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 06:33 - 2014-03-13 18:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 06:32 - 2014-03-13 18:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 06:30 - 2014-03-13 18:12 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 06:23 - 2014-03-13 18:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 06:17 - 2014-03-13 18:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 06:11 - 2014-03-13 18:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 06:02 - 2014-03-13 18:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 05:54 - 2014-03-13 18:12 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 05:52 - 2014-03-13 18:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 05:51 - 2014-03-13 18:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 05:47 - 2014-03-13 18:12 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 05:43 - 2014-03-13 18:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 05:43 - 2014-03-13 18:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 05:42 - 2014-03-13 18:12 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 05:40 - 2014-03-13 18:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 05:38 - 2014-03-13 18:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 05:37 - 2014-03-13 18:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 05:35 - 2014-03-13 18:12 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 05:18 - 2014-03-13 18:12 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 05:16 - 2014-03-13 18:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 05:14 - 2014-03-13 18:12 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 05:10 - 2014-03-13 18:12 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 05:03 - 2014-03-13 18:12 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 05:00 - 2014-03-13 18:12 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 04:57 - 2014-03-13 18:12 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 04:38 - 2014-03-13 18:12 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 04:32 - 2014-03-13 18:12 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 04:27 - 2014-03-13 18:12 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 04:25 - 2014-03-13 18:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 04:25 - 2014-03-13 18:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-25 18:33 ==================== End Of Log ============================ Jetzt Addition - Editor Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Tom at 2014-03-31 19:21:13 Running from C:\Users\Tom\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP640 series Benutzerregistrierung (HKLM-x32\...\Canon MP640 series Benutzerregistrierung) (Version: - ) Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) Fiesta Online DE 1.04.095 (HKLM-x32\...\Fiesta Online DE) (Version: 1.04.095 - Gamigo Games) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gimp 2.8.2 (HKLM-x32\...\Gimp) (Version: 2.8.2 - Partha Bagchi) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{15F02176-0D12-4FAF-B2CD-2767C7781427}) (Version: 3.0.4993 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 (HKLM-x32\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG) MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1398 - Electronic Arts) NVIDIA 3D Vision Controller-Treiber 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.15 - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= 21-03-2014 15:31:45 Wiederherstellungsvorgang 21-03-2014 15:35:07 Removed SpyHunter 21-03-2014 15:36:40 Windows Update 23-03-2014 18:00:06 Windows-Sicherung 30-03-2014 17:15:57 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16A9F940-23BD-4274-B185-BCD27C291ADF} - \SpeedUpMyPC Maintenance No Task File Task: {34DBDFB3-5C30-408B-80F7-1311952280E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: {402CDD19-2481-4330-9B19-D0E5990BB2F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {426DD907-2D82-4E9C-B790-C09D2267B1B2} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe Task: {69F2BBF7-8608-4D9D-8875-347BD58C6B07} - \AmiUpdXp No Task File Task: {7E370A39-DBF3-4119-836B-F4377D4B82FD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {9386135C-A9E2-4087-918D-B0A0EC53A76D} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe Task: {A2CD2AAC-8FB5-43A1-8BAB-91A1576B4A7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {A611410E-89EC-4719-BDC2-9905894601D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {AC6F49BB-DFAF-4A5E-BABE-B69F050B6615} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {B3276A5C-73C5-45EC-986D-D5D254DA1C2B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {C41FE73C-E7AB-42EB-8872-8ADEBF61A871} - System32\Tasks\{EC7F1861-C6BE-4644-B844-15578DE24412} => C:\Program Files (x86)\Steam\Steam.exe [2014-02-25] (Valve Corporation) Task: {DE37589B-C7B0-4F12-A184-828A7327B193} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-18 17:18 - 2012-02-07 12:04 - 00128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2014-02-15 09:47 - 2014-02-15 09:47 - 00061456 _____ () C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe 2013-11-18 14:36 - 2012-02-07 11:36 - 00584192 _____ () C:\Windows\system32\atwtusb.exe 2013-11-18 14:36 - 2012-03-07 13:22 - 12482048 _____ () C:\Windows\System32\WTMKM.exe 2012-10-18 17:28 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2012-10-18 17:17 - 2012-02-07 11:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-02-14 18:43 - 2014-02-14 18:43 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2012-10-18 17:15 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 07:17:23 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)" Error: (03/30/2014 11:09:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (03/29/2014 09:59:14 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/29/2014 00:22:16 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) System errors: ============= Error: (03/31/2014 06:39:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/31/2014 06:39:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/31/2014 06:37:44 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MgAssist Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LMIGuardianSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LMIGuardianSvc erreicht. Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Error: (03/31/2014 04:04:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (03/30/2014 07:17:23 PM) (Source: Windows Backup)(User: ) Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048) Error: (03/30/2014 11:09:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/29/2014 09:59:14 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/29/2014 00:22:16 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) CodeIntegrity Errors: =================================== Date: 2014-03-27 15:25:37.460 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.459 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.457 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.454 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.452 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.450 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.237 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.236 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.235 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:07:32.973 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 8140.71 MB Available physical RAM: 5914.56 MB Total Pagefile: 16279.59 MB Available Pagefile: 13533.03 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:167.58 GB) (Free:16.23 GB) NTFS Drive g: (Dokumente) (Fixed) (Total:75.13 GB) (Free:71.3 GB) NTFS Drive h: (Spiele) (Fixed) (Total:195.31 GB) (Free:195.21 GB) NTFS Drive i: (Bilder-Musik-Video) (Fixed) (Total:195.31 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C18A332D) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 1CEA33F0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
31.03.2014, 20:36 | #4 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) Hallo Tom! Legen wir los... Schritt 1 Bitte Deinstalliere über die Windows-Systemsteuerung folgende Programme: Avira Free Antivirus VO Package Sollte es Probleme geben, lade Dir bitte Revo hier herunter. Starte Revo und suche im Uninstallerfeld nach den oben angegebenen Programmen. Klicke dann auf Uninstall. Wähle dann den Modus wie auf dem Bild gezeigt. (Bild durch Anklicken vergrößerbar) Solltest Du diese nicht im Uninstallerfeld finden, ist es nicht schlimm. Mach einfach weiter mit Schritt 2 Aktualisiere die Datenbanken und mach bitte einen Quickscan mit Malwarebytes Antimalware. Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Poste mir den Inhalt der Logdatei. Schritt 3 Downloade Dir bitte AdwCleaner auf deinen Desktop.
Schritt 4 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 5 Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste mir die Inhalte der Logs von MBAM, Adwarecleaner, JRT und FRST hier in den Thread.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.04.2014, 07:35 | #5 |
| Connection Vuupc (Virus?) Sooo, hoffentlich habe ich jetzt alles Richtig gemacht :S Erstmal der MBAM Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.03.25.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16521 Tom :: TOM-PC [Administrator] 01.04.2014 08:14:54 mbam-log-2014-04-01 (08-14-54).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236198 Laufzeit: 1 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 01/04/2014 um 08:19:20 # Aktualisiert 13/03/2014 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Tom - TOM-PC # Gestartet von : C:\Users\Tom\Downloads\adwcleaner.exe # Option : Löschen ***** [ Dienste ] ***** [#] Dienst Gelöscht : MgAssistService ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Windows\SysWOW64\SearchProtect Ordner Gelöscht : C:\Users\Tom\AppData\Local\SearchProtect Datei Gelöscht : C:\Windows\Tasks\SpeedUpMyPC Startup.job Datei Gelöscht : C:\Windows\System32\Tasks\SpeedUpMyPC Startup ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKCU\Software\InstallCore Schlüssel Gelöscht : HKLM\Software\SearchProtect ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.16521 -\\ Google Chrome v33.0.1750.154 [ Datei : C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [12830 octets] - [18/02/2014 14:24:57] AdwCleaner[R1].txt - [1333 octets] - [01/04/2014 08:18:15] AdwCleaner[S0].txt - [10299 octets] - [18/02/2014 14:25:34] AdwCleaner[S1].txt - [1208 octets] - [01/04/2014 08:19:20] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1268 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Windows 7 Home Premium x64 Ran by Tom on 01.04.2014 at 8:23:20,47 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] "C:\Users\Tom\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\speedupmypc.lnk" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Tom\AppData\Roaming\getrighttogo" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01.04.2014 at 8:28:53,99 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Tom (administrator) on TOM-PC on 31-03-2014 19:20:49 Running from C:\Users\Tom\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe () C:\Windows\system32\atwtusb.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE () C:\Windows\System32\WTMKM.exe (Spotify Ltd) C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe () C:\Windows\system32\atwtusb.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [12482048 2012-03-07] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-25] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify Web Helper] - C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify] - C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe [6118400 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-09] (Electronic Arts) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-19] (Google Inc.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\MountPoints2: {288dd114-1935-11e2-a04a-806e6f6e6963} - E:\ASRSetup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x314853294CADCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319741&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2ADA3A3C-BA8D-4255-8C60-B76C7482F7F7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {8CBF6C72-6567-46f5-9EC8-2D3B8313A577} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: https://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Extension: (Angry Birds) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-22] CHR Extension: (Kaspersky Protection) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-24] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-18] CHR Extension: (GMX MailCheck) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-03-04] CHR Extension: (Google-Suche) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-08-31] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-08-31] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-08-31] CHR Extension: (Virtual Keyboard) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-08-31] CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Google Mail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 VOsrv; C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe [61456 2014-02-15] () R2 WTService; C:\Windows\system32\atwtusb.exe [584192 2012-02-07] () S2 MgAssistService; C:\Program Files (x86)\Mobogenie\MgAssist.exe [X] ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:20 - 2014-03-31 19:20 - 00019329 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 00000000 ____D () C:\FRST 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:37 - 2014-03-31 18:37 - 00000056 _____ () C:\Windows\setupact.log 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-28 17:04 - 2014-03-29 12:37 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Fick dich Donner Song Bilder xD - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Ethik (kotz) - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Documents - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\1. Weltkrieg! - Kopie 2014-03-28 17:04 - 2013-10-05 13:21 - 00000000 ____D () C:\Users\Tom\Downloads\Geopraphie - Kopie 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 19:58 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-25 17:09 - 2014-03-27 17:14 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-22 12:25 - 2014-03-31 18:40 - 00285919 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 17:22 - 2014-03-21 17:33 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:21 - 2014-03-21 17:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:21 - 2014-03-21 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-13 18:12 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 18:12 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 18:12 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 18:12 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 18:12 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 18:12 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 18:12 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 18:12 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 18:12 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 18:12 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 18:12 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 18:12 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 18:12 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 18:12 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 18:12 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 18:12 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 18:12 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 18:12 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 18:12 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 18:12 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 18:12 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 18:12 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 18:12 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:54 - 2014-03-21 17:36 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 17:54 - 2014-03-21 17:35 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-11 17:54 - 2014-02-25 12:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-11 17:19 - 2014-03-21 17:35 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-11 17:19 - 2014-03-21 17:32 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 17:55 - 2014-03-29 18:23 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-06 16:55 - 2014-03-06 16:55 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-05 18:05 - 2014-03-31 19:18 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-03-05 18:05 - 2014-03-05 18:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:05 - 2014-03-05 18:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\SearchProtect 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:16 - 2014-03-04 18:40 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX 2014-03-01 14:30 - 2014-03-01 14:30 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Awesomium 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\Users\Tom\Documents\Elder Scrolls Online 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online 2014-03-01 12:20 - 2014-03-01 12:20 - 00001399 _____ () C:\Users\Tom\Desktop\The Elder Scrolls Online Beta.lnk ==================== One Month Modified Files and Folders ======= 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:20 - 2014-03-31 19:20 - 00019329 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 00000000 ____D () C:\FRST 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:18 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:53 - 2013-08-31 19:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-03-31 18:48 - 2012-10-19 16:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-31 18:44 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:44 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-31 18:43 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-03-31 18:43 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-03-31 18:43 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-31 18:40 - 2014-03-22 12:25 - 00285919 _____ () C:\Windows\WindowsUpdate.log 2014-03-31 18:39 - 2013-12-06 18:33 - 00000000 ____D () C:\ProgramData\Origin 2014-03-31 18:39 - 2012-10-18 19:51 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-31 18:38 - 2014-02-18 14:22 - 00000268 _____ () C:\Windows\Tasks\SpeedUpMyPC Startup.job 2014-03-31 18:38 - 2013-12-06 18:33 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-03-31 18:38 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify 2014-03-31 18:38 - 2013-07-23 19:26 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TS3Client 2014-03-31 18:38 - 2012-10-18 19:51 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-31 18:38 - 2012-10-18 17:18 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-03-31 18:37 - 2014-03-31 18:37 - 00000056 _____ () C:\Windows\setupact.log 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-31 18:37 - 2013-05-22 14:07 - 00000000 ____D () C:\Users\Tom\AppData\Local\LogMeIn Hamachi 2014-03-31 18:37 - 2012-10-18 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-31 18:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-31 18:37 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini 2014-03-31 17:46 - 2012-10-18 20:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\.minecraft 2014-03-31 17:45 - 2014-01-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-29 18:23 - 2014-03-10 17:55 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-29 12:37 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-29 12:23 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-27 17:14 - 2014-03-25 17:09 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-24 17:40 - 2013-08-31 19:35 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-24 17:40 - 2013-08-31 19:35 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-21 17:37 - 2013-08-17 19:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-21 17:36 - 2014-03-11 17:54 - 00000000 ____D () C:\ProgramData\Avira 2014-03-21 17:36 - 2012-12-08 09:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-21 17:35 - 2014-03-11 17:54 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-21 17:35 - 2014-03-11 17:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-21 17:33 - 2014-03-21 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:33 - 2013-11-18 14:36 - 00000000 ____D () C:\ProgramData\Tablet 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:07 - 00000000 ____D () C:\Users\Tom 2014-03-21 17:32 - 2014-03-11 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-21 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-21 17:23 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:22 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-14 16:09 - 2009-07-14 06:45 - 00490760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 18:36 - 2012-10-18 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 18:08 - 2013-07-23 19:26 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-12 18:48 - 2012-10-19 16:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 18:48 - 2012-10-19 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 18:48 - 2012-10-19 16:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 18:43 - 2014-02-18 14:22 - 00000000 ____D () C:\Program Files (x86)\Fortunitas 2014-03-11 18:10 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 18:03 - 2013-12-27 11:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-08 12:01 - 2012-10-18 17:18 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-03-06 16:55 - 2014-03-06 16:55 - 00000000 ____D () C:\Windows\SysWOW64\SearchProtect 2014-03-05 18:13 - 2014-03-05 18:05 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:13 - 2014-03-05 18:05 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:40 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX 2014-03-04 18:27 - 2014-03-04 18:27 - 00000000 ____D () C:\Users\Tom\AppData\Local\SearchProtect 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help 2014-03-01 14:30 - 2014-03-01 14:30 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Awesomium 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\Users\Tom\Documents\Elder Scrolls Online 2014-03-01 14:24 - 2014-03-01 14:24 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online 2014-03-01 12:20 - 2014-03-01 12:20 - 00001399 _____ () C:\Users\Tom\Desktop\The Elder Scrolls Online Beta.lnk 2014-03-01 08:05 - 2014-03-13 18:12 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 07:17 - 2014-03-13 18:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 07:16 - 2014-03-13 18:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 06:58 - 2014-03-13 18:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 06:52 - 2014-03-13 18:12 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 06:51 - 2014-03-13 18:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 06:42 - 2014-03-13 18:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 06:40 - 2014-03-13 18:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 06:37 - 2014-03-13 18:12 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 06:33 - 2014-03-13 18:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 06:33 - 2014-03-13 18:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 06:32 - 2014-03-13 18:12 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 06:30 - 2014-03-13 18:12 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 06:23 - 2014-03-13 18:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 06:17 - 2014-03-13 18:12 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 06:11 - 2014-03-13 18:12 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 06:02 - 2014-03-13 18:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 05:54 - 2014-03-13 18:12 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 05:52 - 2014-03-13 18:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 05:51 - 2014-03-13 18:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 05:47 - 2014-03-13 18:12 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 05:43 - 2014-03-13 18:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 05:43 - 2014-03-13 18:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 05:42 - 2014-03-13 18:12 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 05:40 - 2014-03-13 18:12 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 05:38 - 2014-03-13 18:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 05:37 - 2014-03-13 18:12 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 05:35 - 2014-03-13 18:12 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 05:18 - 2014-03-13 18:12 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 05:16 - 2014-03-13 18:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 05:14 - 2014-03-13 18:12 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 05:10 - 2014-03-13 18:12 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 05:03 - 2014-03-13 18:12 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 05:00 - 2014-03-13 18:12 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 04:57 - 2014-03-13 18:12 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 04:38 - 2014-03-13 18:12 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 04:32 - 2014-03-13 18:12 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 04:27 - 2014-03-13 18:12 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 04:25 - 2014-03-13 18:12 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 04:25 - 2014-03-13 18:12 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-25 18:33 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Tom at 2014-03-31 19:21:13 Running from C:\Users\Tom\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP640 series Benutzerregistrierung (HKLM-x32\...\Canon MP640 series Benutzerregistrierung) (Version: - ) Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) Fiesta Online DE 1.04.095 (HKLM-x32\...\Fiesta Online DE) (Version: 1.04.095 - Gamigo Games) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gimp 2.8.2 (HKLM-x32\...\Gimp) (Version: 2.8.2 - Partha Bagchi) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{15F02176-0D12-4FAF-B2CD-2767C7781427}) (Version: 3.0.4993 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 (HKLM-x32\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG) MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1398 - Electronic Arts) NVIDIA 3D Vision Controller-Treiber 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.15 - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) VO Package (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - ) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= 21-03-2014 15:31:45 Wiederherstellungsvorgang 21-03-2014 15:35:07 Removed SpyHunter 21-03-2014 15:36:40 Windows Update 23-03-2014 18:00:06 Windows-Sicherung 30-03-2014 17:15:57 Windows-Sicherung ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16A9F940-23BD-4274-B185-BCD27C291ADF} - \SpeedUpMyPC Maintenance No Task File Task: {34DBDFB3-5C30-408B-80F7-1311952280E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: {402CDD19-2481-4330-9B19-D0E5990BB2F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {426DD907-2D82-4E9C-B790-C09D2267B1B2} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe Task: {69F2BBF7-8608-4D9D-8875-347BD58C6B07} - \AmiUpdXp No Task File Task: {7E370A39-DBF3-4119-836B-F4377D4B82FD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {9386135C-A9E2-4087-918D-B0A0EC53A76D} - System32\Tasks\SpeedUpMyPC Startup => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe Task: {A2CD2AAC-8FB5-43A1-8BAB-91A1576B4A7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {A611410E-89EC-4719-BDC2-9905894601D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {AC6F49BB-DFAF-4A5E-BABE-B69F050B6615} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {B3276A5C-73C5-45EC-986D-D5D254DA1C2B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {C41FE73C-E7AB-42EB-8872-8ADEBF61A871} - System32\Tasks\{EC7F1861-C6BE-4644-B844-15578DE24412} => C:\Program Files (x86)\Steam\Steam.exe [2014-02-25] (Valve Corporation) Task: {DE37589B-C7B0-4F12-A184-828A7327B193} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\SpeedUpMyPC Startup.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\speedupmypc.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-18 17:18 - 2012-02-07 12:04 - 00128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2014-02-15 09:47 - 2014-02-15 09:47 - 00061456 _____ () C:\Users\Tom\AppData\Roaming\VOPackage\VOsrv.exe 2013-11-18 14:36 - 2012-02-07 11:36 - 00584192 _____ () C:\Windows\system32\atwtusb.exe 2013-11-18 14:36 - 2012-03-07 13:22 - 12482048 _____ () C:\Windows\System32\WTMKM.exe 2012-10-18 17:28 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2012-10-18 17:17 - 2012-02-07 11:39 - 01198872 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-02-14 18:43 - 2014-02-14 18:43 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2012-10-18 17:15 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (03/30/2014 07:17:23 PM) (Source: Windows Backup) (User: ) Description: Die Sicherung war nicht erfolgreich. Fehler: "Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048)" Error: (03/30/2014 11:09:10 AM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (03/29/2014 09:59:14 PM) (Source: Steam Client Service) (User: ) Description: Error: Failed to poke open firewall Error: (03/29/2014 00:22:16 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612. Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Der Index kann nicht initialisiert werden. Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Die Anwendung kann nicht initialisiert werden. Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Das Gatherer-Objekt kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service) (User: ) Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden. Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) System errors: ============= Error: (03/31/2014 06:39:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Error: (03/31/2014 06:39:48 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC). Error: (03/31/2014 06:37:44 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "MgAssist Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LMIGuardianSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LMIGuardianSvc erreicht. Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (03/31/2014 06:37:43 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Error: (03/31/2014 04:04:19 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet: %%1069 Microsoft Office Sessions: ========================= Error: (03/30/2014 07:17:23 PM) (Source: Windows Backup)(User: ) Description: Am Sicherungsspeicherort ist nicht genügend freier Speicherplatz verfügbar, um die Daten zu sichern. (0x80780048) Error: (03/30/2014 11:09:10 AM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/29/2014 09:59:14 PM) (Source: Steam Client Service)(User: ) Description: Failed to poke open firewall Error: (03/29/2014 00:22:16 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: LogMeIn Hamachi -- Error 1714. The older version of LogMeIn Hamachi cannot be removed. Contact your technical support group. System Error 1612.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490) Search.TripoliIndexer Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801) Search.JetPropStore Error: (03/29/2014 00:22:14 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Windows Anwendung, SystemIndex Katalog Details: Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800) CodeIntegrity Errors: =================================== Date: 2014-03-27 15:25:37.460 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.459 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.457 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.454 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.452 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.450 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.237 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.236 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.235 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:07:32.973 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 27% Total physical RAM: 8140.71 MB Available physical RAM: 5914.56 MB Total Pagefile: 16279.59 MB Available Pagefile: 13533.03 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:167.58 GB) (Free:16.23 GB) NTFS Drive g: (Dokumente) (Fixed) (Total:75.13 GB) (Free:71.3 GB) NTFS Drive h: (Spiele) (Fixed) (Total:195.31 GB) (Free:195.21 GB) NTFS Drive i: (Bilder-Musik-Video) (Fixed) (Total:195.31 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C18A332D) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 1CEA33F0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
01.04.2014, 12:06 | #6 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?)Gute Arbeit Tom! Nur eine Kleinigkeit: Das sind nicht die frischen FRST-Logs, sondern die vor unserer Bereinigungsaktion... Bitte führe Schritt 5 nochmal aus und poste mir die Logs...
__________________ --> Connection Vuupc (Virus?) |
01.04.2014, 15:41 | #7 |
| Connection Vuupc (Virus?) Jetzt dürften das aber die neuen sein.. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014 Ran by Tom at 2014-04-01 16:37:12 Running from C:\Users\Tom\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886} AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD} ==================== Installed Programs ====================== 7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - ) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.0.4990 - Adobe Systems Inc.) Adobe AIR (x32 Version: 1.0.8.4990 - Adobe Systems Inc.) Hidden Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A90000000001}) (Version: 9.0.0 - Adobe Systems Incorporated) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) Battlefield 1942™ (HKLM-x32\...\{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}) (Version: 1.6.20.0 - Electronic Arts) Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MP Navigator EX 3.0 (HKLM-x32\...\MP Navigator EX 3.0) (Version: - ) Canon MP640 series Benutzerregistrierung (HKLM-x32\...\Canon MP640 series Benutzerregistrierung) (Version: - ) Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - ) Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Utilities My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - ) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft) Fiesta Online DE 1.04.095 (HKLM-x32\...\Fiesta Online DE) (Version: 1.04.095 - Gamigo Games) Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG) Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - ) Gimp 2.8.2 (HKLM-x32\...\Gimp) (Version: 2.8.2 - Partha Bagchi) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google SketchUp 8 (HKLM-x32\...\{15F02176-0D12-4FAF-B2CD-2767C7781427}) (Version: 3.0.4993 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.2.1410 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation) Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation) Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab) Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve) Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.2.0.58 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.2.0.58 - LogMeIn, Inc.) Hidden MAGIX Content und Soundpools (HKLM-x32\...\MAGIX_GlobalContent) (Version: 1.0.0.0 - MAGIX AG) MAGIX Goya burnR (MSI) (HKLM-x32\...\MAGIX_{B03055E4-8381-4834-8CD6-602141C8D702}) (Version: 4.3.2.0 - MAGIX AG) MAGIX Goya burnR (MSI) (Version: 4.3.2.0 - MAGIX AG) Hidden MAGIX Music Maker 2014 (HKLM-x32\...\MX.{CC87429C-BC87-4D90-9D5F-C6D9721A6663}) (Version: 20.0.2.35 - MAGIX AG) MAGIX Music Maker 2014 (Version: 20.0.2.35 - MAGIX AG) Hidden MAGIX Music Maker 2014 Trial Soundpools (Version: 1.0.0.0 - MAGIX AG) Hidden Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.1398 - Electronic Arts) NVIDIA 3D Vision Controller-Treiber 305.27 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 305.27 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 311.06 - NVIDIA Corporation) NVIDIA Grafiktreiber 311.06 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 311.06 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.18.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.108.688 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0613 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0613 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0613 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 311.06 (Version: 311.06 - NVIDIA Corporation) Hidden NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.) Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.7 - Pando Networks Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB) Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation) Tablet Driver With Macrokey Manager (HKLM\...\RmTablet) (Version: 4.15 - ) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) Text-To-Speech-Runtime (HKLM-x32\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) The Elder Scrolls Online Beta (HKLM-x32\...\The Elder Scrolls Online Beta_is1) (Version: 0.3.4 - ) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft) Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft) Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft) Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft) Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft) Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft) Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft) Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft) Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies) WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1) (Version: - Wargaming.net) ==================== Restore Points ========================= 23-03-2014 18:00:06 Windows-Sicherung 30-03-2014 17:15:57 Windows-Sicherung 01-04-2014 06:11:22 Revo Uninstaller's restore point - Avira Free Antivirus ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {16A9F940-23BD-4274-B185-BCD27C291ADF} - \SpeedUpMyPC Maintenance No Task File Task: {34DBDFB3-5C30-408B-80F7-1311952280E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: {402CDD19-2481-4330-9B19-D0E5990BB2F4} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {426DD907-2D82-4E9C-B790-C09D2267B1B2} - System32\Tasks\asrRd => C:\Program Files\ASRock Utility\XFast RAM\asrRd.exe Task: {69F2BBF7-8608-4D9D-8875-347BD58C6B07} - \AmiUpdXp No Task File Task: {7E370A39-DBF3-4119-836B-F4377D4B82FD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation) Task: {9386135C-A9E2-4087-918D-B0A0EC53A76D} - \SpeedUpMyPC Startup No Task File Task: {A2CD2AAC-8FB5-43A1-8BAB-91A1576B4A7C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {A611410E-89EC-4719-BDC2-9905894601D1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd) Task: {AC6F49BB-DFAF-4A5E-BABE-B69F050B6615} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {B3276A5C-73C5-45EC-986D-D5D254DA1C2B} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-14] (Microsoft Corporation) Task: {C41FE73C-E7AB-42EB-8872-8ADEBF61A871} - System32\Tasks\{EC7F1861-C6BE-4644-B844-15578DE24412} => C:\Program Files (x86)\Steam\Steam.exe [2014-02-25] (Valve Corporation) Task: {DE37589B-C7B0-4F12-A184-828A7327B193} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18] (Google Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe ==================== Loaded Modules (whitelisted) ============= 2012-10-18 17:18 - 2012-02-07 12:04 - 00128280 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe 2013-11-18 14:36 - 2012-02-07 11:36 - 00584192 _____ () C:\Windows\system32\atwtusb.exe 2013-11-18 14:36 - 2012-03-07 13:22 - 12482048 _____ () C:\Windows\System32\WTMKM.exe 2012-10-18 17:28 - 2013-01-18 17:00 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll 2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00962560 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00024064 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00025088 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00217088 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00261632 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00019968 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00302592 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll 2014-01-29 18:33 - 2014-03-09 12:54 - 00018944 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll 2011-08-15 20:12 - 2011-08-15 20:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtCore4.dll 2011-08-15 20:15 - 2011-08-15 20:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtXml4.dll 2011-08-17 16:41 - 2011-08-17 16:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\sqlite3.dll 2011-08-17 16:48 - 2011-08-17 16:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\log4cplus.dll 2011-11-25 13:29 - 2011-11-25 13:29 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\featureController.dll 2011-08-15 20:12 - 2011-08-15 20:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\QtNetwork4.dll 2011-08-17 16:48 - 2011-08-17 16:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\libgsoap.dll 2011-08-15 19:23 - 2011-08-15 19:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\zlib1.dll 2011-11-25 13:28 - 2011-11-25 13:28 - 00484352 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\DeviceProfile.dll 2011-11-25 13:42 - 2011-11-25 13:42 - 00499976 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\plugin\PServerPlugin.dll 2011-11-25 13:26 - 2011-11-25 13:26 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\eventsSender.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll 2014-03-15 13:43 - 2014-03-15 02:50 - 13637448 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: RTHDVCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LMIGuardianSvc" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LMIGuardianSvc erreicht. Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Echtzeit-Scanner erreicht. Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Planer" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (04/01/2014 04:36:09 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Planer erreicht. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2014-03-27 15:25:37.460 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.459 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.457 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.454 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.452 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-27 15:25:37.450 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.237 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.236 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:13:52.235 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2014-03-25 19:07:32.973 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume5\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 8140.71 MB Available physical RAM: 6149.59 MB Total Pagefile: 16279.59 MB Available Pagefile: 13855.37 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:167.58 GB) (Free:17.49 GB) NTFS Drive g: (Dokumente) (Fixed) (Total:75.13 GB) (Free:71.3 GB) NTFS Drive h: (Spiele) (Fixed) (Total:195.31 GB) (Free:195.21 GB) NTFS Drive i: (Bilder-Musik-Video) (Fixed) (Total:195.31 GB) (Free:0.7 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: C18A332D) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 168 GB) (Disk ID: 1CEA33F0) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=168 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Tom (administrator) on TOM-PC on 01-04-2014 16:36:45 Running from C:\Users\Tom\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Skype Technologies) C:\Program Files (x86)\Skype\Updater\Updater.exe () C:\Windows\system32\atwtusb.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE () C:\Windows\System32\WTMKM.exe (Spotify Ltd) C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Windows\system32\atwtusb.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe (CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Microsoft Corporation) C:\Windows\SYSTEM32\WISPTIS.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2184520 2009-07-26] (CANON INC.) HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-03-17] (CANON INC.) HKLM\...\Run: [MacrokeyManager] - C:\Windows\system32\WTMKM.exe [12482048 2012-03-07] () HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [133400 2012-02-07] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-26] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [UpdReg] - C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [IJNetworkScanUtility] - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [136544 2009-05-19] (CANON INC.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify Web Helper] - C:\Users\Tom\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Spotify] - C:\Users\Tom\AppData\Roaming\Spotify\spotify.exe [6118400 2014-02-21] (Spotify Ltd) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3588952 2014-03-09] (Electronic Arts) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2012-10-19] (Google Inc.) HKU\S-1-5-21-2069226215-2905727504-264648873-1000\...\MountPoints2: {288dd114-1935-11e2-a04a-806e6f6e6963} - E:\ASRSetup.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x314853294CADCD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319741&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2ADA3A3C-BA8D-4255-8C60-B76C7482F7F7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK SearchScopes: HKCU - {8CBF6C72-6567-46f5-9EC8-2D3B8313A577} URL = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5480255188&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Chrome: ======= CHR HomePage: https://www.google.de/ CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Extension: (Angry Birds) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj [2012-10-22] CHR Extension: (Kaspersky Protection) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-24] CHR Extension: (YouTube) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-10-18] CHR Extension: (GMX MailCheck) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\camnampocfohlcgbajligmemmabnljcm [2014-03-04] CHR Extension: (Google-Suche) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-10-18] CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-08-31] CHR Extension: (Sicherer Zahlungsverkehr) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh [2013-08-31] CHR Extension: (Modul zum Sperren von gefährlichen Webseiten) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail [2013-08-31] CHR Extension: (Virtual Keyboard) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-08-31] CHR Extension: (Google Wallet) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31] CHR Extension: (Google Mail) - C:\Users\Tom\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2012-10-18] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-06-17] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-06-17] ==================== Services (Whitelisted) ================= S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-25] (Avira Operations GmbH & Co. KG) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-02] (Kaspersky Lab ZAO) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-07] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-07] (Intel Corporation) S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 WTService; C:\Windows\system32\atwtusb.exe [584192 2012-02-07] () ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2014-02-25] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-02-25] (Avira Operations GmbH & Co. KG) S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] () S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-11-07] (Kaspersky Lab ZAO) S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-02] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-02] (Kaspersky Lab ZAO) R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2013-12-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7680 2009-03-08] (Windows (R) Codename Longhorn DDK provider) R3 vhidmini; C:\Windows\System32\DRIVERS\walvhid.sys [7552 2009-08-26] (Windows (R) Win 7 DDK provider) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-01 08:31 - 2014-04-01 08:31 - 00028350 _____ () C:\Users\Tom\Downloads\Addition.txt 2014-04-01 08:30 - 2014-04-01 16:37 - 00018497 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-04-01 08:28 - 2014-04-01 08:28 - 00000821 _____ () C:\Users\Tom\Desktop\JRT.txt 2014-04-01 08:23 - 2014-04-01 08:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-01 08:22 - 2014-04-01 08:22 - 01038974 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe 2014-04-01 08:19 - 2014-04-01 08:19 - 00001348 _____ () C:\Users\Tom\Desktop\AdwCleaner[S1].txt 2014-04-01 08:17 - 2014-04-01 08:17 - 01950720 _____ () C:\Users\Tom\Downloads\adwcleaner.exe 2014-04-01 08:10 - 2014-04-01 08:10 - 00001264 _____ () C:\Users\Tom\Desktop\Revo Uninstaller.lnk 2014-04-01 08:10 - 2014-04-01 08:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-01 08:09 - 2014-04-01 08:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tom\Downloads\revosetup95.exe 2014-03-31 19:21 - 2014-03-31 19:25 - 00036305 _____ () C:\Users\Tom\Desktop\Addition.txt 2014-03-31 19:20 - 2014-04-01 16:36 - 00000000 ____D () C:\FRST 2014-03-31 19:20 - 2014-03-31 19:26 - 00044401 _____ () C:\Users\Tom\Desktop\FRST.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:37 - 2014-04-01 16:36 - 00000280 _____ () C:\Windows\setupact.log 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-28 17:04 - 2014-03-29 12:37 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Fick dich Donner Song Bilder xD - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Ethik (kotz) - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\Documents - Kopie 2014-03-28 17:04 - 2014-01-10 18:19 - 00000000 ____D () C:\Users\Tom\Downloads\1. Weltkrieg! - Kopie 2014-03-28 17:04 - 2013-10-05 13:21 - 00000000 ____D () C:\Users\Tom\Downloads\Geopraphie - Kopie 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 19:58 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-25 17:09 - 2014-03-27 17:14 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-22 12:25 - 2014-04-01 08:48 - 00305302 _____ () C:\Windows\WindowsUpdate.log 2014-03-21 17:22 - 2014-03-21 17:33 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:21 - 2014-03-21 17:23 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:21 - 2014-03-21 17:22 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-13 18:12 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 18:12 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 18:12 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 18:12 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 18:12 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 18:12 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 18:12 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 18:12 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 18:12 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 18:12 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 18:12 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 18:12 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 18:12 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 18:12 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 18:12 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 18:12 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 18:12 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 18:12 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 18:12 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 18:12 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 18:12 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 18:12 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 18:12 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 18:12 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 18:12 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 18:12 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 18:12 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 18:12 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 18:12 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 18:12 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 18:12 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 18:12 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 18:12 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 18:12 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:54 - 2014-03-21 17:36 - 00000000 ____D () C:\ProgramData\Avira 2014-03-11 17:54 - 2014-03-21 17:35 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-11 17:54 - 2014-02-25 12:41 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-03-11 17:54 - 2014-02-25 12:41 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys 2014-03-11 17:19 - 2014-03-21 17:35 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-11 17:19 - 2014-03-21 17:32 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 17:55 - 2014-03-29 18:23 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-05 18:05 - 2014-04-01 16:36 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-03-05 18:05 - 2014-03-05 18:13 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:05 - 2014-03-05 18:13 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:40 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:16 - 2014-03-04 18:40 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX ==================== One Month Modified Files and Folders ======= 2014-04-01 16:37 - 2014-04-01 08:30 - 00018497 _____ () C:\Users\Tom\Downloads\FRST.txt 2014-04-01 16:36 - 2014-03-31 19:20 - 00000000 ____D () C:\FRST 2014-04-01 16:36 - 2014-03-31 18:37 - 00000280 _____ () C:\Windows\setupact.log 2014-04-01 16:36 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Skype 2014-04-01 16:36 - 2013-12-06 18:33 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-04-01 16:36 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Spotify 2014-04-01 16:36 - 2013-08-31 19:35 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-04-01 16:36 - 2013-05-22 14:07 - 00000000 ____D () C:\Users\Tom\AppData\Local\LogMeIn Hamachi 2014-04-01 16:36 - 2012-10-18 19:51 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-04-01 16:36 - 2012-10-18 17:28 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-01 16:36 - 2012-10-18 17:18 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-04-01 16:36 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-01 16:36 - 2009-07-14 04:34 - 00000493 _____ () C:\Windows\win.ini 2014-04-01 08:48 - 2014-03-22 12:25 - 00305302 _____ () C:\Windows\WindowsUpdate.log 2014-04-01 08:48 - 2012-10-19 16:11 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-01 08:39 - 2012-10-18 19:51 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-04-01 08:31 - 2014-04-01 08:31 - 00028350 _____ () C:\Users\Tom\Downloads\Addition.txt 2014-04-01 08:28 - 2014-04-01 08:28 - 00000821 _____ () C:\Users\Tom\Desktop\JRT.txt 2014-04-01 08:27 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-01 08:27 - 2009-07-14 06:45 - 00013408 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-01 08:26 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-04-01 08:26 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-04-01 08:26 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-01 08:23 - 2014-04-01 08:23 - 00000000 ____D () C:\Windows\ERUNT 2014-04-01 08:22 - 2014-04-01 08:22 - 01038974 _____ (Thisisu) C:\Users\Tom\Downloads\JRT.exe 2014-04-01 08:21 - 2014-02-18 14:24 - 00000000 ____D () C:\AdwCleaner 2014-04-01 08:21 - 2013-12-06 18:33 - 00000000 ____D () C:\ProgramData\Origin 2014-04-01 08:19 - 2014-04-01 08:19 - 00001348 _____ () C:\Users\Tom\Desktop\AdwCleaner[S1].txt 2014-04-01 08:17 - 2014-04-01 08:17 - 01950720 _____ () C:\Users\Tom\Downloads\adwcleaner.exe 2014-04-01 08:10 - 2014-04-01 08:10 - 00001264 _____ () C:\Users\Tom\Desktop\Revo Uninstaller.lnk 2014-04-01 08:10 - 2014-04-01 08:10 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group 2014-04-01 08:09 - 2014-04-01 08:09 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tom\Downloads\revosetup95.exe 2014-03-31 19:26 - 2014-03-31 19:20 - 00044401 _____ () C:\Users\Tom\Desktop\FRST.txt 2014-03-31 19:25 - 2014-03-31 19:21 - 00036305 _____ () C:\Users\Tom\Desktop\Addition.txt 2014-03-31 19:20 - 2014-03-31 19:20 - 02157056 _____ (Farbar) C:\Users\Tom\Downloads\FRST64.exe 2014-03-31 19:19 - 2014-03-31 19:19 - 01145856 _____ (Farbar) C:\Users\Tom\Downloads\FRST.exe 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk 2014-03-31 18:38 - 2013-07-23 19:26 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\TS3Client 2014-03-31 18:37 - 2014-03-31 18:37 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-31 17:46 - 2012-10-18 20:09 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\.minecraft 2014-03-31 17:45 - 2014-01-02 15:49 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-29 18:23 - 2014-03-10 17:55 - 00000000 ____D () C:\Users\Tom\Desktop\mbar 2014-03-29 12:37 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte - Kopie 2014-03-29 12:23 - 2013-09-20 16:50 - 00000000 ____D () C:\Users\Tom\AppData\Local\Spotify 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Frühstücksbilder - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\Französchisch - Kopie 2014-03-28 17:04 - 2014-03-28 17:04 - 00000000 ____D () C:\Users\Tom\Downloads\AppData - Kopie 2014-03-27 17:14 - 2014-03-25 17:09 - 00000000 ____D () C:\Users\Tom\Downloads\Geschichte 2014-03-27 17:00 - 2014-03-27 17:00 - 00000027 _____ () C:\Users\Tom\AppData\Roaming\mbam.context.scan 2014-03-27 16:02 - 2014-03-27 16:02 - 00149320 _____ () C:\Users\Tom\AppData\Local\GDIPFONTCACHEV1.DAT 2014-03-25 19:58 - 2014-03-25 19:58 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-25 19:58 - 2014-03-25 19:58 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware 2014-03-25 18:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-03-24 17:40 - 2013-08-31 19:35 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-03-24 17:40 - 2013-08-31 19:35 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-03-21 17:37 - 2013-08-17 19:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-21 17:36 - 2014-03-11 17:54 - 00000000 ____D () C:\ProgramData\Avira 2014-03-21 17:36 - 2012-12-08 09:09 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-21 17:35 - 2014-03-11 17:54 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-03-21 17:35 - 2014-03-11 17:19 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP 2014-03-21 17:33 - 2014-03-21 17:22 - 00000000 ____D () C:\Program Files (x86)\BlueStacks 2014-03-21 17:33 - 2013-11-18 14:36 - 00000000 ____D () C:\ProgramData\Tablet 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-03-21 17:33 - 2012-10-18 17:28 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:27 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation 2014-03-21 17:33 - 2012-10-18 17:07 - 00000000 ____D () C:\Users\Tom 2014-03-21 17:32 - 2014-03-11 17:19 - 00000000 ____D () C:\Program Files\Enigma Software Group 2014-03-21 17:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration 2014-03-21 17:23 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacksSetup 2014-03-21 17:22 - 2014-03-21 17:21 - 00000000 ____D () C:\ProgramData\BlueStacks 2014-03-18 17:07 - 2014-03-18 17:07 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-03-14 16:09 - 2009-07-14 06:45 - 00490760 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-13 18:36 - 2012-10-18 18:29 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 18:08 - 2013-07-23 19:26 - 00000000 ____D () C:\Program Files\TeamSpeak 3 Client 2014-03-13 18:07 - 2014-03-13 18:07 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-03-12 18:48 - 2012-10-19 16:11 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 18:48 - 2012-10-19 16:11 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-12 18:48 - 2012-10-19 16:11 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 18:43 - 2014-02-18 14:22 - 00000000 ____D () C:\Program Files (x86)\Fortunitas 2014-03-11 18:10 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-11 18:01 - 2014-03-11 18:01 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\Malwarebytes 2014-03-11 17:19 - 2014-03-11 17:19 - 00000000 _____ () C:\autoexec.bat 2014-03-10 18:03 - 2013-12-27 11:38 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-03-08 12:01 - 2012-10-18 17:18 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-03-05 18:13 - 2014-03-05 18:05 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-03-05 18:13 - 2014-03-05 18:05 - 00000000 ____D () C:\ProgramData\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-05 18:05 - 2014-03-05 18:05 - 00000000 ____D () C:\Users\Tom\AppData\Local\Skype 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ___RD () C:\Users\Tom\Documents\MAGIX 2014-03-04 18:40 - 2014-03-04 18:25 - 00000000 ____D () C:\ProgramData\MAGIX 2014-03-04 18:40 - 2014-03-04 18:16 - 00000000 ____D () C:\Users\Tom\AppData\Roaming\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00001109 _____ () C:\Users\Public\Desktop\MAGIX Music Maker 2014.lnk 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Users\Public\Documents\MAGIX 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0 2014-03-04 18:25 - 2014-03-04 18:25 - 00000000 ____D () C:\Program Files (x86)\MAGIX 2014-03-04 18:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help Some content of TEMP: ==================== C:\Users\Tom\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-25 18:33 ==================== End Of Log ============================ Soo, das Connection VuuPC Programm ist aber immernoch drin. Soll ich das einfach so löschen oder soll ich warten? Gruß, Tom |
01.04.2014, 17:47 | #8 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) Bitte immer auf die Anweisungen der Helfer warten...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
01.04.2014, 18:36 | #9 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) Hallo Tom, wir machen so weiter Schritt 1 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Schritt 2 ESET Online Scanner
Bitte poste mir das ESET- und das Systemlook-Log.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
02.04.2014, 18:45 | #10 |
| Connection Vuupc (Virus?) SystemLook Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff Log created at 18:19 on 02/04/2014 by Tom Administrator - Elevation successful ========== regfind ========== Searching for "VuuPC" No data found. ========== filefind ========== Searching for "*VuuPC*" C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk --a---- 1079 bytes [17:07 31/03/2014] [17:07 31/03/2014] 227825D8D28BDA84BC79FFDDBEF64657 ========== folderfind ========== Searching for "*VuuPC*" No folders found. -= EOF =- Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=4fef1482d3baa04a88b1ccbb14d9144b # engine=17495 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-03-18 04:28:13 # local_time=2014-03-18 05:28:13 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775166 100 94 11908 1838829 83577 0 # compatibility_mode=5893 16776574 100 94 610390 146789943 0 0 # scanned=353024 # found=25 # cleaned=25 # scan_time=4769 sh=7F7519C175F0EB5F057B8847B4448F27072C1452 ft=1 fh=aaa9aba3a43b4edd vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O036K4DK\Setup[1].exe" sh=1638A49F84AD216ED7531394653B0572F400977B ft=1 fh=3298cf996b19cda8 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsb9FE9.tmp" sh=7F7519C175F0EB5F057B8847B4448F27072C1452 ft=1 fh=aaa9aba3a43b4edd vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsb9FEB.tmp" sh=FAA2F8289AD91536E0766A63553714E815693653 ft=1 fh=c6d1297be7ca8e66 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsbA2F5.tmp" sh=D33A33935A21E3D8745C94EF33F83D9E528CFFEF ft=1 fh=2bdc30259f9765d7 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsgADBE.tmp" sh=1EDCBE0F0261B1932046AA3E2FB612FF4D947740 ft=1 fh=3c6a55f020de55fa vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsq9FF8.tmp" sh=2CF8B7D43F151E0BBA9ABF4F43B57F037A917791 ft=1 fh=3e1575586c4da00d vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsq9FF9.tmp" sh=61B46A9B1CC3FC21F828AC0EAA107EA2FB6C0F96 ft=1 fh=ec93d87785df7a8e vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsq9FFA.tmp" sh=D430E6572997AC3F711B659CCB0302D436927B23 ft=1 fh=541cea22b05dc563 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsqA0E2.tmp" sh=2CF8B7D43F151E0BBA9ABF4F43B57F037A917791 ft=1 fh=3e1575586c4da00d vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nsqA2B6.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nswA0B4.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nswA1EC.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\ICReinstall_nswA2D6.tmp" sh=1638A49F84AD216ED7531394653B0572F400977B ft=1 fh=3298cf996b19cda8 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsb9FE9.tmp" sh=7F7519C175F0EB5F057B8847B4448F27072C1452 ft=1 fh=aaa9aba3a43b4edd vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsb9FEB.tmp" sh=FAA2F8289AD91536E0766A63553714E815693653 ft=1 fh=c6d1297be7ca8e66 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsbA2F5.tmp" sh=D33A33935A21E3D8745C94EF33F83D9E528CFFEF ft=1 fh=2bdc30259f9765d7 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsgADBE.tmp" sh=1EDCBE0F0261B1932046AA3E2FB612FF4D947740 ft=1 fh=3c6a55f020de55fa vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsq9FF8.tmp" sh=2CF8B7D43F151E0BBA9ABF4F43B57F037A917791 ft=1 fh=3e1575586c4da00d vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsq9FF9.tmp" sh=61B46A9B1CC3FC21F828AC0EAA107EA2FB6C0F96 ft=1 fh=ec93d87785df7a8e vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsq9FFA.tmp" sh=D430E6572997AC3F711B659CCB0302D436927B23 ft=1 fh=541cea22b05dc563 vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsqA0E2.tmp" sh=2CF8B7D43F151E0BBA9ABF4F43B57F037A917791 ft=1 fh=3e1575586c4da00d vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nsqA2B6.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nswA0B4.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nswA1EC.tmp" sh=B8100B9B3F1ECBE6137438252072A84ECDB3A9FE ft=1 fh=0d7caedc3bd9321a vn="Variante von Win32/Injected.F Trojaner (Gesäubert durch Löschen - in Quarantäne kopiert)" ac=C fn="C:\Users\Tom\AppData\Local\Temp\nswA2D6.tmp" ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=2e9801b56222724a8b83f9ea87517442 # engine=17727 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-02 05:41:19 # local_time=2014-04-02 07:41:19 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 1910776 148090329 0 0 # scanned=352186 # found=0 # cleaned=0 # scan_time=4397 |
03.04.2014, 09:20 | #11 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) Gut gemacht Tom! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319741&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2ADA3A3C-BA8D-4255-8C60-B76C7482F7F7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Bitte poste mir noch das Fixlog! Gibts jetzt noch Probleme mit Deinem Rechner? Oder hast Du noch Fragen? Ansonsten...lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst Du sie bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst.... und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Epilog: Tipps, Dos & Don'ts Aktualität von System und Software Das Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-Software Eine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine infizierte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im Internet Nebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine Hinweise Abschliessend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
05.04.2014, 21:00 | #12 |
| Connection Vuupc (Virus?) Hallo deep! Ich habe leider ein Problem :/ Ich speicher zwar die Fixlist.txt ab, aber FRST kann sie nicht auf dem Desktop bzw. beim Verzeichnis finden Kannst du bei der Sache nochmal aushelfen? :P Dann noch ne Sache: 1. Ist der CCleaner hilfreich? Wäre nett zu wissen ^^ Erstmal bitte noch kein close |
05.04.2014, 21:04 | #13 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) Hi Tom, Du startest FRST immer aus diesem Verzeichnis: Code:
ATTFilter C:\Users\Tom\Downloads Hast Du das genau so gemacht?
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
06.04.2014, 13:38 | #14 |
| Connection Vuupc (Virus?) Das könnte ich machen :P Danke, hatte wohl gestern nichtmehr so richtig die Augen auf Aufjeden Fall habe ich jetzt ne Fixlog Datei Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014 Ran by Tom at 2014-04-06 14:31:16 Run:1 Running from C:\Users\Tom\Downloads Boot Mode: Normal ============================================== Content of fixlist: ***************** SearchScopes: HKCU - URL hxxp://search.conduit.com/Results.aspx?ctid=CT3319741&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP2ADA3A3C-BA8D-4255-8C60-B76C7482F7F7&q={searchTerms}&SSPV= SearchScopes: HKCU - SuggestionsURL_JSON hxxp://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms} S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] 2014-03-31 19:07 - 2014-03-31 19:07 - 00001079 _____ () C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk ***************** HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => Value not found. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => Value not found. esgiguard => Service not found. "C:\Users\Tom\Desktop\Continue VuuPC Installation.lnk" => File/Directory not found. ==== End of Fixlog ==== Mein Computer hört sich auch schon viel leiser an (jippie)(Eigentlich schon wieder zu leise xd Bin ich garnicht gewöhnt ;D) Ist der CCleaner hilfreich? Wäre nett zu wissen ^^ Das wurde mir nicht beantwortet Sonst ist jetzt alles rein. Vielen Dank für die Hilfe!!! Gruß und Close, Tom (PS: Mit der Spende wird leider nix, könnte nur mit PSC bezahlen ) |
06.04.2014, 14:24 | #15 |
/// TB-Ausbilder /// Anleitungs-Guru | Connection Vuupc (Virus?) OK, freut mich dass wir Dir helfen konnten! Bezüglich CCleaner: Es ist aus meiner Sicht ein legitimes Programm. Zum Löschen der Temps usw. geeignet. Ich würde damit aber nicht in der Registry rumfummeln...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Connection Vuupc (Virus?) |
anzeige, computer, connection, folgende, hinzufügen, immer wieder, komische, mehreren, mobogenie, mobogenie entfernen, problem, programm, spyhunter, spyhunter entfernen, virenscan, virus/trojaner, von selbst, vuupc, win32/injected.f, woanders, woche, wochen |