Mail.ru E-mail Problem

Freeman24 · 03.04.2014, 09:50

Hallo zusammen,

ich habe folgendes Problem, normal wenn ich auf eine E-Mail Adresse klicke kommt mein Outlook, seit kurzen werde ich auf mail.ru siehe Anhang geleitet.

Bei den Standardprogramme war dies aufgeführt, dieses habe ich aber schon geändert.

Die Toolbar von dem Dienst, welche sich auf meinen Rechner geschlichen hat ist nicht mehr da.

Weiß jemand einen Rat?

MfG Henry

deeprybka · 03.04.2014, 09:56

Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig durch bevor Du beginnst. Wenn es Probleme gibt oder Du etwas nicht verstehst, dann stoppe mit Deiner Ausführung und beschreibe mir das Problem.
Führe bitte nur Scans durch zu denen Du von mir aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software, außer Du wurdest dazu aufgefordert.
Speichere alle unsere Tools auf dem Desktop ab.
Poste die Logfiles direkt in deinen Thread in Code-Tags.
Bedenke, dass wir hier alle während unserer Freizeit tätig sind, wenn du innerhalb von 2 Tagen nichts von mir hörst, dann schreibe mir bitte eine PM.

Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier...

Ich bedanke mich für Deine Geduld!

Schritt 1 (Scan mit FRST)
Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Lesestoff
Posten in CODE-Tags: So gehts...
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Freeman24 · 03.04.2014, 10:31

Hallo deeprybka,

danke für deine schnelle Antwort, hier die erwünschten Logfiles

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Freeman (administrator) on FREEMAN-PC on 03-04-2014 11:13:51
Running from C:\Users\Freeman\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Rocket Division Software) C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_12_0_0_77_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-02-05] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1179576 2014-02-05] (NVIDIA Corporation)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [] - [X]
HKLM\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\.DEFAULT\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-19\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-20\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\Run: [AlcoholAutomount] - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [205976 2009-09-18] (Alcohol Soft Development Team)
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\Run: [] - [X]
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\MountPoints2: H - H:\LaunchU3.exe -a
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\MountPoints2: K - K:\LaunchU3.exe -a
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\MountPoints2: {3dcbc5dd-4c6e-11e3-b85e-806e6f6e6963} - G:\setup.exe
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\MountPoints2: {5e0264e5-1462-11e3-8f4d-0019668aa6d5} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2617176757-1342091018-3141993548-1000\...\Winlogon: [Shell] Explorer.exe [2871808 2011-02-25] (Microsoft Corporation) <==== ATTENTION 

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=149A944452C69A70&affID=119357&tsp=5023
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {E7DF7E00-9238-4AB3-AF5E-FF6B7CB20641} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {E7DF7E00-9238-4AB3-AF5E-FF6B7CB20641} URL = https://www.google.com/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Freeman\AppData\Roaming\Mozilla\Firefox\Profiles\dkpj034y.default
FF user.js: detected! => C:\Users\Freeman\AppData\Roaming\Mozilla\Firefox\Profiles\dkpj034y.default\user.js
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @nokia.com/EnablerPlugin - C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Freeman\AppData\Roaming\Mozilla\Firefox\Profiles\dkpj034y.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Freeman\AppData\Roaming\Mozilla\Firefox\Profiles\dkpj034y.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-02]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\IPSFF [2013-10-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-09-03]

Chrome: 
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Freeman\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-09-13]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-04-03]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-01] (Adobe Systems)
S3 Macromedia Licensing Service; C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe [68096 2013-09-17] ()
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-02-05] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16941856 2014-02-05] (NVIDIA Corporation)
R2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [275968 2007-05-28] (Rocket Division Software)

==================== Drivers (Whitelisted) ====================

R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-12-13] ()
R1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140319.001\BHDrvx64.sys [1525976 2014-03-19] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-22] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-22] (Symantec Corporation)
R1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140402.001\IDSvia64.sys [525016 2014-03-26] (Symantec Corporation)
S3 irsir; C:\Windows\System32\DRIVERS\irsir.sys [27648 2008-01-19] (Microsoft Corporation)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-12-13] ()
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140402.016\ENG64.SYS [126040 2014-01-27] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140402.016\EX64.SYS [2099288 2014-01-27] (Symantec Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [868848 2013-08-26] ()
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-08-27] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
U3 ayzeefhf; C:\Windows\System32\Drivers\ayzeefhf.sys [0 ] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 11:13 - 2014-04-03 11:14 - 00015992 _____ () C:\Users\Freeman\Desktop\FRST.txt
2014-04-03 11:13 - 2014-04-03 11:13 - 00000000 ____D () C:\FRST
2014-04-03 11:11 - 2014-04-03 11:11 - 02157056 _____ (Farbar) C:\Users\Freeman\Desktop\FRST64.exe
2014-04-03 10:48 - 2014-04-03 10:48 - 00115328 _____ () C:\Users\Freeman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 10:41 - 2014-04-03 10:41 - 00005889 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00006168 _____ () C:\Windows\PFRO.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00000168 _____ () C:\Windows\setupact.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 09:05 - 2014-04-03 09:05 - 00000000 ____D () C:\Users\Freeman\AppData\Local\Apps\2.0
2014-04-02 17:40 - 2014-04-02 17:40 - 00005638 _____ () C:\Users\Freeman\Desktop\Portal.Prelude.Cheat.Dev.Enabler_TRAINER-FFF.zip
2014-04-02 17:40 - 2014-04-02 17:40 - 00000000 ____D () C:\Users\Freeman\Desktop\Portal.Prelude.Cheat.Dev.Enabler_TRAINER-FFF
2014-04-01 08:33 - 2014-04-01 08:38 - 04417981 _____ () C:\Users\Freeman\Desktop\Business_Website_Template_no_1_by_PAULW.psd
2014-04-01 08:31 - 2014-04-01 08:31 - 24945327 _____ () C:\Users\Freeman\Desktop\paper-textures.zip
2014-04-01 08:31 - 2014-04-01 08:31 - 00000000 ____D () C:\Users\Freeman\Desktop\paper-textures
2014-03-31 14:18 - 2014-04-02 11:31 - 02150682 _____ () C:\Users\Freeman\Desktop\mm.psd
2014-03-31 14:04 - 2014-03-31 14:04 - 00000000 ____D () C:\Users\Freeman\Desktop\Bilder
2014-03-31 12:48 - 2014-03-31 14:04 - 00000000 ____D () C:\Users\Freeman\Desktop\mmpics
2014-03-31 12:39 - 2014-03-31 14:05 - 00006193 _____ () C:\Users\Freeman\Desktop\mm.css
2014-03-31 12:38 - 2014-03-31 13:01 - 00005124 _____ () C:\Users\Freeman\Desktop\ingame.html
2014-03-31 12:37 - 2014-03-31 13:01 - 00002479 _____ () C:\Users\Freeman\Desktop\outpage.html
2014-03-31 12:32 - 2014-03-31 12:32 - 00023458 _____ () C:\Users\Freeman\Desktop\style.css
2014-03-29 18:53 - 2014-03-29 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 09:44 - 2014-03-28 09:44 - 00000000 ____D () C:\Users\Freeman\AppData\Local\ns0
2014-03-28 09:39 - 2014-03-28 09:39 - 00000000 ____D () C:\Users\Freeman\AppData\Local\_
2014-03-28 09:11 - 2014-03-28 09:11 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\IsolatedStorage
2014-03-28 09:11 - 2014-03-28 09:11 - 00000000 ____D () C:\Users\Freeman\AppData\Local\FileViewPro
2014-03-28 09:11 - 2014-03-28 09:11 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-25 22:29 - 2014-03-25 22:30 - 00000000 ____D () C:\Users\Freeman\Desktop\Metro Last Light V1.0.0.14 Trainer +8
2014-03-13 09:56 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 09:56 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 09:56 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 09:56 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 09:56 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 09:56 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 09:56 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 09:56 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 09:56 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 09:56 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 09:56 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 09:56 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 09:56 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 09:56 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 09:56 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 09:56 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 09:56 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 09:56 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 09:56 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 09:56 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 09:56 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 09:56 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 09:56 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 09:56 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 09:56 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 09:56 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 09:56 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 09:56 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 09:56 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 09:56 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 09:56 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 09:56 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 09:56 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 09:56 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 09:56 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 09:56 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 09:56 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 09:56 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 09:56 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 09:56 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 09:56 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 09:56 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 09:56 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 09:56 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 09:55 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 09:55 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 09:55 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 09:55 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-11 10:16 - 2014-03-11 10:16 - 00000000 ___SD () C:\Users\Freeman\Documents\Eigene Datenquellen
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-07 18:59 - 2014-02-08 18:18 - 00599840 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-03-07 18:55 - 2014-02-08 20:34 - 31432480 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 23683360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 17715784 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 12324640 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-03-07 18:55 - 2014-02-08 20:34 - 11636176 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 11589272 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 09728064 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 09690424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 03142432 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 02956576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 02782496 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 02410784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 01885472 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433489.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433489.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00892192 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00875296 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00863520 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00844576 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00832424 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00353504 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00174296 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-03-07 18:55 - 2014-02-08 20:34 - 00148528 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-03-07 18:55 - 2013-12-27 20:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-03-07 18:55 - 2013-12-27 20:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-03-05 11:04 - 2014-03-05 11:04 - 00000000 ____D () C:\Users\Freeman\Desktop\twds2e1_txt_schote.biz
2014-03-04 15:40 - 2014-03-04 15:40 - 00000000 ____D () C:\Users\Freeman\AppData\Local\Sniper Elite Zombie Army 2
2014-03-04 13:22 - 2014-03-19 08:24 - 00000000 ____D () C:\Users\Freeman\Desktop\Mod-Pack-Hamburg_fuer_Demolition-Company_Setup

==================== One Month Modified Files and Folders =======

2014-04-03 11:14 - 2014-04-03 11:13 - 00015992 _____ () C:\Users\Freeman\Desktop\FRST.txt
2014-04-03 11:13 - 2014-04-03 11:13 - 00000000 ____D () C:\FRST
2014-04-03 11:11 - 2014-04-03 11:11 - 02157056 _____ (Farbar) C:\Users\Freeman\Desktop\FRST64.exe
2014-04-03 11:11 - 2014-04-03 10:36 - 00000426 _____ () C:\Windows\Tasks\Wise Care 365.job
2014-04-03 10:58 - 2013-09-01 17:06 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-03 10:51 - 2013-10-04 16:23 - 00001456 _____ () C:\Users\Freeman\AppData\Local\Adobe Für Web speichern 13.0 Prefs
2014-04-03 10:48 - 2014-04-03 10:48 - 00115328 _____ () C:\Users\Freeman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 10:46 - 2009-07-14 06:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-03 10:46 - 2009-07-14 06:45 - 00025872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-03 10:42 - 2013-08-27 06:23 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-03 10:42 - 2013-08-27 06:23 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-03 10:42 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-03 10:41 - 2014-04-03 10:41 - 00005889 _____ () C:\Windows\WindowsUpdate.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00006168 _____ () C:\Windows\PFRO.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00000168 _____ () C:\Windows\setupact.log
2014-04-03 10:37 - 2014-04-03 10:37 - 00000000 _____ () C:\Windows\setuperr.log
2014-04-03 10:37 - 2013-11-08 13:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 10:37 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-03 10:26 - 2013-08-27 06:25 - 00000000 ____D () C:\Windows\Panther
2014-04-03 10:21 - 2014-04-03 10:21 - 08508640 _____ (WiseCleaner.com ) C:\Users\Freeman\Downloads\WiseCare365_1_.exe
2014-04-03 10:13 - 2013-08-26 22:03 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-04-03 09:05 - 2014-04-03 09:05 - 00000000 ____D () C:\Users\Freeman\AppData\Local\Apps\2.0
2014-04-02 17:42 - 2013-09-26 08:18 - 00036892 _____ () C:\Windows\SysWOW64\BASSMOD.dll
2014-04-02 15:59 - 2013-09-13 14:51 - 00000000 ____D () C:\Users\Freeman\AppData\Local\CrashDumps
2014-04-02 14:36 - 2013-08-26 22:54 - 00002236 ____H () C:\Users\Freeman\Documents\Default.rdp
2014-04-02 11:31 - 2014-03-31 14:18 - 02150682 _____ () C:\Users\Freeman\Desktop\mm.psd
2014-04-01 08:38 - 2014-04-01 08:33 - 04417981 _____ () C:\Users\Freeman\Desktop\Business_Website_Template_no_1_by_PAULW.psd
2014-04-01 08:31 - 2014-04-01 08:31 - 24945327 _____ () C:\Users\Freeman\Desktop\paper-textures.zip
2014-04-01 08:31 - 2014-04-01 08:31 - 00000000 ____D () C:\Users\Freeman\Desktop\paper-textures
2014-04-01 07:36 - 2013-08-26 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-31 14:05 - 2014-03-31 12:39 - 00006193 _____ () C:\Users\Freeman\Desktop\mm.css
2014-03-31 14:04 - 2014-03-31 14:04 - 00000000 ____D () C:\Users\Freeman\Desktop\Bilder
2014-03-31 14:04 - 2014-03-31 12:48 - 00000000 ____D () C:\Users\Freeman\Desktop\mmpics
2014-03-31 13:01 - 2014-03-31 12:38 - 00005124 _____ () C:\Users\Freeman\Desktop\ingame.html
2014-03-31 13:01 - 2014-03-31 12:37 - 00002479 _____ () C:\Users\Freeman\Desktop\outpage.html
2014-03-31 12:32 - 2014-03-31 12:32 - 00023458 _____ () C:\Users\Freeman\Desktop\style.css
2014-03-30 18:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-03-29 23:19 - 2013-10-01 11:38 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\FileZilla
2014-03-29 22:59 - 2013-08-27 18:56 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\Adobe
2014-03-29 18:53 - 2014-03-29 18:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 12:38 - 2013-10-18 10:55 - 00000000 ____D () C:\Users\Freeman\AppData\Local\4A Games
2014-03-28 09:44 - 2014-03-28 09:44 - 00000000 ____D () C:\Users\Freeman\AppData\Local\ns0
2014-03-28 09:39 - 2014-03-28 09:39 - 00000000 ____D () C:\Users\Freeman\AppData\Local\_
2014-03-28 09:11 - 2014-03-28 09:11 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\IsolatedStorage
2014-03-28 09:11 - 2014-03-28 09:11 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-03-27 11:14 - 2013-10-18 11:02 - 00000000 ____D () C:\Users\Freeman\Documents\4A Games
2014-03-24 12:49 - 2013-11-02 12:27 - 00000000 ____D () C:\Users\Freeman\Documents\TrackMania
2014-03-24 12:42 - 2013-08-26 21:05 - 00000000 ___RD () C:\Users\Freeman\Desktop\Spiele
2014-03-19 19:50 - 2013-08-26 22:48 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 19:42 - 2013-08-26 22:48 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 11:36 - 2013-09-01 21:27 - 00000000 ____D () C:\Users\Freeman\Documents\My Games
2014-03-19 08:24 - 2014-03-04 13:22 - 00000000 ____D () C:\Users\Freeman\Desktop\Mod-Pack-Hamburg_fuer_Demolition-Company_Setup
2014-03-14 20:42 - 2013-09-09 18:12 - 00000000 ____D () C:\ProgramData\Codemasters
2014-03-13 19:13 - 2009-07-14 06:45 - 05118312 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 19:12 - 2013-08-27 07:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 19:12 - 2013-08-27 07:51 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-12 19:49 - 2013-10-10 15:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-03-12 10:58 - 2013-09-01 17:06 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 10:58 - 2013-09-01 17:06 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 10:58 - 2013-09-01 17:06 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 15:47 - 2013-08-30 14:00 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-03-11 14:23 - 2013-09-18 11:54 - 00000000 ____D () C:\Users\Freeman\AppData\Roaming\Skype
2014-03-11 10:16 - 2014-03-11 10:16 - 00000000 ___SD () C:\Users\Freeman\Documents\Eigene Datenquellen
2014-03-07 19:00 - 2013-11-13 16:24 - 00000000 ____D () C:\Users\Freeman\AppData\Local\NVIDIA Corporation
2014-03-07 18:59 - 2014-03-07 18:59 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-03-07 18:59 - 2013-10-18 10:50 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-03-05 11:04 - 2014-03-05 11:04 - 00000000 ____D () C:\Users\Freeman\Desktop\twds2e1_txt_schote.biz
2014-03-04 15:40 - 2014-03-04 15:40 - 00000000 ____D () C:\Users\Freeman\AppData\Local\Sniper Elite Zombie Army 2
2014-03-04 13:32 - 2013-09-18 11:54 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 13:32 - 2013-09-18 11:54 - 00000000 ____D () C:\ProgramData\Skype

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 19:00

==================== End Of Log ============================

--- --- ---

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Freeman at 2014-04-03 11:14:19
Running from C:\Users\Freeman\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Norton Internet Security Online (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security Online (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security Online (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

«Need for Speed - Most Wanted»  1.0 (HKLM-x32\...\{FB0127F3-985B-44CE-AE29-378CAF60B361}_is1) (Version: 1.0 - Electronic Arts)
µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
18 WoS Extreme Trucker 1.01 (HKLM-x32\...\18 WoS Extreme Trucker) (Version: 1.01 - )
18 WoS Extreme Trucker 2 (HKLM-x32\...\18 WoS Extreme Trucker 2_is1) (Version:  - oZEROth2008)
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.0.0 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Bridge 1.0 (x32 Version: 001.000.001 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.001 - Adobe System Incorporated) Hidden
Adobe Dreamweaver CC (HKLM-x32\...\{00E094E1-A852-11E2-803D-ACEA632352B4}) (Version: 13 - Adobe Systems Incorporated)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Illustrator CS2 (HKLM-x32\...\Adobe Illustrator CS2) (Version: 12.000.000 - Adobe Systems Inc.)
Adobe Illustrator CS2 (x32 Version: 12.000.000 - Adobe Systems Inc.) Hidden
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (x32 Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe SVG Viewer 3.0 (HKLM-x32\...\Adobe SVG Viewer) (Version:  3.0 - Adobe Systems, Inc.)
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version:  - Remedy Entertainment)
ALL-INKL WebDisk Version 0.1.6.1 (HKLM\...\{420BEC99-F9B3-446B-85A9-974192AFBEAD}_is1) (Version: 0.1.6.1 - ALL-INKL.COM)
AutoIt v3.3.8.1 (HKLM-x32\...\AutoItv3) (Version:  - AutoIt Team)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
Belkin N Wireless USB Adapter Setup (HKLM-x32\...\{4EE9A620-46A0-4BCF-82AC-950D2BBED982}) (Version: 2.20 - Belkin)
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version:  - Gearbox Software)
Brother MFL-Pro Suite MFC-290C (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Burnout(TM) Paradise The Ultimate Box (HKLM-x32\...\{9A996B6A-846E-4A89-B9C4-17546B7BE49F}) (Version: 1.0.0.0 - Electronic Arts)
Call of Duty: Black Ops - Multiplayer (HKLM-x32\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM-x32\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - Treyarch)
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform)
Cheat Engine 6.3 (HKLM-x32\...\Cheat Engine 6.3_is1) (Version:  - Cheat Engine)
Company of Heroes 2 Update v3.0.0.9704 incl DLC (HKLM-x32\...\Q29tcGFueW9mSGVyb2VzMg==_is1) (Version: 1 - )
Compatibility Pack für 2007 Office System (HKLM-x32\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Death to Spies (HKLM-x32\...\Steam App 9800) (Version:  - Haggard Games)
Death to Spies: Moment of Truth (HKLM-x32\...\Steam App 34410) (Version:  - Haggard Games)
Demolition Company Gold (HKLM-x32\...\Steam App 65270) (Version:  - Giants Software)
Dino D-Day (HKLM-x32\...\Steam App 70000) (Version:  - 800 North and Digital Ranch)
Dream (HKLM\...\UDK-774df766-c6af-4459-b1d2-4c521f79da74) (Version:  - Epic Games, Inc.)
Dream (HKLM-x32\...\Steam App 229580) (Version:  - HyperSloth)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Estranged: Act I (HKLM-x32\...\Steam App 261820) (Version:  - Alan Edwardes)
EVEREST Ultimate Edition v5.50 (HKLM-x32\...\EVEREST Ultimate Edition_is1) (Version: 5.50 - Lavalys, Inc.)
F1 2013 (HKLM-x32\...\Steam App 223670) (Version:  - Codemasters Birmingham)
Fallout 3 - Game of the Year Edition (HKLM-x32\...\Steam App 22370) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
FileZilla Client 3.2.7.1 (HKLM-x32\...\FileZilla Client) (Version: 3.2.7.1 - )
Free Video to DVD Converter version 5.0.32.1230 (HKLM-x32\...\Free Video to DVD Converter_is1) (Version: 5.0.32.1230 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version:  - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Grand Theft Auto IV (HKLM-x32\...\{579BA58C-F33D-4970-9953-B94B43768AC3}) (Version: 1.00.0000 - Rockstar Games)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden
Grand Theft Auto: Episodes From Liberty City (HKLM-x32\...\{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}) (Version: 1.1.0.0 - Rockstar Games)
Grand Theft Auto: Episodes from Liberty City (x32 Version: 1.0.0003.135 - Rockstar Games Inc.) Hidden
GRID 2 (c) Codemasters version 1 (HKLM-x32\...\R1JJRDI=_is1) (Version: 1 - )
Half-Life (HKLM-x32\...\Steam App 70) (Version:  - Valve)
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version:  - Valve)
Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version:  - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version:  - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version:  - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version:  - Valve)
Half-Life: Source (HKLM-x32\...\Steam App 280) (Version:  - Valve)
Hamburg Demolition Addon version 1.0 (HKLM-x32\...\Hamburg Demolition Addon_is1) (Version: 1.0 - )
Hidden & Dangerous 2  (HKLM-x32\...\InstallShield_{83437081-8186-4F63-BD39-4BE8A691E055}) (Version: 1.00.0001 - Illusion Softworks)
Hidden & Dangerous 2  (x32 Version: 1.00.0001 - Illusion Softworks) Hidden
Hidden & Dangerous 2 Sabre Squadron (HKLM-x32\...\InstallShield_{E85E4F22-F753-4463-8DF2-9E5B7BFF5FC7}) (Version: 1.00.0000 - Illusion Softworks)
Hidden & Dangerous 2 Sabre Squadron (x32 Version: 1.00.0000 - Illusion Softworks) Hidden
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version:  - IO Interactive)
Hitman: Sniper Challenge (HKLM-x32\...\Steam App 205930) (Version:  - IO Interactive)
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
L.A. Noire (HKLM-x32\...\{915726DF-7891-444A-AA03-0DF1D64F561A}) (Version: 1.00.0000 - Rockstar Games)
Lexware buchhalter 2013 (HKLM-x32\...\{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}) (Version: 18.04.00.0021 - Haufe-Lexware GmbH Co.KG)
Lexware Elster (HKLM-x32\...\{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}) (Version: 13.00.00.0027 - Haufe-Lexware GmbH & Co.KG)
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
Macromedia FreeHand MXa (HKLM-x32\...\{939740B5-0064-4779-854A-8C1086181C05}) (Version: 11.0.2 - Macromedia)
Mafia II (HKLM-x32\...\Steam App 50130) (Version:  - 2K Czech)
ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version:  - Nadeo)
Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version:  - Electronic Arts)
Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version:  - Electronic Arts)
MegaTrainer eXperience V1.2.1.1 (HKLM-x32\...\MegaTrainer eXperience_is1) (Version:  - )
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version:  - 4A Games)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM-x32\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{4fd02573-5f12-4ae4-8027-c63f8e1115af}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NASCAR '14 (HKLM-x32\...\TkFTQ0FSMTQ=_is1) (Version: 1 - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Need for Speed™ Carbon (HKLM-x32\...\{259C0ABB-A3B2-4D70-008F-BF7EE491B70B}) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{ADE91A13-434D-4229-00BC-182BAD607303}) (Version:  - )
Need for Speed™ ProStreet (HKLM-x32\...\{CC419DDC-E0F0-4013-B25A-6FA036516F0D}) (Version: 1.0.1.0 - Electronic Arts)
Need for Speed™ Undercover (HKLM-x32\...\{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}) (Version: 1.0.1.0 - Electronic Arts)
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.30.0 - Nokia)
Nokia Suite (x32 Version: 3.8.30.0 - Nokia) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3489 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 334.89 (Version: 334.89 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.13 (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.13 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.3.7.2735 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pool Nation (HKLM-x32\...\Steam App 254440) (Version:  - Cherry Pop Games)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
POSTAL 2 Complete (HKLM-x32\...\Steam App 223470) (Version:  - Running With Scissors)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Red Orchestra 2: Heroes of Stalingrad - Single Player (HKLM-x32\...\Steam App 236830) (Version:  - )
Remember Me (HKLM-x32\...\Steam App 228300) (Version:  - DONTNOD Entertainment)
Return to Castle Wolfenstein - Platinum Edition (HKLM-x32\...\Return to Castle Wolfenstein - Platinum Edition) (Version:  - )
Rise of the Triad (HKLM-x32\...\UmlzZW9mdGhlVHJpYWQ=_is1) (Version: 1 - )
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
RollerCoaster Tycoon 3: Platinum! (HKLM-x32\...\Steam App 2700) (Version:  - Frontier)
S.T.A.L.K.E.R. - Call Of Pripyat [v1.6.01] (HKLM-x32\...\{406FB8A4-F539-48A9-809C-F94706F9C9F6}_is1) (Version: 1.6.01 - bitComposer Games)
S.T.A.L.K.E.R. - Clear Sky (HKLM-x32\...\S.T.A.L.K.E.R. - Clear Sky_is1) (Version: 1.0001 - Deep Silver)
S.T.A.L.K.E.R. - Shadow of Chernobyl [v1.0005] (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0005 - THQ)
SciTE4AutoIt3 4/5/2013 (HKLM-x32\...\SciTE4AutoIt3) (Version: 4/5/2013 - Jos van der Zande)
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{A7A34FC9-DF24-4A36-00AD-D4EFE94CC116}) (Version:  - )
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sniper Ghost Warrior 2 (HKLM-x32\...\Steam App 34870) (Version:  - City Interactive)
Sniper: Ghost Warrior (HKLM-x32\...\Steam App 34830) (Version:  - City Interactive)
Soldier of Fortune II - Double Helix GOLD (HKLM-x32\...\Soldier of Fortune II - Double Helix GOLD) (Version: 1.02 - Activsion, Inc.)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
State of Decay (HKLM-x32\...\Steam App 241540) (Version:  - Undead Labs)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Suite Specific (x32 Version: 2.0.0 - Adobe Systems, Incorporated) Hidden
TAXMAN 2012 (HKLM-x32\...\{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}) (Version: 18.09.00.0004 - Haufe-Lexware GmbH & Co.KG)
TAXMAN 2013 (HKLM-x32\...\{F289D934-2224-473B-B57E-0040D2693F83}) (Version: 19.06.00.0003 - Haufe-Lexware GmbH & Co.KG)
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version:  - Valve)
The Bureau: XCOM Declassified (HKLM-x32\...\Steam App 65930) (Version:  - 2K Marin)
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version:  - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version:  - Telltale Games)
The Walking Dead™: Survival Instinct (HKLM-x32\...\Steam App 220050) (Version:  - Terminal Reality, Inc.)
Tiger Woods PGA TOUR® 12: The Masters (HKLM-x32\...\{6AC13432-7CC3-4afd-9896-F56597312D1F}) (Version: 1.0.0.0 - Electronic Arts)
Tom Clancy's Rainbow Six: Vegas 2 (HKLM-x32\...\Steam App 15120) (Version:  - Ubisoft Montreal)
Tom Clancy's Splinter Cell Blacklist (HKLM-x32\...\Steam App 235600) (Version:  - Ubisoft Toronto)
Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version:  - Ubisoft Montreal)
TrackMania United (HKLM-x32\...\Steam App 7200) (Version:  - Nadeo)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Vietcong 2 (HKCU\...\Vietcong 2) (Version:  - )
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
WinMerge 2.14.0 (HKLM-x32\...\WinMerge_is1) (Version: 2.14.0 - Thingamahoochie Software)
WinRAR 5.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
Worms Clan Wars (HKLM-x32\...\Worms Clan Wars_is1) (Version:  - Team17 Digital Ltd)
Zombie Shooter (HKLM-x32\...\Zombie Shooter_is1) (Version:  - My Real Games Ltd)
Zombie Shooter 2 (HKLM-x32\...\Zombie Shooter 2_is1) (Version:  - My Real Games Ltd)

==================== Restore Points  =========================

19-03-2014 17:42:21 Windows Update
29-03-2014 17:37:25 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2014-03-28 09:42 - 2014-03-28 09:42 - 00001695 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Scheduled Tasks (whitelisted) =============

Task: {2D839BFB-9C0A-47E8-B7E9-2444420B8859} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {5FEA284C-9321-46CF-8A55-5F0B116F13ED} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated)
Task: {A1FA9126-E3BC-46AC-BD26-5666E08473D5} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {C9089111-CC19-478E-B6D1-1B618E4F939A} - System32\Tasks\Wise Care 365 => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: {DF0D85A6-DE8A-47BD-B6D9-DF0E880EFA9C} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: {E1ECC678-4364-4F16-BE58-03D3C29DC939} - System32\Tasks\Wise Turbo Checker => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe
Task: {FF440C68-726E-4630-A0B5-CE6500AF6389} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Wise Care 365.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTray.exe
Task: C:\Windows\Tasks\Wise Turbo Checker.job => C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe

==================== Loaded Modules (whitelisted) =============

2013-11-08 13:25 - 2014-02-08 19:42 - 00117024 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-08-23 19:58 - 2009-08-23 19:58 - 00094208 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2013-08-27 20:47 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-08-26 20:59 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2013-08-27 20:47 - 2012-05-30 08:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2014 10:39:08 AM) (Source: ESENT) (User: )
Description: taskhost (1816) WebCacheLocal: Fehler -1811 (0xfffff8ed) beim Öffnen von Protokolldatei C:\Users\Freeman\AppData\Local\Microsoft\Windows\WebCache\V01.log.

Error: (04/03/2014 10:37:34 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 08:39:02 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall

Error: (04/03/2014 08:34:12 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 07:21:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/02/2014 07:21:42 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/04/02 19:21:42.955]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:41 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/04/02 19:21:41.427]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:39 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/04/02 19:21:39.927]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:38 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/04/02 19:21:38.427]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:36 PM) (Source: Brother BrLog) (User: )
Description: WDLMW BrtWDLMW: [2014/04/02 19:21:36.927]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2


System errors:
=============
Error: (04/03/2014 10:22:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Wise Boot Assistant" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.

Error: (04/02/2014 06:13:56 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (04/01/2014 08:38:00 AM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/28/2014 11:38:25 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/28/2014 11:38:25 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/28/2014 00:31:43 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (03/28/2014 08:34:29 AM) (Source: NetBT) (User: )
Description: Der Name "FREEMAN-PC     :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/28/2014 08:33:25 AM) (Source: NetBT) (User: )
Description: Der Name "FREEMAN-PC     :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/28/2014 07:55:13 AM) (Source: NetBT) (User: )
Description: Der Name "FREEMAN-PC     :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.0.106
registriert werden. Der Computer mit IP-Adresse 192.168.0.103 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (03/28/2014 07:55:13 AM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{E78144B6-97F9-42CA-B2C9-E70FF3D04521} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (04/03/2014 10:39:08 AM) (Source: ESENT)(User: )
Description: taskhost1816WebCacheLocal: C:\Users\Freeman\AppData\Local\Microsoft\Windows\WebCache\V01.log-1811 (0xfffff8ed)

Error: (04/03/2014 10:37:34 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 08:39:02 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall

Error: (04/03/2014 08:34:12 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 07:21:48 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]

Error: (04/02/2014 07:21:42 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/04/02 19:21:42.955]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:41 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/04/02 19:21:41.427]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:39 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/04/02 19:21:39.927]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:38 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/04/02 19:21:38.427]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2

Error: (04/02/2014 07:21:36 PM) (Source: Brother BrLog)(User: )
Description: WDLMWBrtWDLMW: [2014/04/02 19:21:36.927]: [00002992]: lperrcode->api = 1 , lperrcode->code = 2


==================== Memory info =========================== 

Percentage of memory in use: 26%
Total physical RAM: 8145.99 MB
Available physical RAM: 6001.59 MB
Total Pagefile: 16290.16 MB
Available Pagefile: 13971.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (System) (Fixed) (Total:931.41 GB) (Free:267.34 GB) NTFS
Drive d: (Daten) (Fixed) (Total:443.23 GB) (Free:280.36 GB) NTFS
Drive e: (Schriften/Büro/Gewerbe) (Fixed) (Total:97.66 GB) (Free:97.14 GB) NTFS
Drive f: (Datensicherung) (Fixed) (Total:390.62 GB) (Free:294.42 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F21546AB)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: AB0500E1)

Partition: GPT Partition Type.

==================== End Of Log ============================

deeprybka · 03.04.2014, 19:45

Hallo Henry,
wir schauen mal genauer nach...

Schritt 1

Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop:
SystemLook (32 bit) | SystemLook (64 bit)

Doppelklicke auf die SystemLook.exe, um das Tool zu starten.
Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
Code:
ATTFilter
```
:regfind
Mail.ru

:filefind
*Mail.ru*

:folderfind
*Mail.ru*
         
```
Klicke nun auf den Button Look, um den Scan zu starten.
Der Suchlauf kann einige Zeit dauern.
Wenn der Suchlauf beendet ist, wird sich dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
Die Ergebnisse werden auch auf dem Desktop als SystemLook.txt gespeichert.

Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail" /s

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Bitte poste mir die Inhalte der Logs hier in den Thread.

Freeman24 · 04.04.2014, 08:39

Hallo deeprybka,

hier dioe gewünschten Aktionen + Logs

Code:

ATTFilter

SystemLook 30.07.11 by jpshortstuff
Log created at 09:36 on 04/04/2014 by Freeman
Administrator - Elevation successful

========== regfind ==========

Searching for "Mail.ru"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"title_imagedefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7.png"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"title_image_hpdefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7_hp.png"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"title_image_hphilited"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7_hp_h.png"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"social_buttonurl"="hxxp://r.mail.ru/clb1295206/prosieben.de"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"social_buttondefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/icons_pro7.png"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"contact_listurl"="hxxp://ad.mail.ru/adi/189"
[HKEY_CURRENT_USER\Software\ICQ\ICQ]
"message_windowurl"="hxxp://ad.mail.ru/adi/188"
[HKEY_CURRENT_USER\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|login.live.com|mail.ru|yahoo.com"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"title_imagedefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7.png"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"title_image_hpdefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7_hp.png"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"title_image_hphilited"="hxxp://mra.mail.ru/settings/MRAICQ/customization/title_pro7_hp_h.png"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"social_buttonurl"="hxxp://r.mail.ru/clb1295206/prosieben.de"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"social_buttondefault"="hxxp://mra.mail.ru/settings/MRAICQ/customization/icons_pro7.png"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"contact_listurl"="hxxp://ad.mail.ru/adi/189"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\ICQ\ICQ]
"message_windowurl"="hxxp://ad.mail.ru/adi/188"
[HKEY_USERS\S-1-5-21-2617176757-1342091018-3141993548-1000\Software\Piriform\CCleaner]
"CookiesToSave"="*.piriform.com|accounts.google.com|aol.com|google.com|login.live.com|mail.ru|yahoo.com"

========== filefind ==========

Searching for "*Mail.ru*"
No files found.

========== folderfind ==========

Searching for "*Mail.ru*"
No folders found.

-= EOF =-

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Freeman at 2014-04-04 09:38:59 Run:1
Running from C:\Users\Freeman\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Reg: reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail" /s
*****************


========= reg query "HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail" /s =========


HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail
    PreFirstRun    REG_SZ    Entweder existiert kein Standard-Mail-Client, oder der aktuelle Mail-Client kann die Messaging-Anfrage nicht erfllen. Bitte fhren Sie Microsoft Office Outlook aus und legen Sie es als Standard-Mail-Client fest.*Microsoft Office Outlook
    (Standard)    REG_SZ    Microsoft Outlook

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook
    MSIComponentID    REG_SZ    {FF1D0740-D227-11D1-A4B0-006008AF820E}
    MSIInstallOnWTS    REG_DWORD    0x0
    MSIOfficeLCID    REG_MULTI_SZ    Microsoft\Office\11.0\Common\LanguageResources\0UILanguage\0InstallLanguage
    MSIApplicationLCID    REG_MULTI_SZ    Microsoft\Office\11.0\Outlook\0LastUILanguage
    (Standard)    REG_SZ    Microsoft Office Outlook
    DLLPathEx    REG_SZ    C:\Program Files (x86)\Common Files\SYSTEM\MSMAPI\1031\msmapi32.dll
    DLLPath    REG_SZ    mapi32.dll

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities
    ApplicationDescription    REG_SZ    Microsoft Outlook

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities\Startmenu
    Mail    REG_SZ    Microsoft Outlook

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Capabilities\URLAssociations
    mailto    REG_SZ    Microsoft Outlook.Url.Mailto

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Envelope

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Envelope\CLSID
    (Standard)    REG_SZ    {0006F01A-0000-0000-C000-000000000046}

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Envelope\CurVer
    (Standard)    REG_SZ    Outlook.Envelope.11

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols
    (Standard)    REG_SZ    

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols\mailto
    EditFlags    REG_BINARY    02000000
    URL Protocol    REG_SZ    
    (Standard)    REG_SZ    URL:MailTo-Protokoll

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols\mailto\DefaultIcon
    (Standard)    REG_SZ    "C:\PROGRA~2\MICROS~1\OFFICE11\OUTLOOK.EXE",7

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols\mailto\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols\mailto\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\Protocols\mailto\shell\open\command
    (Standard)    REG_SZ    "C:\PROGRA~2\MICROS~1\OFFICE11\OUTLOOK.EXE" -c IPM.Note /m "%1"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\shell

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\shell\open

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\shell\open\command
    (Standard)    REG_SZ    "C:\PROGRA~2\MICROS~1\OFFICE11\OUTLOOK.EXE" /recycle

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\shell\Properties
    MUIVerb    REG_SZ    Eigenschaften

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Microsoft Outlook\shell\Properties\command
    (Standard)    REG_SZ    rundll32.exe shell32.dll,Control_RunDLL "C:\PROGRA~2\COMMON~1\SYSTEM\MSMAPI\1031\MLCFG32.CPL"

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail\Envelope

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail\Envelope\CLSID
    (Standard)    REG_SZ    {A08AF898-C2A3-11d1-BE23-00C04FA31009}

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail\Envelope\CurVer
    (Standard)    REG_SZ    WindowsMail.Envelope.1

HKEY_LOCAL_MACHINE\SOFTWARE\Clients\Mail\Windows Mail\InstallInfo
    IconsVisible    REG_DWORD    0x1
    ShowIconsCommand    REG_EXPAND_SZ    ""
    ReinstallCommand    REG_EXPAND_SZ    "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallReinstallOE
    HideIconsCommand    REG_EXPAND_SZ    "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallHideOE



========= End of Reg: =========


==== End of Fixlog ====

MfG Henry

Im 1. Log wird sehr viel von ICQ erwähnt, da ich ICQ mit hoher Wahrscheinlichkeit von der Entwicklerseite herunter geladen habe, habe ich dies heute wiederholt, die Dateien weichen ab. Was bedeutet dass ich anscheinend einer falschen Webseite auf dem Leim gegangen bin. Bekomme ich den Dreck weg wenn ich ICQ deinstalliere?

deeprybka · 04.04.2014, 11:06

Hallo Henry,
Mail.ru ist Eigentümer von ICQ. Es gibt verschiedene Installationsdateien. Ich habe mal den ICQ von Pro7 getestet. Da muss man bei der Installation auch aufpassen sonst hat man alles voller Toolbars &. Co.

Kannst Du bitte prüfen, ob das Problem fortbesteht, wenn Du unter
Systemsteuerung\Programme\Standardprogramme: "Programmzugriff und Computerstandards festlegen" unter Aufklappen der "benutzerdefiniert"-Kategorie bei E-Mail-Programm Outlook auswählst?
Als Standardmail-Client ist in der Registry Outlook eingetragen.

Freeman24 · 04.04.2014, 11:15

Hallo Jürgen,

weites Gehens öffnet sich Outlook bis auf ICQ da kommt noch die Seite. Werde ICQ entfernen und sehe somit mein Anliegen als gelöst.

Vielen Dank.

Mail.ru E-mail Problem

Plagegeister aller Art und deren Bekämpfung: Mail.ru E-mail Problem