|
Log-Analyse und Auswertung: immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PCWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.04.2014, 13:22 | #1 |
| immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC Hallo , hoffe da ich noch nicht so recht hier durchblicke alles erstmal einigermaßen rüber bringe ? Ich hatte arge Probleme mit (wohl einem Virus) der mir laufend den Ordner Continue Vuu Pc auf dem Desktop erstellte . Als ich den Ordner mit der rechten Maustaste zurückvervolgte fand der Pfad sich im Windows Temp Verzeichnis . Daraufhin löschte ich ihn und beim Neustart war er wieder an der selben stelle auf dem Desktop. Das kam mir mehr qals komisch vor weil Avast nichts anzeigte ( außer das was eh im Quaratäne Container verschoben wurde) ! Daraufhin besuchte ich eure Seite las den Bericht mit dem eset scan und machte diesen . Auch lies ich noch spybot & destroy durchlaufen wie auch TuneUp 2013 und entfernte die angezeigten Pfade aus der Registry. Nun ist der Ordner weg aber ich bin mir nicht Sicher ob nun noch verbleibende Reste von dem Virus Vorhanden sind die sich evtl. selbst regenerieren ? Es wird mir auch nicht mehr dieser Windows Aufforderungsbildschirm der im Zusammenhang mit diesem Desktop Ordner immer erschien (zu einer Installation die ich nicht kannte) aufforderte. Mal sehen ob der noch mal erscheint , habe leider kein Screenprint gemacht und ihn weggeklickt. Aber der Eset scan erkannte den als 79bjm5me7g.exe (Trojan.VUPX.Gen) Hoffe mal das hat etwas gebracht was ich hier getan habe ? Bin ja noch nicht so Firm auf Eurer Seite , aber gebe mir Mühe alles Verständlich rüber zu bringen . Ich gehe mal von aus das ich mir diesen Virus auf der Seite h..p://livetv.ru/de/ eingefangen habe als ich zum Update des Java Players (da angeblich nicht Aktuell) aufgefordert wurde und dies tat. Das war nämlich am 12.04.2014 ! Seit dem begann der Ärger. Ich hoffe es beim besten Wissen rüber gebracht zu haben und Danke schon im Voraus für jede Hilfe. Im Augenblick läuft noch alles ok ! liebe Grüße cafee ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=1641022ecf460c40919e8fc607148f1f # engine=17895 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-15 04:33:28 # local_time=2014-04-15 06:33:28 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=772 16777213 83 80 841838 865344 0 0 # compatibility_mode=5893 16776574 100 94 2582031 37299899 0 0 # scanned=300731 # found=4 # cleaned=0 # scan_time=10133 sh=DE0F453AD7E45914C2F6E2A6BC782AFB6DB94B9D ft=1 fh=1f461786edf5f19c vn="NSIS/StartPage.CC trojan" ac=I fn="C:\Users\Jörg\Downloads\vlc-2.0.7-win64.exe" sh=CE7C1C3C26844395183B1B441188D7310D36DB91 ft=0 fh=0000000000000000 vn="NSIS/StartPage.CC trojan" ac=I fn="F:\JÖRGI\Backup Set 2014-01-03 173231\Backup Files 2014-01-03 173231\Backup files 7.zip" sh=2AF29619BCA84141956AF9AC12DA190541022325 ft=0 fh=0000000000000000 vn="NSIS/StartPage.CC trojan" ac=I fn="F:\JÖRGI\Backup Set 2014-01-03 173231\Backup Files 2014-02-16 190009\Backup files 1.zip" sh=29B9C40F23DE007075DA0257AFB7EBE6E032E5B3 ft=0 fh=0000000000000000 vn="NSIS/StartPage.CC trojan" ac=I fn="F:\JÖRGI\Backup Set 2014-02-23 190001\Backup Files 2014-02-23 190001\Backup files 14.zip" |
17.04.2014, 13:30 | #2 |
/// the machine /// TB-Ausbilder | immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
18.04.2014, 11:13 | #3 |
| immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC Danke erstmal an Dich schrauber für den Tip , ich werde das am Oster We mal tun und dann posten ! Wünsche Dir schon mal frohe gesunde Ostern wie allen anderen lesenden hier auch glg cafee
__________________ |
19.04.2014, 05:09 | #4 |
/// the machine /// TB-Ausbilder | immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.04.2014, 11:02 | #5 | |
| immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC Hallo Schrauber es scheint wohl nix mehr mit meinem PC ok zu sein , habe mir die eset NOD32 ANTIVIRUS Software gekauft und mal alles mehrmals gründlich durch gescannt ! Sieht nicht gut aus Ich werde wohl nicht drum herum kommen die Festplatte zu Formatieren und Windows 8 neu zu Installieren. Nur hat eset mir schon angezeigt das der MBR beschädigt ist ! Da ja meine Festplatte in 2 Teile Partitioniert ist und auf Partion 2 das Windows Backup ist was ebenfalls schon verseucht ist kann ich nix mehr neu installieren was ich schon probiert habe. Es wurde die alte Installation wieder hergestellt. Nun weiß ich mir auch keinen Rat mehr ? Da scheint wohl einiges im Argen zu sein und nicht OHNE !!! Was für Möglichkeiten bleiben noch um Sicher beide Partionen zu Löschen und wie ohne das was von dem Verseuchten Müll übrig bleibt ? lieben Gruß cafee , bin für jede Hilfe jetzt schon Dankbar Hallo Schrauber hier der FRXT.txt vom scan FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by Jörg (administrator) on JÖRGI on 23-04-2014 11:28:35 Running from D:\Büro\Sicherheit Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: Downloading Farbar Recovery Scan Tool Download link for 64-Bit Version: Downloading Farbar Recovery Scan Tool Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-23] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\MountPoints2: {a5919ca4-84df-11e2-be70-806e6f6e6963} - "E:\setup.exe" IFEO\chrome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default FF NewTab: Google FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.eset.com FF Keyword.URL: https://www.google.com/search FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\searchplugins\findr.xml FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\searchplugins\iminent.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: MediaPlayerplus - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-12] FF Extension: German Dictionary, extended for Austria - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2013-03-05] FF Extension: LavaFox V2-Blue - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\djziggy@gmail.com [2014-01-29] FF Extension: Freeven Pro 1.3 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-04-12] FF Extension: British English Dictionary (Updated) - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\en-gb@flyingtophat.co.uk [2014-01-31] FF Extension: United States English Spellchecker - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario Español Argentina - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-AR@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario de Español/México - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-MX@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario en Español para Venezuela - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: LavaFox V2 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\info@djzig.com [2014-01-29] FF Extension: Dizionario italiano - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Brazilian Portuguese (Current Spelling) - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2014-02-08] FF Extension: Corretor para Português de Portugal - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\pt-PT@dictionaries.addons.mozilla.org [2014-04-05] FF Extension: LavaFox V2-Purple - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\zigboom555@aol.com [2014-01-29] FF Extension: LavaFox V2-Green - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\zigboom@ymail.com [2014-01-29] FF Extension: Ghostery - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\firefox@ghostery.com.xpi [2013-11-27] FF Extension: YouTube HTML5 Switch - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi [2013-03-13] FF Extension: YouTube HD - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-18] FF Extension: Traditional Chinese (zh-TW) Language Pack - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\langpack-zh-TW@firefox.mozilla.org.xpi [2013-03-05] FF Extension: Stylish - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-06-08] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-10-21] FF Extension: Download YouTube Videos as MP4 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-10-20] FF Extension: Adblock Plus - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-12] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-22] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-22] Chrome: ======= CHR HomePage: hxxp://go.findrsearch.com CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Extension: (Freeven Pro 1.3) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbpopomabpienjnifocifondadaogpj [2014-04-12] CHR Extension: (Google Docs) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02] CHR Extension: (Google Drive) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02] CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02] CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-02] CHR Extension: (Google Search) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02] CHR Extension: (Mac OSX Font Rendering) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbokdhnlldmknaijpgikegjffnlpaamk [2013-03-02] CHR Extension: (AdBlock) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-02] CHR Extension: (Lone Tree) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-03-04] CHR Extension: (No Name) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-02] CHR Extension: (MediaPlayerplus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-12] CHR Extension: (No Name) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-16] CHR Extension: (Gmail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-03] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-11-06] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-11-06] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Jörg\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-08-14] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\JRG~1\AppData\Local\Temp\7zS1478\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== R3 camfilt2; C:\Windows\system32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) R3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 NPF; system32\drivers\NPF.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 11:08 - 2014-04-23 11:08 - 00525886 _____ () C:\Users\Jörg\Desktop\bookmarks-2014-04-23.json 2014-04-23 06:44 - 2014-04-23 06:44 - 00000000 __SHD () C:\Recovery 2014-04-23 06:21 - 2014-04-23 06:37 - 00001677 _____ () C:\Windows\setupact.log 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagwrn.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagerr.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\Program Files\ESET 2014-04-21 07:51 - 2014-04-21 07:51 - 00444872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 17:54 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-19 17:54 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-19 17:54 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-19 17:54 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-19 17:54 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-19 17:54 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-19 17:54 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-19 17:54 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-19 17:54 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-19 17:54 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-19 17:54 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-19 17:54 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-19 17:54 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-19 17:54 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-19 17:52 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-19 17:52 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-19 17:52 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-19 17:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-19 17:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-19 17:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-19 17:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-19 17:52 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-19 17:52 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-19 17:52 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-19 17:52 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-19 17:52 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-19 17:52 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-19 17:52 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-19 17:52 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-19 17:52 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-19 17:52 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-19 17:52 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-19 17:52 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-19 17:52 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-19 17:51 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-19 17:51 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-19 17:51 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-19 17:51 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-19 17:44 - 2014-04-19 17:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\ESET 2014-04-19 07:57 - 2014-04-19 07:58 - 00029977 _____ () C:\Users\Jörg\Downloads\Addition.txt 2014-04-19 07:56 - 2014-04-23 11:28 - 00000000 ____D () C:\FRST 2014-04-19 07:56 - 2014-04-19 07:58 - 00044162 _____ () C:\Users\Jörg\Downloads\FRST.txt 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\DriverCure 2014-04-15 22:48 - 2014-04-15 23:08 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-04-15 22:36 - 2014-04-19 14:27 - 01001716 _____ () C:\Windows\PFRO.log 2014-04-12 16:54 - 2014-04-19 13:56 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-12 16:50 - 2014-04-13 01:47 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Lollipop ==================== One Month Modified Files and Folders ======= 2014-04-23 11:28 - 2014-04-19 07:56 - 00000000 ____D () C:\FRST 2014-04-23 11:24 - 2014-01-02 14:59 - 00000348 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2014-04-23 11:16 - 2013-03-02 14:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-23 11:08 - 2014-04-23 11:08 - 00525886 _____ () C:\Users\Jörg\Desktop\bookmarks-2014-04-23.json 2014-04-23 10:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-23 08:26 - 2013-03-02 12:28 - 01418546 _____ () C:\Windows\WindowsUpdate.log 2014-04-23 08:24 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat 2014-04-23 08:24 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat 2014-04-23 08:24 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-23 07:51 - 2013-03-02 15:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-23 07:51 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 07:38 - 2012-07-26 07:26 - 00000000 ___HD () C:\$WINDOWS.~BT 2014-04-23 06:44 - 2014-04-23 06:44 - 00000000 __SHD () C:\Recovery 2014-04-23 06:37 - 2014-04-23 06:21 - 00001677 _____ () C:\Windows\setupact.log 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagwrn.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagerr.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-22 20:10 - 2013-03-05 10:34 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\OpenCandy 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\Program Files\ESET 2014-04-21 18:13 - 2013-03-28 11:08 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-21 17:53 - 2013-10-27 13:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedTestAnalysis 2014-04-21 11:47 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-21 08:16 - 2013-03-02 14:00 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-21 08:03 - 2013-06-26 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-21 07:51 - 2014-04-21 07:51 - 00444872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 18:02 - 2013-03-02 12:29 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 18:02 - 2013-03-02 12:29 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-19 17:57 - 2013-09-10 09:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-19 17:55 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-19 17:44 - 2014-04-19 17:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\ESET 2014-04-19 17:15 - 2013-03-02 12:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2502406073-1232304317-553576181-1001 2014-04-19 15:08 - 2013-03-02 14:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-19 15:07 - 2014-02-14 15:02 - 00000000 ____D () C:\Program Files (x86)\Two Worlds Pinball 2014-04-19 15:01 - 2013-03-02 12:28 - 00000000 ____D () C:\Users\Jörg 2014-04-19 14:27 - 2014-04-15 22:36 - 01001716 _____ () C:\Windows\PFRO.log 2014-04-19 14:22 - 2013-03-02 14:06 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-19 13:59 - 2013-03-07 11:47 - 00000000 ____D () C:\Users\I-Net 2014-04-19 13:58 - 2013-12-15 05:11 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-04-19 13:58 - 2013-10-27 13:00 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2013 Free 2014-04-19 13:58 - 2013-07-24 16:26 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\IrfanView 2014-04-19 13:58 - 2013-05-12 16:11 - 00000000 ____D () C:\ProgramData\TechSmith 2014-04-19 13:58 - 2013-04-27 13:56 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayLogic 2014-04-19 13:58 - 2013-04-01 10:28 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-04-19 13:58 - 2013-03-15 21:16 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\dvdcss 2014-04-19 13:58 - 2013-03-07 11:48 - 00000000 ___RD () C:\Users\I-Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 13:58 - 2013-03-07 11:48 - 00000000 ___RD () C:\Users\I-Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 13:58 - 2013-03-05 01:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-19 13:58 - 2013-03-04 21:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Nachschlagewerke 2014-04-19 13:58 - 2013-03-04 21:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-19 13:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-19 13:58 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-04-19 13:58 - 2012-07-26 07:37 - 00000000 ____D () C:\Windows\servicing 2014-04-19 13:56 - 2014-04-12 16:54 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-19 13:56 - 2013-05-12 16:11 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-04-19 13:56 - 2013-03-02 14:05 - 00000000 ____D () C:\Program Files\CDBurnerXP 2014-04-19 13:56 - 2013-03-02 14:01 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-19 13:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-19 13:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration 2014-04-19 13:50 - 2013-05-06 18:53 - 00000000 ____D () C:\ProgramData\Real 2014-04-19 13:49 - 2013-07-09 18:49 - 00000000 ____D () C:\Program Files\Java 2014-04-19 08:24 - 2013-03-05 20:01 - 00019697 _____ () C:\ProgramData\hpzinstall.log 2014-04-19 07:58 - 2014-04-19 07:57 - 00029977 _____ () C:\Users\Jörg\Downloads\Addition.txt 2014-04-19 07:58 - 2014-04-19 07:56 - 00044162 _____ () C:\Users\Jörg\Downloads\FRST.txt 2014-04-18 02:26 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-04-15 23:08 - 2014-04-15 22:48 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\DriverCure 2014-04-13 01:47 - 2014-04-12 16:50 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Lollipop 2014-04-06 17:35 - 2013-05-30 16:15 - 00000000 ____D () C:\Users\Jörg\AppData\Local\CrashDumps 2014-04-03 11:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-31 23:18 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 03:51 - 2013-03-02 12:45 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-28 10:30 - 2013-08-16 18:43 - 00000000 ____D () C:\Users\Jörg\Downloads\Bilder Some content of TEMP: ==================== C:\Users\Jörg\AppData\Local\Temp\InstHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-17 12:45 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition.txtFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-04-2014 01 Ran by Jörg at 2014-04-19 07:57:21 Running from C:\Users\Jörg\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP) Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP) HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - ) Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) PeaZip 4.8.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) ==================== Restore Points ========================= 13-04-2014 17:00:19 Windows-Sicherung 14-04-2014 15:46:39 Windows-Sicherung 15-04-2014 19:14:01 Removed Java 8 (64-bit) ==================== Hosts content: ========================== 2012-07-26 07:26 - 2014-04-06 19:33 - 00450639 ____R C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 0Scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 Gadgets And More 127.0.0.1 10sek.com 127.0.0.1 www.1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05CFA7CA-BF05-41AB-856F-44893CE0BA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-12] (Adobe Systems Incorporated) Task: {09EC757E-839C-44BC-AA2C-D886E9D8884E} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-12-23] (RealNetworks, Inc.) Task: {160ABBDF-40C9-46FD-8618-84BDB8C0C0EA} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {166C6F55-3CC8-4182-ACC5-E8A37B829A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {1C0457F1-486E-4F5B-819F-8EC2D500BF34} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {1F2602B0-D1C7-4967-858E-1846F7527E09} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {23C79B54-CCA0-4912-9391-BBAD10DB095A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {70D27CF5-CD25-4EB0-9FCA-64227D8996CB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {74096BB9-CE73-41BD-B2E0-2DFC9446D806} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7C906787-F4A2-4645-950A-7561888C806D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe Task: {8367C11D-BAAB-40B6-A64C-B3F392EC5F9B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software) Task: {8E7E0702-2851-4DC2-9484-321D3204C6A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {9541B63D-C604-475C-8255-746756404574} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {980D554F-9C0E-4CCC-960F-6CB2BBA9737C} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () Task: {A35DB7B2-E473-40DB-A0DF-66554079B6E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {B48256EB-4050-49BF-B398-0C67868E274E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {D6FEEA11-2D8D-48A0-897A-A7C02BEAAC63} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {E872139C-651C-4CA8-931F-D780A5ED0D96} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe Task: {EAD45328-BB32-46DA-ACA5-D94691A229DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F436C26F-358F-46DA-8933-A5B608DA948D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-05] (AVAST Software) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-02 15:00 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-04 21:06 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll 2013-03-02 13:57 - 2013-03-02 13:57 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-04-19 07:31 - 2014-04-19 07:31 - 02215424 _____ () C:\Program Files\AVAST Software\Avast\defs\14041802\algo.dll 2013-03-05 01:56 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2013-03-05 01:56 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2013-03-05 01:56 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2013-03-05 01:56 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2013-03-05 01:56 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl 2013-03-05 01:56 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl 2013-12-07 10:55 - 2013-12-07 10:55 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2014-02-18 00:19 - 2014-02-18 00:19 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: WAN-Miniport (Netzwerkmonitor) Description: WAN-Miniport (Netzwerkmonitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/19/2014 07:54:37 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/19/2014 07:54:33 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/19/2014 06:45:22 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/19/2014 06:45:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/18/2014 09:10:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/18/2014 09:10:13 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/17/2014 01:06:13 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Error: (04/17/2014 01:06:13 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/17/2014 00:51:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/17/2014 00:51:37 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (04/19/2014 07:56:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/19/2014 07:56:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/19/2014 07:56:00 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/19/2014 07:54:00 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (04/19/2014 07:54:37 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/19/2014 07:54:33 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/19/2014 06:45:22 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/19/2014 06:45:19 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/18/2014 09:10:17 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/18/2014 09:10:13 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/17/2014 01:06:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Users\Jörg\Downloads\SoftonicDownloader_for_earthquake-3d.exe Error: (04/17/2014 01:06:13 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Users\Jörg\Downloads\SoftonicDownloader_fuer_paragon-partition-manager.exe Error: (04/17/2014 00:51:37 PM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/17/2014 00:51:37 PM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe CodeIntegrity Errors: =================================== Date: 2013-03-27 21:18:36.379 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 21:18:12.566 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 21:02:16.637 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 20:46:14.027 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 18:40:53.134 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 18:24:09.056 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 10:23:04.848 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\guard64.dll because the set of per-page image hashes could not be found on the system. Date: 2013-03-27 09:29:59.001 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\JRG~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-27 08:43:44.819 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\JRG~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2013-03-27 08:18:18.577 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\JRG~1\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 4054.54 MB Available physical RAM: 2769.3 MB Total Pagefile: 8150.54 MB Available Pagefile: 6758.12 MB Total Virtual: 8192 MB Available Virtual: 8191.76 MB ==================== Drives ================================ Drive c: (Win8) (Fixed) (Total:465.42 GB) (Free:337.48 GB) NTFS Drive d: (WD-1) (Fixed) (Total:326.04 GB) (Free:24.7 GB) NTFS Drive e: (FARCRY2) (CDROM) (Total:3.67 GB) (Free:0 GB) UDF Drive f: (WD-2) (Fixed) (Total:436.08 GB) (Free:115.03 GB) NTFS Drive g: (Neues Laufwerk) (Fixed) (Total:169.37 GB) (Free:169.05 GB) NTFS Drive l: (Volume) (Fixed) (Total:931.51 GB) (Free:549.33 GB) NTFS Drive n: () (Removable) (Total:7.42 GB) (Free:2.03 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9A96E11F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=436 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=326 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=169 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D1278E23) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 8 (Size: 7 GB) (Disk ID: 4416DB50) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ Zitat:
glg cafee |
24.04.2014, 07:16 | #6 |
/// the machine /// TB-Ausbilder | immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC Poste bitte mal das Log von ESET, was da so alles angeblich böses gefunden wird.
__________________ --> immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC |
24.04.2014, 09:00 | #7 |
| immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2014 Ran by Jörg (administrator) on JÖRGI on 24-04-2014 09:39:41 Running from C:\Users\Jörg\Desktop Windows 8 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicShellService.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (Freemake) C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe (Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (VIA Technologies, Inc.) C:\Windows\system32\viakaraokesrv.exe (IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\LiveComm.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (RealNetworks, Inc.) C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [3933496 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation) HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-23] (RealNetworks, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\Run: [rfxsrvtray] => C:\Program Files (x86)\Tobit Radio.fx\Client\rfx-tray.exe [1838872 2013-02-07] (Tobit.Software) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\Run: [PC Suite Tray] => C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [1516632 2012-06-26] (Nokia) HKU\S-1-5-21-2502406073-1232304317-553576181-1001\...\MountPoints2: {a5919ca4-84df-11e2-be70-806e6f6e6963} - "E:\setup.exe" IFEO\chrome.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2013\TUAutoReactivator64.exe" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== URLSearchHook: HKCU - (No Name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File SearchScopes: HKCU - DefaultScope {460C3D19-B3D4-4964-A550-77D263B0CCCB} URL = SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = BHO: No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default FF NewTab: www.google.com FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.eset.com FF Keyword.URL: https://www.google.com/search FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF Plugin-x32: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF Plugin-x32: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll () FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\searchplugins\findr.xml FF SearchPlugin: C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\searchplugins\iminent.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\webssearches.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: MediaPlayerplus - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\a9719e64-232b-4695-ae9c-a89cd7f2aa84@ca1279df-bc0d-44a8-97ef-19301c922b68.com [2014-04-12] FF Extension: German Dictionary, extended for Austria - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\de-AT@dictionaries.addons.mozilla.org [2013-03-05] FF Extension: LavaFox V2-Blue - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\djziggy@gmail.com [2014-01-29] FF Extension: Freeven Pro 1.3 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\e20dc619-d8c4-48f1-ae07-641cefb43165@3c4d943f-ad97-4f6e-aa94-d9671175a3d0.com [2014-04-12] FF Extension: British English Dictionary (Updated) - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\en-gb@flyingtophat.co.uk [2014-01-31] FF Extension: United States English Spellchecker - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\en-US@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario Español Argentina - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-AR@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario de Español/México - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-MX@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Diccionario en Español para Venezuela - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\es-ve@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: LavaFox V2 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\info@djzig.com [2014-01-29] FF Extension: Dizionario italiano - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\it-IT@dictionaries.addons.mozilla.org [2013-03-06] FF Extension: Brazilian Portuguese (Current Spelling) - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\pt-BR@dictionaries.addons.mozilla.org [2014-02-08] FF Extension: Corretor para Português de Portugal - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\pt-PT@dictionaries.addons.mozilla.org [2014-04-05] FF Extension: LavaFox V2-Purple - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\zigboom555@aol.com [2014-01-29] FF Extension: LavaFox V2-Green - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\zigboom@ymail.com [2014-01-29] FF Extension: Ghostery - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\firefox@ghostery.com.xpi [2013-11-27] FF Extension: YouTube HTML5 Switch - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\jid0-coCUQ7NySNPcj72dA3557kKXGZU@jetpack.xpi [2013-03-13] FF Extension: YouTube HD - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\jid0-HbNL9qqBkuuKRhJ9ncTonCky1HU@jetpack.xpi [2013-10-18] FF Extension: Traditional Chinese (zh-TW) Language Pack - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\langpack-zh-TW@firefox.mozilla.org.xpi [2013-03-05] FF Extension: Stylish - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2013-06-08] FF Extension: Easy Youtube Video Downloader Express - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2013-10-21] FF Extension: Download YouTube Videos as MP4 - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-10-20] FF Extension: Adblock Plus - C:\Users\Jörg\AppData\Roaming\Mozilla\Firefox\Profiles\9syqvn1j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-03-12] FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-22] FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: No Name - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] FF HKLM-x32\...\Firefox\Extensions: [fmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [ytfmdownloader@gmail.com] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-12-23] FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [] FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-04-22] Chrome: ======= CHR HomePage: hxxp://go.findrsearch.com CHR RestoreOnStartup: "hxxp://www.google.com/" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll () CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Extension: (Freeven Pro 1.3) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbpopomabpienjnifocifondadaogpj [2014-04-12] CHR Extension: (Google Docs) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-02] CHR Extension: (Google Drive) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-02] CHR Extension: (YouTube) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-02] CHR Extension: (Last updated at $time$ on $date$) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-02] CHR Extension: (Google Search) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-02] CHR Extension: (Mac OSX Font Rendering) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbokdhnlldmknaijpgikegjffnlpaamk [2013-03-02] CHR Extension: (AdBlock) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-03-02] CHR Extension: (Lone Tree) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip [2013-03-04] CHR Extension: (No Name) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2013-03-02] CHR Extension: (MediaPlayerplus) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd [2014-04-12] CHR Extension: (No Name) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-03-16] CHR Extension: (Gmail) - C:\Users\Jörg\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-02] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-07-03] CHR HKLM-x32\...\Chrome\Extension: [bpegkgagfojjbcpkihigfmkojdmmimdf] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\Freemake.Plugin.Chrome.crx [2013-11-06] CHR HKLM-x32\...\Chrome\Extension: [ehgldbbpchgpcfagfpfjgoomddhccfgh] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Chrome\ChromeYoutubePlugin.crx [2013-11-06] CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14] CHR HKLM-x32\...\Chrome\Extension: [kiplfnciaokpcennlkldkdaeaaomamof] - C:\Users\Jörg\AppData\Local\Torch\Plugins\TorchPlugin.crx [2013-08-14] CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2012-12-29] (IvoSoft) R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET) R2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [101888 2013-12-09] (Freemake) R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2013-11-08] (Ellora Assets Corp.) R2 Radio.fx; C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe [3999512 2013-06-03] () R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2412344 2014-01-28] (TuneUp Software) R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27792 2012-08-03] (VIA Technologies, Inc.) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation) S2 HPSLPSVC; C:\Users\JRG~1\AppData\Local\Temp\7zS1478\hpslpsvc64.dll [X] ==================== Drivers (Whitelisted) ==================== S3 camfilt2; C:\Windows\system32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation) R3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider) R3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider) R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET) R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [239296 2013-09-17] (ESET) R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET) R2 epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET) S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [11880 2012-11-16] (TuneUp Software) S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X] S3 NPF; system32\drivers\NPF.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 09:39 - 2014-04-24 09:39 - 00022959 _____ () C:\Users\Jörg\Desktop\FRST.txt 2014-04-24 09:34 - 2014-04-24 09:34 - 02061824 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe 2014-04-23 06:44 - 2014-04-23 06:44 - 00000000 __SHD () C:\Recovery 2014-04-23 06:21 - 2014-04-23 06:37 - 00001677 _____ () C:\Windows\setupact.log 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagwrn.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagerr.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\Program Files\ESET 2014-04-21 07:51 - 2014-04-21 07:51 - 00444872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 17:54 - 2014-02-04 01:56 - 00332632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-19 17:54 - 2014-02-04 01:56 - 00278872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-19 17:54 - 2014-01-31 05:55 - 00209712 _____ (Microsoft Corporation) C:\Windows\system32\NotificationUI.exe 2014-04-19 17:54 - 2014-01-31 02:48 - 00564736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00485888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll 2014-04-19 17:54 - 2014-01-31 02:48 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll 2014-04-19 17:54 - 2014-01-31 02:06 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-04-19 17:54 - 2014-01-27 05:42 - 02232664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-04-19 17:54 - 2014-01-27 05:39 - 01939288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-19 17:54 - 2014-01-27 02:52 - 17561088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-04-19 17:54 - 2014-01-27 02:31 - 19752448 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-04-19 17:54 - 2014-01-27 01:17 - 00386722 _____ () C:\Windows\system32\ApnDatabase.xml 2014-04-19 17:54 - 2014-01-16 01:42 - 00118784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dfsc.sys 2014-04-19 17:54 - 2014-01-11 08:48 - 05979648 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-04-19 17:54 - 2014-01-11 07:06 - 05092352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-04-19 17:54 - 2014-01-03 01:35 - 00365568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll 2014-04-19 17:54 - 2014-01-03 01:32 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2014-04-19 17:52 - 2014-03-07 02:48 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-19 17:52 - 2014-03-07 02:48 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 14357504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 13760512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-19 17:52 - 2014-03-07 02:47 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 19273216 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 02240000 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00915968 _____ (Microsoft Corporation) C:\Windows\system32\uxtheme.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-19 17:52 - 2014-03-07 02:08 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-19 17:52 - 2014-02-08 06:34 - 04036608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-04-19 17:52 - 2014-02-06 01:41 - 01257984 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-19 17:52 - 2014-02-06 01:41 - 00978432 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-04-19 17:52 - 2014-02-06 01:26 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2014-04-19 17:52 - 2014-02-06 01:19 - 00974848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-19 17:52 - 2013-10-25 09:34 - 00035856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys 2014-04-19 17:52 - 2013-10-25 00:34 - 00248240 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys 2014-04-19 17:52 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll 2014-04-19 17:52 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll 2014-04-19 17:52 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-19 17:52 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-19 17:52 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-19 17:52 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-19 17:52 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2014-04-19 17:52 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-19 17:52 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uxtheme.dll 2014-04-19 17:52 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-19 17:52 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-19 17:52 - 2012-07-26 05:06 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-19 17:51 - 2014-02-06 01:41 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-04-19 17:51 - 2014-02-06 01:37 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-04-19 17:51 - 2014-01-31 02:48 - 01339392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-04-19 17:51 - 2014-01-31 02:06 - 01628160 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-04-19 17:44 - 2014-04-19 17:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\ESET 2014-04-19 07:57 - 2014-04-19 07:58 - 00029977 _____ () C:\Users\Jörg\Downloads\Addition.txt 2014-04-19 07:56 - 2014-04-24 09:39 - 00000000 ____D () C:\FRST 2014-04-19 07:56 - 2014-04-19 07:58 - 00044162 _____ () C:\Users\Jörg\Downloads\FRST.txt 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\DriverCure 2014-04-15 22:48 - 2014-04-15 23:08 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-04-15 22:36 - 2014-04-19 14:27 - 01001716 _____ () C:\Windows\PFRO.log 2014-04-12 16:54 - 2014-04-19 13:56 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-12 16:50 - 2014-04-13 01:47 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Lollipop ==================== One Month Modified Files and Folders ======= 2014-04-24 09:39 - 2014-04-24 09:39 - 00022959 _____ () C:\Users\Jörg\Desktop\FRST.txt 2014-04-24 09:39 - 2014-04-19 07:56 - 00000000 ____D () C:\FRST 2014-04-24 09:34 - 2014-04-24 09:34 - 02061824 _____ (Farbar) C:\Users\Jörg\Desktop\FRST64.exe 2014-04-24 09:24 - 2014-01-02 14:59 - 00000348 _____ () C:\Windows\Tasks\HP Photo Creations Communicator.job 2014-04-24 09:16 - 2013-03-02 14:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-24 09:01 - 2012-07-26 12:27 - 00752930 _____ () C:\Windows\system32\perfh007.dat 2014-04-24 09:01 - 2012-07-26 12:27 - 00156156 _____ () C:\Windows\system32\perfc007.dat 2014-04-24 09:01 - 2012-07-26 09:28 - 01748838 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-24 09:00 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\sru 2014-04-24 08:57 - 2013-03-02 15:01 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-04-24 08:57 - 2012-07-26 09:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 11:51 - 2014-02-15 14:11 - 00000000 ____D () C:\Users\Jörg\Desktop\Mozilla Bookmarks 2014-04-23 08:26 - 2013-03-02 12:28 - 01418546 _____ () C:\Windows\WindowsUpdate.log 2014-04-23 07:38 - 2012-07-26 07:26 - 00000000 ___HD () C:\$WINDOWS.~BT 2014-04-23 06:44 - 2014-04-23 06:44 - 00000000 __SHD () C:\Recovery 2014-04-23 06:37 - 2014-04-23 06:21 - 00001677 _____ () C:\Windows\setupact.log 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagwrn.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00001890 _____ () C:\Windows\diagerr.xml 2014-04-23 06:21 - 2014-04-23 06:21 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-22 20:10 - 2013-03-05 10:34 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\OpenCandy 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\ProgramData\ESET 2014-04-22 12:25 - 2014-04-22 12:25 - 00000000 ____D () C:\Program Files\ESET 2014-04-21 18:13 - 2013-03-28 11:08 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-04-21 17:53 - 2013-10-27 13:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedTestAnalysis 2014-04-21 11:47 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\rescache 2014-04-21 08:16 - 2013-03-02 14:00 - 00003772 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-21 08:03 - 2013-06-26 20:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-21 07:51 - 2014-04-21 07:51 - 00444872 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-19 18:02 - 2013-03-02 12:29 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 18:02 - 2013-03-02 12:29 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Windows\ToastData 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\WinStore 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Windows Defender 2014-04-19 17:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender 2014-04-19 17:57 - 2013-09-10 09:37 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-19 17:55 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\ELAM 2014-04-19 17:44 - 2014-04-19 17:44 - 00000000 ____D () C:\Users\Jörg\AppData\Local\ESET 2014-04-19 17:15 - 2013-03-02 12:35 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2502406073-1232304317-553576181-1001 2014-04-19 15:08 - 2013-03-02 14:03 - 00000000 ____D () C:\Program Files (x86)\VideoLAN 2014-04-19 15:07 - 2014-02-14 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Two Worlds Pinball 2014-04-19 15:07 - 2014-02-14 15:02 - 00000000 ____D () C:\Program Files (x86)\Two Worlds Pinball 2014-04-19 15:01 - 2013-03-02 12:28 - 00000000 ____D () C:\Users\Jörg 2014-04-19 14:27 - 2014-04-15 22:36 - 01001716 _____ () C:\Windows\PFRO.log 2014-04-19 14:22 - 2013-03-02 14:06 - 00000000 ____D () C:\ProgramData\AVAST Software 2014-04-19 13:59 - 2013-03-07 11:47 - 00000000 ____D () C:\Users\I-Net 2014-04-19 13:59 - 2012-07-26 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-19 13:58 - 2013-12-15 05:11 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft 2014-04-19 13:58 - 2013-10-27 13:00 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paragon Partition Manager™ 2013 Free 2014-04-19 13:58 - 2013-10-18 01:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-04-19 13:58 - 2013-07-24 16:26 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\IrfanView 2014-04-19 13:58 - 2013-05-12 16:11 - 00000000 ____D () C:\ProgramData\TechSmith 2014-04-19 13:58 - 2013-05-12 16:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TechSmith 2014-04-19 13:58 - 2013-04-27 13:56 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlayLogic 2014-04-19 13:58 - 2013-04-01 10:28 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake 2014-04-19 13:58 - 2013-03-15 21:16 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\dvdcss 2014-04-19 13:58 - 2013-03-07 11:48 - 00000000 ___RD () C:\Users\I-Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-04-19 13:58 - 2013-03-07 11:48 - 00000000 ___RD () C:\Users\I-Net\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2014-04-19 13:58 - 2013-03-05 01:57 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-04-19 13:58 - 2013-03-04 21:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Nachschlagewerke 2014-04-19 13:58 - 2013-03-04 21:01 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Autostart 2014-04-19 13:58 - 2013-03-02 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ___RD () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility 2014-04-19 13:58 - 2013-03-02 12:28 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-04-19 13:58 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\system32\Macromed 2014-04-19 13:58 - 2012-07-26 07:38 - 00000000 ____D () C:\Windows\system32\Sysprep 2014-04-19 13:58 - 2012-07-26 07:37 - 00000000 ____D () C:\Windows\servicing 2014-04-19 13:56 - 2014-04-12 16:54 - 00000000 ____D () C:\Program Files (x86)\SupTab 2014-04-19 13:56 - 2013-05-12 16:11 - 00000000 ____D () C:\Program Files (x86)\TechSmith 2014-04-19 13:56 - 2013-03-02 14:05 - 00000000 ____D () C:\Program Files\CDBurnerXP 2014-04-19 13:56 - 2013-03-02 14:01 - 00000000 ____D () C:\Program Files (x86)\Java 2014-04-19 13:56 - 2012-07-26 10:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-19 13:53 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\registration 2014-04-19 13:50 - 2013-05-06 18:53 - 00000000 ____D () C:\ProgramData\Real 2014-04-19 13:49 - 2013-07-09 18:49 - 00000000 ____D () C:\Program Files\Java 2014-04-19 08:24 - 2013-03-05 20:01 - 00019697 _____ () C:\ProgramData\hpzinstall.log 2014-04-19 07:58 - 2014-04-19 07:57 - 00029977 _____ () C:\Users\Jörg\Downloads\Addition.txt 2014-04-19 07:58 - 2014-04-19 07:56 - 00044162 _____ () C:\Users\Jörg\Downloads\FRST.txt 2014-04-18 02:26 - 2012-07-26 07:26 - 00262144 ___SH () C:\Windows\system32\config\BBI 2014-04-15 23:08 - 2014-04-15 22:48 - 00000000 ____D () C:\ProgramData\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\SpeedMaxPc 2014-04-15 22:49 - 2014-04-15 22:49 - 00000000 ____D () C:\Users\Jörg\AppData\Roaming\DriverCure 2014-04-13 01:47 - 2014-04-12 16:50 - 00000000 ____D () C:\Users\Jörg\AppData\Local\Lollipop 2014-04-12 17:43 - 2013-11-15 14:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue 2014-04-06 17:35 - 2013-05-30 16:15 - 00000000 ____D () C:\Users\Jörg\AppData\Local\CrashDumps 2014-04-03 11:59 - 2012-07-26 10:12 - 00000000 ____D () C:\Windows\AUInstallAgent 2014-03-31 23:18 - 2012-07-26 10:14 - 00694232 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-31 23:18 - 2012-07-26 10:14 - 00078296 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-31 03:51 - 2013-03-02 12:45 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-28 10:30 - 2013-08-16 18:43 - 00000000 ____D () C:\Users\Jörg\Downloads\Bilder Some content of TEMP: ==================== C:\Users\Jörg\AppData\Local\Temp\InstHelper.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-17 12:45 ==================== End Of Log ============================ --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014 Ran by Jörg at 2014-04-24 09:58:23 Running from C:\Users\Jörg\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AIO_CDB_ProductContext (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Ancient Wars - Sparta (HKLM-x32\...\{554532CE-43E2-4B4F-BBDE-27742A32C236}) (Version: 1.00.0000 - PlayLogic) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Ashampoo Burning Studio 9.24 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP) Classic Link Drivers (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 3.2.2.1 - Hercules) Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DVS Video Downloader Addon for Mozilla Firefox version 4.3.3.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.3.15 - DVDVideoSoft Ltd.) eJay Dance 6 Reloaded (HKLM-x32\...\YelsieJayDance6Reloaded_is1) (Version: - Yelsi AG) ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.) eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden F300 (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname) Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.4.628 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.1.320 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.1 - Ellora Assets Corporation) GEAR driver installer (HKLM-x32\...\{0590062B-1E79-4717-B1AC-45B6DCA43B36}) (Version: 4.001.7 - GEAR Software) GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 2.7.2.6 - 1 und 1 Internet AG) GMX SMS-Manager (x32 Version: 2.7.2 - 1 und 1 Internet AG) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules) Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 3.2.2.1 - Hercules) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP) HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - ) K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - ) LibreOffice 4.0.0.3 (HKLM-x32\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation) Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) MAGIX Foto Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.1.136 - MAGIX AG) MAGIX Foto Manager 10 (x32 Version: 8.0.1.136 - MAGIX AG) Hidden MAGIX Music Maker Rock Edition 4 (HKLM-x32\...\MAGIX_MSI_mm17_rock_edition_4) (Version: 6.0.0.6 - MAGIX AG) MAGIX Music Maker Rock Edition 4 (x32 Version: 6.0.0.6 - MAGIX AG) Hidden MAGIX Online Druck Service (HKLM-x32\...\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.1.0-478 - myphotobook GmbH) MAGIX Online Druck Service (x32 Version: 1.1.0 - myphotobook GmbH) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\{D8771580-3651-410C-82CF-EFE11FAD5D81}) (Version: 7.0.2.6 - MAGIX AG) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - ) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Opera Stable 19.0.1326.56 (HKLM-x32\...\Opera 19.0.1326.56) (Version: 19.0.1326.56 - Opera Software ASA) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Paragon Partition Manager™ 2013 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PeaZip 4.8.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games) Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden Skype™ 6.2 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.2.106 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team) Tom Clancy's Rainbow Six: Lockdown (HKLM-x32\...\{3BB33584-3860-4772-AEE9-D8E61F552896}) (Version: 1.02.000 - ) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 15-04-2014 19:14:01 Removed Java 8 (64-bit) 19-04-2014 11:46:02 Wiederherstellungsvorgang 20-04-2014 17:00:24 Windows-Sicherung 22-04-2014 10:24:11 ESET NOD32 Antivirus wurde installiert ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-11-26 11:49 - 00450639 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 0Scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 Gadgets And More 127.0.0.1 10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05CFA7CA-BF05-41AB-856F-44893CE0BA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21] (Adobe Systems Incorporated) Task: {09EC757E-839C-44BC-AA2C-D886E9D8884E} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-12-23] (RealNetworks, Inc.) Task: {141097DB-C12F-445C-8FC2-698BD3793A01} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {166C6F55-3CC8-4182-ACC5-E8A37B829A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {35834043-4FDA-47E5-AF39-F8FFAF189D4E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {5A4BF9C9-7222-4C66-AAB6-DE6A8F413F17} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {70D27CF5-CD25-4EB0-9FCA-64227D8996CB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {7AEFA786-4A6A-4F2C-91C5-E25ACD7D202C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7C906787-F4A2-4645-950A-7561888C806D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {8367C11D-BAAB-40B6-A64C-B3F392EC5F9B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software) Task: {8E7E0702-2851-4DC2-9484-321D3204C6A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {9541B63D-C604-475C-8255-746756404574} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {980D554F-9C0E-4CCC-960F-6CB2BBA9737C} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () Task: {A35DB7B2-E473-40DB-A0DF-66554079B6E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E872139C-651C-4CA8-931F-D780A5ED0D96} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F1C674C6-0FC9-4D0C-B9DA-F7769BDAF654} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-02 15:00 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-04 21:06 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll 2013-03-02 13:57 - 2013-03-02 13:57 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-02-18 00:19 - 2014-02-18 00:19 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll 2013-06-26 20:12 - 2014-02-16 13:39 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: WAN-Miniport (Netzwerkmonitor) Description: WAN-Miniport (Netzwerkmonitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2014 09:13:29 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 09:13:21 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 08:58:44 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 08:58:38 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/23/2014 03:10:04 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 09:56:15 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 09:29:06 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (04/24/2014 09:22:43 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 09:20:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 09:20:43 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 09:18:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 09:01:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 08:59:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 08:59:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 08:59:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 08:57:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/24/2014 08:57:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (04/24/2014 09:13:29 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/24/2014 09:13:21 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/24/2014 08:58:44 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/24/2014 08:58:38 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/23/2014 03:10:04 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/23/2014 11:43:19 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 11:43:19 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 11:43:17 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 09:56:15 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 09:29:06 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe CodeIntegrity Errors: =================================== Date: 2014-04-19 17:46:30.884 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.202 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:38:25.096 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:27:50.729 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 16:27:55.212 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:35:24.653 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:28:06.701 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:22:34.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 4054.54 MB Available physical RAM: 1984.7 MB Total Pagefile: 4758.54 MB Available Pagefile: 2572.97 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Win8) (Fixed) (Total:465.42 GB) (Free:323.58 GB) NTFS Drive d: (WD-1) (Fixed) (Total:326.04 GB) (Free:22.83 GB) NTFS Drive f: (WD-2) (Fixed) (Total:436.08 GB) (Free:40.56 GB) NTFS Drive g: (Neues Laufwerk) (Fixed) (Total:169.37 GB) (Free:169.05 GB) NTFS Drive l: (Volume) (Fixed) (Total:931.51 GB) (Free:549.67 GB) NTFS Drive n: () (Removable) (Total:7.42 GB) (Free:2.03 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9A96E11F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=436 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=326 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=169 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D1278E23) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 8 (Size: 7 GB) (Disk ID: 4416DB50) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ |
24.04.2014, 18:49 | #8 |
| immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-04-2014 Ran by Jörg at 2014-04-24 09:58:23 Running from C:\Users\Jörg\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1030 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.9.0.1030 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) AIO_CDB_ProductContext (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden AIO_CDB_Software (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_CDB_ToolboxIni64 (Version: 82.0.242.000 - Hewlett-Packard) Hidden AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden Ancient Wars - Sparta (HKLM-x32\...\{554532CE-43E2-4B4F-BBDE-27742A32C236}) (Version: 1.00.0000 - PlayLogic) Apple Application Support (HKLM-x32\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.) Ashampoo Burning Studio 9.24 (HKLM-x32\...\Ashampoo Burning Studio 9_is1) (Version: 9.2.4 - ashampoo GmbH & Co. KG) BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Camtasia Studio 8 (HKLM-x32\...\{DB93E2C2-851F-44B2-B09C-351D2C624AE1}) (Version: 8.0.4.1060 - TechSmith Corporation) CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.1.3868 - CDBurnerXP) Classic Link Drivers (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: 3.2.2.1 - Hercules) Classic Shell (HKLM\...\{CB00799C-0E4F-4FD1-A046-BD24321BCDFF}) (Version: 3.6.5 - IvoSoft) Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden DocProcQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden DVS Video Downloader Addon for Mozilla Firefox version 4.3.3.15 (HKLM-x32\...\DVS Video Downloader Addon for Mozilla Firefox_is1) (Version: 4.3.3.15 - DVDVideoSoft Ltd.) eJay Dance 6 Reloaded (HKLM-x32\...\YelsieJayDance6Reloaded_is1) (Version: - Yelsi AG) ESET NOD32 Antivirus (HKLM\...\{7EE0D9E8-299E-4E7A-8BDE-B1D295E30077}) (Version: 7.0.302.26 - ESET, spol s r. o.) eSupportQFolder (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden F300 (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden F300_Help (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden F300Trb (x32 Version: 82.0.242.000 - Hewlett-Packard) Hidden Far Cry (HKLM-x32\...\InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC}) (Version: 1.00.0000 - Ihr Firmenname) Far Cry (x32 Version: 1.00.0000 - Ihr Firmenname) Hidden Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft) Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft) Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden Free Studio version 2013 (HKLM-x32\...\Free Studio_is1) (Version: 6.1.4.628 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.1.320 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.1.320 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.2 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.2 - Ellora Assets Corporation) Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.6.1 - Ellora Assets Corporation) GEAR driver installer (HKLM-x32\...\{0590062B-1E79-4717-B1AC-45B6DCA43B36}) (Version: 4.001.7 - GEAR Software) GMX SMS-Manager (HKLM-x32\...\com.unitedinternet.ums.sms-mms-manager) (Version: 2.7.2.6 - 1 und 1 Internet AG) GMX SMS-Manager (x32 Version: 2.7.2 - 1 und 1 Internet AG) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 31.0.1650.63 - Google Inc.) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden Hercules Classic Webcam Drivers (HKLM-x32\...\{5F0EE12C-44B1-4FCB-87E3-4686C888774A}) (Version: 1.00.0000 - Hercules) Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 3.2.2.1 - Hercules) HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP) HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.12412 - HP) HP Photosmart Officejet and Deskjet All-In-One Driver Software (HKLM\...\{6F5B70F0-EA6C-4A5B-BB16-8390BD66B251}) (Version: 14.0 - HP) HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B (HKLM\...\{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}) (Version: 8.0 - HP) HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP) HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation) IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle) Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle) Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden K-Lite Codec Pack 9.7.5 (64-bit) (HKLM\...\KLiteCodecPack64_is1) (Version: 9.7.5 - ) K-Lite Codec Pack 9.7.5 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 9.7.5 - ) LibreOffice 4.0.0.3 (HKLM-x32\...\{8EA569F1-97AF-4C3E-A0CB-4846C2D35A81}) (Version: 4.0.0.3 - The Document Foundation) Logitech Unifying-Software 2.10 (HKLM\...\Logitech Unifying) (Version: 2.10.37 - Logitech) MAGIX Foto Manager 10 (HKLM-x32\...\MAGIX_MSI_Foto_Manager_10) (Version: 8.0.1.136 - MAGIX AG) MAGIX Foto Manager 10 (x32 Version: 8.0.1.136 - MAGIX AG) Hidden MAGIX Music Maker Rock Edition 4 (HKLM-x32\...\MAGIX_MSI_mm17_rock_edition_4) (Version: 6.0.0.6 - MAGIX AG) MAGIX Music Maker Rock Edition 4 (x32 Version: 6.0.0.6 - MAGIX AG) Hidden MAGIX Online Druck Service (HKLM-x32\...\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1) (Version: 1.1.0-478 - myphotobook GmbH) MAGIX Online Druck Service (x32 Version: 1.1.0 - myphotobook GmbH) Hidden MAGIX Speed burnR (MSI) (HKLM-x32\...\{D8771580-3651-410C-82CF-EFE11FAD5D81}) (Version: 7.0.2.6 - MAGIX AG) MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Microsoft Office 97, Professional Edition (HKLM-x32\...\Office8.0) (Version: - ) Microsoft Text-to-Speech Engine 4.0 (English) (HKLM-x32\...\MSTTS) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla) MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia) Nokia PC Suite (HKLM-x32\...\Nokia PC Suite) (Version: 7.1.180.94 - Nokia) Nokia PC Suite (x32 Version: 7.1.180.94 - Nokia) Hidden NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3165 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.15.2 - NVIDIA Corporation) Hidden OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP) Opera Stable 19.0.1326.56 (HKLM-x32\...\Opera 19.0.1326.56) (Version: 19.0.1326.56 - Opera Software ASA) Opera Stable 20.0.1387.91 (HKLM-x32\...\Opera 20.0.1387.91) (Version: 20.0.1387.91 - Opera Software ASA) Paragon Partition Manager™ 2013 Free (HKLM-x32\...\{47E5588F-C3A0-11DE-9857-005056C00008}) (Version: 90.00.0003 - Paragon Software) PC Connectivity Solution (HKLM-x32\...\{644F4910-E812-49AD-93EC-86828CB81A0D}) (Version: 12.0.27.0 - Nokia) PeaZip 4.8.1 (WIN64) (HKLM\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: - Giorgio Tani) Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden Radio.fx (HKLM-x32\...\Tobit Radio.fx Server) (Version: - Tobit.Software) RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks) RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden Sid Meier's Civilization 4 (HKLM-x32\...\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}) (Version: 1.61 - Firaxis Games) Sid Meier's Civilization 4 (x32 Version: 1.61 - Firaxis Games) Hidden Skype™ 6.2 (HKLM-x32\...\{1845470B-EB14-4ABC-835B-E36C693DC07D}) (Version: 6.2.106 - Skype Technologies S.A.) SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden Stellarium 0.12.0 (HKLM\...\Stellarium_is1) (Version: 0.12.0 - Stellarium team) Tom Clancy's Rainbow Six: Lockdown (HKLM-x32\...\{3BB33584-3860-4772-AEE9-D8E61F552896}) (Version: 1.02.000 - ) Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden Toolbox (x32 Version: 82.0.173.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden TuneUp Utilities 2013 (HKLM-x32\...\TuneUp Utilities 2013) (Version: 13.0.4000.245 - TuneUp Software) TuneUp Utilities 2013 (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.4000.245 - TuneUp Software) Hidden UnloadSupport (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft) VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.) VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN) WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) (HKLM\...\E0AC723A3DE3A04256288CADBBB011B112AED454) (Version: 02/25/2011 4.7 - Nokia) Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) (HKLM\...\72A50F48CC5601190B9C4E74D81161693133E7F7) (Version: 02/25/2011 7.01.0.9 - Nokia) Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.) ==================== Restore Points ========================= 15-04-2014 19:14:01 Removed Java 8 (64-bit) 19-04-2014 11:46:02 Wiederherstellungsvorgang 20-04-2014 17:00:24 Windows-Sicherung 22-04-2014 10:24:11 ESET NOD32 Antivirus wurde installiert ==================== Hosts content: ========================== 2012-07-26 07:26 - 2013-11-26 11:49 - 00450639 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 [¹ã³¡ÎèÀÏÆÅ×î´óÇ¡Ç¡,¹ã³¡ÎèÃñ×åÎè,ÔÆÉѹ㳡ÎèÌÒ»¨ÔËÇ¡Ç¡],2014Ê×Ò³ 127.0.0.1 032439.com 127.0.0.1 0Scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ 127.0.0.1 www.100sexlinks.com 127.0.0.1 100sexlinks.com 127.0.0.1 Gadgets And More 127.0.0.1 10sek.com 127.0.0.1 1-2005-search.com 127.0.0.1 1-2005-search.com 127.0.0.1 www.123fporn.info 127.0.0.1 123fporn.info 127.0.0.1 123haustiereundmehr.com 127.0.0.1 www.123haustiereundmehr.com 127.0.0.1 123moviedownload.com There are 1000 more lines. ==================== Scheduled Tasks (whitelisted) ============= Task: {05CFA7CA-BF05-41AB-856F-44893CE0BA51} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-21] (Adobe Systems Incorporated) Task: {09EC757E-839C-44BC-AA2C-D886E9D8884E} - System32\Tasks\Real Player-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [2013-12-23] (RealNetworks, Inc.) Task: {141097DB-C12F-445C-8FC2-698BD3793A01} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {166C6F55-3CC8-4182-ACC5-E8A37B829A1B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {35834043-4FDA-47E5-AF39-F8FFAF189D4E} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {5A4BF9C9-7222-4C66-AAB6-DE6A8F413F17} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2014-01-31] (Microsoft Corporation) Task: {70D27CF5-CD25-4EB0-9FCA-64227D8996CB} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated) Task: {7AEFA786-4A6A-4F2C-91C5-E25ACD7D202C} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: {7C906787-F4A2-4645-950A-7561888C806D} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation) Task: {8367C11D-BAAB-40B6-A64C-B3F392EC5F9B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe [2014-01-28] (TuneUp Software) Task: {8E7E0702-2851-4DC2-9484-321D3204C6A5} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14] (RealNetworks, Inc.) Task: {9541B63D-C604-475C-8255-746756404574} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup Task: {980D554F-9C0E-4CCC-960F-6CB2BBA9737C} - System32\Tasks\HP Photo Creations Communicator => C:\ProgramData\HP Photo Creations\Communicator.exe [2011-09-20] () Task: {A35DB7B2-E473-40DB-A0DF-66554079B6E7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-02] (Google Inc.) Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {E872139C-651C-4CA8-931F-D780A5ED0D96} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {F1C674C6-0FC9-4D0C-B9DA-F7769BDAF654} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2502406073-1232304317-553576181-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe [2013-08-14] (RealNetworks, Inc.) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HP Photo Creations Communicator.job => C:\ProgramData\HP Photo Creations\Communicator.exe ==================== Loaded Modules (whitelisted) ============= 2013-03-02 15:00 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-04 21:06 - 2013-06-03 13:06 - 03999512 _____ () C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe 2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe 2014-01-28 10:37 - 2014-01-28 10:37 - 00741176 _____ () C:\Program Files (x86)\TuneUp Utilities 2013\avgrepliba.dll 2013-03-02 13:57 - 2013-03-02 13:57 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4406.1205_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00078480 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll 2013-03-02 14:47 - 2012-08-09 12:55 - 00386192 _____ () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll 2014-02-18 00:19 - 2014-02-18 00:19 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\b7497ee745bead9869f53a314470edeb\PSIClient.ni.dll 2013-06-26 20:12 - 2014-02-16 13:39 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= Name: avast! Firewall NDIS Filter Miniport Description: avast! Firewall NDIS Filter Miniport Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: ALWIL Software Service: aswNdis Problem: : Windows cannot start this hardware device because its configuration information (in the registry) is incomplete or damaged. (Code 19) Resolution: A registry problem was detected. This can occur when more than one service is defined for a device, if there is a failure opening the service subkey, or if the driver name cannot be obtained from the service subkey. Try these options: On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Click "Uninstall", and then click "Scan for hardware changes" to load a usable driver. Name: Standardtastatur (PS/2) Description: Standardtastatur (PS/2) Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standardtastaturen) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: WAN-Miniport (Netzwerkmonitor) Description: WAN-Miniport (Netzwerkmonitor) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: NdisWan Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (04/24/2014 09:13:29 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 09:13:21 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 08:58:44 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"1". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/24/2014 08:58:38 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (04/23/2014 03:10:04 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:19 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 11:43:17 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 09:56:15 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifest. Error: (04/23/2014 09:29:06 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1". Die abhängige Assemblierung "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". System errors: ============= Error: (04/24/2014 09:22:43 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 09:20:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 09:20:43 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 09:18:43 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 09:01:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 08:59:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 08:59:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "HP Network Devices Support" wurde mit folgendem Fehler beendet: %%126 Error: (04/24/2014 08:59:36 AM) (Source: DCOM) (User: NT-AUTORITÄT) Description: {10DA4F3C-CC99-4190-BE4D-58330754E882} Error: (04/24/2014 08:57:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (04/24/2014 08:57:36 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "WinPcap Packet Driver (NPF)" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Microsoft Office Sessions: ========================= Error: (04/24/2014 09:13:29 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/24/2014 09:13:21 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/24/2014 08:58:44 AM) (Source: SideBySide)(User: ) Description: rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe Error: (04/24/2014 08:58:38 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe Error: (04/23/2014 03:10:04 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe Error: (04/23/2014 11:43:19 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 11:43:19 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 11:43:17 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 09:56:15 AM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_418ab7ef718b27ef.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9200.16579_none_8937eec6860750f5.manifestN:\Sicherheit\esetsmartinstaller_enu.exe Error: (04/23/2014 09:29:06 AM) (Source: SideBySide)(User: ) Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Program Files (x86)\Hercules\Webcam Station Evolution SE\StationEvSE.exe CodeIntegrity Errors: =================================== Date: 2014-04-19 17:46:30.884 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.265 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.234 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:45:23.202 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:38:25.096 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 17:27:50.729 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 16:27:55.212 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:35:24.653 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:28:06.701 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. Date: 2014-04-19 15:22:34.881 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\kernel32.dll because the set of per-page image hashes could not be found on the system. ==================== Memory info =========================== Percentage of memory in use: 51% Total physical RAM: 4054.54 MB Available physical RAM: 1984.7 MB Total Pagefile: 4758.54 MB Available Pagefile: 2572.97 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: (Win8) (Fixed) (Total:465.42 GB) (Free:323.58 GB) NTFS Drive d: (WD-1) (Fixed) (Total:326.04 GB) (Free:22.83 GB) NTFS Drive f: (WD-2) (Fixed) (Total:436.08 GB) (Free:40.56 GB) NTFS Drive g: (Neues Laufwerk) (Fixed) (Total:169.37 GB) (Free:169.05 GB) NTFS Drive l: (Volume) (Fixed) (Total:931.51 GB) (Free:549.67 GB) NTFS Drive n: () (Removable) (Total:7.42 GB) (Free:2.03 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 9A96E11F) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 932 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=436 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=326 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=169 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: D1278E23) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ======================================================== Disk: 8 (Size: 7 GB) (Disk ID: 4416DB50) Partition 1: (Not Active) - (Size=7 GB) - (Type=0B) ==================== End Of Log ============================ Guten morgen Schrauber , habe eben noch mal den FRST.txt und Addition.txt gepostet und poste gleich noch mal den letzten Log.txt von Eset ! Ich Unternehme erst mal nichts weiter glg cafee Hier der letzte Log von Eset = ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=d19d6d2f410c8242aedb530bcc321260 # engine=17988 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-04-23 12:45:48 # local_time=2014-04-23 02:45:48 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=5893 16776574 100 94 333967 37977439 0 0 # scanned=309371 # found=0 # cleaned=0 # scan_time=9498 # nod_component=V3 Build:0x30000000 Vorhin als hier online war und in meinem GMX Account wo ich nach mails schaute stürzte der Mozilla Firefox ab und nix mehr ging mehr weder Maus oder Tastaturbefehle ! Es blieb bloß noch den Pc vom Netz trennen und Pc ausschalten. Fuhr ihn danach hoch ohne Netz und ging eben online bei GMX wo ich dann diese mail fand = Liebes GMX Mitglied, eine an Sie adressierte E-Mail wurde von unserem Virenscanner als gefährlich eingestuft. Um weiteren Schaden für Sie auszuschließen, wurde die E-Mail gelöscht. Es folgen Details zu der betroffenen E-Mail: Von: "Juliana Gold" <randomizedos205@altria.com> An: <w.ilyan@gmx.de> Datum: Thu, 24 Apr 2014 12:32:34 +0000 Betreff: Payment notice #107880 Falls Ihnen der Absender persönlich bekannt ist, sollten Sie sich mit ihm in Verbindung setzen und ihn darauf hinweisen, dass sein PC wahrscheinlich von einem Virus befallen ist. Die Einstellungen zu Ihrem GMX Virenscanner können Sie jederzeit unter Optionen/Virenschutz anpassen. Ihr GMX Team [ Dies ist eine automatisch generierte Nachricht, bitte antworten Sie nicht an diesen Absender. Weitere Informationen finden Sie in der Online-Hilfe unter h..p://faq.gmx.net ] das war schon Merkwürdig denn ich kenne diese Frau nicht , hatte nach dem Absturz das Passwort geändert was ich gestern schon tat und 3 Einlogversuche waren ! |
25.04.2014, 18:42 | #9 |
/// the machine /// TB-Ausbilder | immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC Das ist einfach ne Spam Mail mit Malware, die bekommt man halt einfach so. Irgendwie arte ich noch auf das Log von ESET mit den abermillionen bösen Funden
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu immer wieder selbsterstellender Ordner auf dem Desktop : Name = Continue Vuu PC |
79bjm5me7g.exe (trojan.vupx.gen), avast, bericht, besten, continue, desktop, downloader, escan, eset, installation, java, log, maus, neustart, nicht mehr, nichts, onlinescan, ordner, probleme, scan, seite, spybot, temp, update, version, virus, windows |