| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
| |
07.05.2014, 17:19
| #1 |
| |  Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. Hallo erstmal, Ich weiß gar nicht ob sie es schon... ach lassen wir das :P Mein Name ist Luca und Luca hat ein Problem. Ich bin volkommen neu hier und das ist das erste Forum das ich besuche. Mein Problem ist dass ich aufeinmal (warscheinlich nicht aufeinmal sondern durch irgendwas dummes  ) eine Meldung nach Start meines pc´s bekomme: "regsvr32 fehler beim laden des moduls "C:\ProgramData\vaqljsh.dat"". seitdem ich diese meldung das erste mal gesehen habe kann ich avast nicht starten und Malwarebytes Anti-Malware. sie werden von einer "Gruppenrichtlinie" blockiert. ich soll den administrator fragen.. gute idee wenn ich dieser bin!  ich will nicht dran rum fummeln bis was kaputt geht deswegen frag ich euch!Ich habe Win7 Ultimate (vorher noch keine probleme gehabt) und wie gesagt ich hab keine ahnung wie das hier abläuft also sagt mir was ihr noch braucht wenn was fehlt. schonmal danke im vorraus, Mfg.: Luca   |
|
07.05.2014, 17:44
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  | Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweise: Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean  bist.Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Das dauert dann zwar ein paar Stunden länger, garantiert aber, dass Du kompetente Hilfe und geprüfte Antworten bekommst. Siehe hier... Ich bedanke mich für Deine Geduld! Schritt 1 (Scan mit FRST) Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
07.05.2014, 18:19
| #3 |
| | Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. wow das ging schnell
__________________ sieht warscheinlich grausam aus für jemanden der ahnung hat. aus fehlern lernt man  hier die angeforderten logs: FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-05-2014
Ran by Luca (administrator) on LUCA-PC on 07-05-2014 19:10:11
Running from C:\Users\Luca\Downloads
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AVAST Software) C:\Program Files\AVAST Software\AAvast\AvastSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Dropbox, Inc.) C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Game Inc.) C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [GamingKeyboard] => C:\Program Files (x86)\SHARKOON Skiller\GameMon.exe [1803264 2012-06-07] (Game Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\AAvast\AvastUI.exe [3854640 2014-03-23] (AVAST Software)
HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Run: [vaqljsh] => regsvr32.exe "C:\ProgramData\vaqljsh.dat"
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\MountPoints2: {b4bb2a58-5469-11e2-a6e8-60a44ccaf0fb} - E:\INSTALL.EXE
Startup: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Luca\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7DDB4D4F6AE8CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/my_homepage/1024/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1320&r=2013/11/15&hid=2996348407604931384&lg=EN&cc=DE&unqvl=41
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-flv
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: IETabPage Class - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\AAvast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll No File
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default
FF user.js: detected! => C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @java.com/DTPlugin,version=10.40.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\iminent.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\qone8.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}_1122628946 [2014-05-06]
FF Extension: Video HTML5 HD Pro - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{08a20c7f-a810-448b-94fc-8407ad3dabec}.xpi [2013-10-24]
FF Extension: {418ca559-fba6-4b42-8da2-29b33ea08908} - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{418ca559-fba6-4b42-8da2-29b33ea08908}.xpi [2013-09-20]
FF Extension: Adblock Plus - C:\Users\Luca\AppData\Roaming\Mozilla\Firefox\Profiles\q0vwgvrm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-12]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\AAvast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\AAvast\WebRep\FF [2014-03-23]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
Chrome:
=======
CHR HomePage: hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
CHR StartupUrls: "https://www.youtube.com/watch?v=6PZKNrDys88"
CHR Extension: (Google Drive) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-04]
CHR Extension: (YouTube) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-04]
CHR Extension: (Adblock Plus) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-05]
CHR Extension: (Google-Suche) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-04]
CHR Extension: (Google Wallet) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-04]
CHR Extension: (Google Mail) - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-25]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\AAvast\WebRep\Chrome\aswWebRepChrome.crx [2014-03-23]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Luca\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2014-04-11]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\Luca\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-04-06]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\AAvast\AvastSvc.exe [50344 2014-03-23] (AVAST Software)
S4 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [49152 2014-03-02] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [705136 2014-04-11] (Cherished Technololgy LIMITED)
S4 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe [289256 2014-01-16] (McAfee, Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-21] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-27] ()
S4 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-04-06] (Cherished Technololgy LIMITED)
==================== Drivers (Whitelisted) ====================
S3 AIDA64Driver; C:\Program Files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [32088 2013-06-02] ()
S3 androidusb; C:\Windows\System32\Drivers\wsadb.sys [40808 2014-03-27] (Google Inc)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-03-23] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-03-23] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-03-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-03-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-03-23] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [84816 2014-03-23] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208928 2014-03-23] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-09-12] (DT Soft Ltd)
R3 GameKB; C:\Windows\System32\drivers\GameKB.sys [27648 2012-05-11] ()
R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [117912 2012-11-19] (Qualcomm Atheros Co., Ltd.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R3 SaiK1709; C:\Windows\System32\DRIVERS\SaiK1709.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1709; C:\Windows\System32\DRIVERS\SaiU1709.sys [47168 2012-09-20] (Saitek)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
U0 SR;
U2 srservice;
S3 XFDriver64; \??\C:\Program Files (x86)\Xfire2\XFDriver64.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-07 19:10 - 2014-05-07 19:10 - 00030038 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-07 19:10 - 2014-05-07 19:10 - 00000000 ____D () C:\FRST
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 17:31 - 2014-05-07 17:32 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:07 - 2014-05-06 14:08 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 14:02 - 2014-05-06 14:02 - 00032336 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:44 - 2014-05-06 13:48 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:40 - 2014-05-06 13:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:40 - 2014-05-06 13:39 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:40 - 2014-04-25 14:49 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:42 - 2014-05-05 19:43 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 16:52 - 2014-05-05 17:29 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 14:55 - 2014-05-05 15:00 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 03:57 - 2014-04-24 04:35 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:13 - 2014-04-23 13:23 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-15 21:08 - 2014-04-15 21:56 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:04 - 2014-04-15 21:05 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-05-05 14:34 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-05-06 23:06 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:12 - 2014-04-09 20:13 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:28 - 2014-04-09 14:29 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe
==================== One Month Modified Files and Folders =======
2014-05-07 19:10 - 2014-05-07 19:10 - 00030038 _____ () C:\Users\Luca\Downloads\FRST.txt
2014-05-07 19:10 - 2014-05-07 19:10 - 00000000 ____D () C:\FRST
2014-05-07 19:09 - 2014-05-07 19:09 - 02063872 _____ (Farbar) C:\Users\Luca\Downloads\FRST64.exe
2014-05-07 19:02 - 2014-01-04 01:39 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-07 18:27 - 2013-09-12 18:47 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-07 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-07 18:18 - 2009-07-14 06:45 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-07 17:42 - 2013-01-01 23:38 - 00606284 _____ () C:\Windows\WindowsUpdate.log
2014-05-07 17:33 - 2013-11-16 15:06 - 00000000 ___RD () C:\Users\Luca\Dropbox
2014-05-07 17:33 - 2013-11-16 15:01 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Dropbox
2014-05-07 17:32 - 2014-05-07 17:31 - 00000374 _____ () C:\Users\Luca\Desktop\Neues Textdokument (3).txt
2014-05-07 17:32 - 2014-03-22 17:21 - 00031366 _____ () C:\Windows\setupact.log
2014-05-07 17:32 - 2014-01-04 01:39 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-07 17:32 - 2013-09-13 08:39 - 00230102 _____ () C:\Windows\PFRO.log
2014-05-07 17:32 - 2013-01-02 00:00 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-07 17:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-07 14:48 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-05-06 23:06 - 2014-04-12 23:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Spotify
2014-05-06 14:09 - 2014-05-06 14:09 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-05-06 14:09 - 2014-05-06 14:09 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-05-06 14:09 - 2014-05-06 14:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-05-06 14:08 - 2014-05-06 14:07 - 24625644 _____ () C:\Users\Luca\Downloads\mse-install45.zip
2014-05-06 14:07 - 2014-05-06 14:07 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Microsoft Security Essentials - CHIP-Downloader.exe
2014-05-06 14:02 - 2014-05-06 14:02 - 00032336 _____ () C:\Users\Luca\Downloads\Addition.txt
2014-05-06 13:54 - 2014-05-06 13:54 - 00000480 _____ () C:\Users\Luca\Downloads\defogger_disable.log
2014-05-06 13:49 - 2013-10-18 17:31 - 00000000 ____D () C:\Windows\Minidump
2014-05-06 13:49 - 2013-01-01 23:29 - 00304282 ____N () C:\Windows\Minidump\050614-19468-01.dmp
2014-05-06 13:48 - 2014-05-06 13:44 - 00000000 ____D () C:\Users\Luca\AppData\Local\lptmp1067569924
2014-05-06 13:48 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-06 13:47 - 2014-05-06 13:40 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Systweak
2014-05-06 13:45 - 2013-09-12 23:45 - 00000000 ____D () C:\Users\Luca\Desktop\Games
2014-05-06 13:45 - 2013-01-02 00:14 - 00000000 ____D () C:\Users\Luca\Desktop\Programme
2014-05-06 13:39 - 2014-05-06 13:40 - 05249448 _____ (ParetoLogic Inc.) C:\Users\Luca\Downloads\ParetoLogic%20PC%20Health%20Advisor_de.exe
2014-05-06 13:39 - 2014-05-06 13:39 - 00641568 _____ () C:\Users\Luca\Downloads\download-pc-health-advisor.exe
2014-05-06 13:35 - 2014-05-06 13:35 - 00610769 _____ () C:\Users\Luca\Downloads\depends22_x86.zip
2014-05-06 00:00 - 2013-09-12 18:34 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Azureus
2014-05-05 19:43 - 2014-05-05 19:43 - 00001206 _____ () C:\Users\Luca\Desktop\CINEMA 4D Demo 64 Bit.lnk
2014-05-05 19:43 - 2014-05-05 19:42 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXON
2014-05-05 19:43 - 2013-12-09 15:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\MAXON
2014-05-05 19:37 - 2013-09-29 14:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-05 19:36 - 2014-01-15 14:10 - 00000000 ____D () C:\Program Files\MAXON
2014-05-05 17:29 - 2014-05-05 16:52 - 2958994837 _____ () C:\Users\Luca\Downloads\installer_r15_demo.zip
2014-05-05 17:06 - 2013-01-01 23:39 - 00000000 ___RD () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-05 16:58 - 2013-09-13 16:21 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-05 16:58 - 2013-09-12 18:47 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Adobe
2014-05-05 16:34 - 2013-09-14 02:00 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-05 16:15 - 2014-04-04 19:37 - 00000000 ____D () C:\Users\Luca\AppData\Local\Battle.net
2014-05-05 15:22 - 2014-05-05 15:22 - 00002040 _____ () C:\Users\Public\Desktop\FL Studio 11.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00001138 _____ () C:\Users\Luca\Desktop\ASIO4ALL v2 Instruction Manual.lnk
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2014-05-05 15:22 - 2014-05-05 15:22 - 00000000 ____D () C:\Program Files (x86)\ASIO4ALL v2
2014-05-05 15:21 - 2013-09-13 18:50 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-05-05 15:20 - 2013-11-06 17:46 - 00000000 ____D () C:\Program Files\Image-Line
2014-05-05 15:20 - 2013-11-06 17:42 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-05-05 15:19 - 2013-09-13 15:00 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-05-05 15:10 - 2013-09-18 19:11 - 00000000 ____D () C:\Users\Luca\Desktop\Aufnahme
2014-05-05 15:00 - 2014-05-05 14:55 - 323060176 _____ (Image-Line) C:\Users\Luca\Downloads\flstudio_11.1.exe
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11.zip
2014-05-05 14:50 - 2014-05-05 14:50 - 00033396 _____ () C:\Users\Luca\Downloads\Private eXploit Generator v11 (1).zip
2014-05-05 14:34 - 2014-04-12 23:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Spotify
2014-05-03 20:57 - 2013-11-10 02:24 - 00000000 ____D () C:\Users\Luca\Desktop\C4D,PS,AE
2014-05-03 16:26 - 2013-09-15 16:33 - 00000000 ____D () C:\Users\Luca\AppData\Local\CrashDumps
2014-05-03 16:25 - 2013-09-12 18:52 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Skype
2014-05-03 03:12 - 2014-05-03 03:12 - 00000000 ____D () C:\Users\Luca\Desktop\neue hacke
2014-05-03 02:37 - 2014-05-03 02:37 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DropboxMaster
2014-05-03 02:36 - 2013-11-16 15:04 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-02 14:09 - 2014-04-04 19:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-30 13:57 - 2013-09-12 18:47 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-30 13:57 - 2013-09-12 18:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-30 13:57 - 2013-09-12 18:47 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-30 13:57 - 2013-09-12 18:46 - 00000000 ____D () C:\Users\Luca\AppData\Local\Adobe
2014-04-29 18:03 - 2013-10-26 23:12 - 00007600 _____ () C:\Users\Luca\AppData\Local\Resmon.ResmonCfg
2014-04-28 16:05 - 2014-01-01 19:21 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-28 16:05 - 2013-09-20 17:23 - 00291760 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-28 16:02 - 2014-01-01 19:21 - 00291488 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-28 15:55 - 2014-04-28 15:55 - 00001189 _____ () C:\Users\Luca\Desktop\The Elder Scrolls V Skyrim (2).lnk
2014-04-27 19:14 - 2014-03-20 16:09 - 00000000 ____D () C:\Users\Luca\Desktop\Luca´s music Playground
2014-04-27 19:12 - 2014-04-27 19:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Cloud Downloader - CHIP-Downloader.exe
2014-04-27 19:12 - 2014-04-27 19:12 - 00003172 _____ () C:\Windows\System32\Tasks\{D34DEE04-6854-467A-9CD6-7FA76AAFB58C}
2014-04-27 17:47 - 2014-02-03 18:13 - 00000000 ____D () C:\Users\Luca\.gimp-2.8
2014-04-27 17:44 - 2013-11-30 17:45 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\.technic
2014-04-27 17:02 - 2014-04-27 17:02 - 00018727 _____ () C:\Users\Luca\AppData\Local\recently-used.xbel
2014-04-27 02:17 - 2014-02-03 18:31 - 00000000 ____D () C:\Users\Luca\AppData\Local\gtk-2.0
2014-04-27 01:15 - 2013-09-20 17:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\PunkBuster
2014-04-27 01:13 - 2014-04-27 01:13 - 00000000 ____D () C:\Users\Luca\AppData\Local\Ubisoft
2014-04-27 01:13 - 2013-09-20 17:22 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-26 19:55 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-26 18:04 - 2013-10-26 15:15 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-04-26 02:41 - 2014-04-26 02:41 - 00000446 __RSH () C:\ProgramData\ntuser.pol
2014-04-26 02:41 - 2014-04-26 02:41 - 00000000 ____D () C:\usb_driver
2014-04-26 02:41 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-04-25 22:03 - 2013-01-01 23:29 - 00304354 ____N () C:\Windows\Minidump\042514-11107-01.dmp
2014-04-25 14:49 - 2014-05-06 13:40 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-04-24 20:58 - 2013-12-23 22:36 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\TS3Client
2014-04-24 20:06 - 2014-04-24 20:06 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfCoInstaller01007.dll
2014-04-24 20:06 - 2014-04-24 20:06 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WinUSBCoInstaller.dll
2014-04-24 20:05 - 2013-01-01 23:38 - 00000000 ____D () C:\Users\Luca
2014-04-24 19:20 - 2014-04-24 19:20 - 02056192 _____ () C:\Users\Luca\Downloads\CMInstaller.msi
2014-04-24 04:35 - 2014-04-24 03:57 - 1689175370 _____ () C:\Users\Luca\Desktop\diablo take 2_x264.avi
2014-04-23 17:09 - 2014-04-23 17:09 - 00187454 _____ () C:\Users\Luca\Desktop\jhg.wav
2014-04-23 17:07 - 2014-04-23 17:07 - 01730814 _____ () C:\Users\Luca\Desktop\sorey.wav
2014-04-23 16:47 - 2014-04-23 16:47 - 00038589 _____ () C:\Users\Luca\Desktop\treetwonimmseinfach.camproj
2014-04-23 13:23 - 2014-04-23 13:23 - 00000000 ____D () C:\Users\Luca\AppData\Local\Blizzard
2014-04-23 13:23 - 2014-04-23 13:13 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-23 13:13 - 2014-04-23 13:13 - 00001157 _____ () C:\Users\Public\Desktop\Hearthstone.lnk
2014-04-23 13:13 - 2014-04-23 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-04-23 13:05 - 2014-03-23 13:01 - 00004184 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-04-23 13:05 - 2009-07-14 06:45 - 05064080 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-23 04:03 - 2014-02-13 22:16 - 00000000 ____D () C:\Users\Luca\AppData\Local\DayZ
2014-04-23 02:35 - 2013-01-02 00:13 - 00095896 _____ () C:\Users\Luca\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-23 01:18 - 2014-04-23 01:18 - 00377992 _____ () C:\Users\Luca\Desktop\luv.xcf
2014-04-23 01:10 - 2014-04-23 01:10 - 00021452 _____ () C:\Users\Luca\Downloads\riesling.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00077675 _____ () C:\Users\Luca\Downloads\young_beautiful.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00028978 _____ () C:\Users\Luca\Downloads\mademoiselle_k.zip
2014-04-23 01:09 - 2014-04-23 01:09 - 00024871 _____ () C:\Users\Luca\Downloads\angelique_ma_douce_colombe.zip
2014-04-22 20:39 - 2014-02-06 21:41 - 02346942 _____ () C:\Users\Luca\Downloads\TechnicLauncher.exe
2014-04-22 16:32 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-04-22 16:32 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-04-22 16:32 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-21 16:35 - 2014-04-21 16:35 - 00000043 _____ () C:\Users\Luca\Desktop\Neues Textdokument (2).txt
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shutdown4U
2014-04-20 01:02 - 2014-04-20 01:02 - 00000000 ____D () C:\Program Files\Shutdown4U
2014-04-20 01:01 - 2014-04-20 01:01 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\Shutdown4U - CHIP-Downloader.exe
2014-04-19 22:12 - 2014-04-19 22:12 - 00613200 _____ (Chip Digital GmbH) C:\Users\Luca\Downloads\335.23-desktop-win8-win7-winvista-64bit-international-whql - CHIP-Downloader.exe
2014-04-18 03:25 - 2013-01-01 23:29 - 00304474 ____N () C:\Windows\Minidump\041814-12152-01.dmp
2014-04-17 14:11 - 2013-09-12 18:52 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-15 21:56 - 2014-04-15 21:08 - 861531398 _____ () C:\Users\Luca\Downloads\l4d2_2013-patch_2.1.3.5_nosTEAM.exe
2014-04-15 21:05 - 2014-04-15 21:04 - 55094501 _____ () C:\Users\Luca\Downloads\l4d2_2013_nosTEAM.zip
2014-04-14 05:28 - 2014-04-01 00:31 - 00692376 _____ () C:\Users\Luca\Desktop\hardcorenminimal.xcf
2014-04-14 05:22 - 2014-04-14 05:22 - 00270478 _____ () C:\Users\Luca\Downloads\Water_Drop_by_SilverRose_Stock.zip
2014-04-14 05:02 - 2014-04-14 05:02 - 05679379 _____ () C:\Users\Luca\Downloads\lion_ornament_doorknobs_png_by_m10tje-d4hu6sq.rar
2014-04-14 04:49 - 2014-04-14 04:49 - 02969821 _____ () C:\Users\Luca\Desktop\Unbenannt.xcf
2014-04-14 04:48 - 2014-04-14 04:48 - 04444933 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Runes_Brushes_by_Project_GimpBC.zip
2014-04-14 04:41 - 2014-04-14 04:41 - 04366325 _____ () C:\Users\Luca\Downloads\GIMP_Arcane_Circles_Brushes_by_Project_GimpBC.zip
2014-04-14 04:28 - 2014-04-14 04:28 - 02194142 _____ () C:\Users\Luca\Downloads\photoshop_tech_brushes_by_fortelegy-d46q07z.zip
2014-04-14 04:27 - 2014-04-14 04:27 - 00459583 _____ () C:\Users\Luca\Downloads\Bullet_Holes_Brushes_by_redheadstock.zip
2014-04-13 04:37 - 2014-04-04 19:54 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-13 01:17 - 2014-04-13 01:17 - 00533648 _____ () C:\Users\Luca\Downloads\HDvid-codec-Chrome (1).exe
2014-04-12 23:23 - 2014-04-12 23:23 - 00001785 _____ () C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-04-12 23:22 - 2014-04-12 23:22 - 00126112 _____ (Spotify Ltd) C:\Users\Luca\Downloads\SpotifySetup.exe
2014-04-11 11:27 - 2014-04-06 01:38 - 00000000 ____D () C:\ProgramData\IePluginService
2014-04-10 21:44 - 2014-04-10 21:44 - 00000000 _____ () C:\Users\Luca\Desktop\Neues Textdokument.txt
2014-04-09 23:39 - 2014-04-09 23:39 - 00068923 _____ () C:\Users\Luca\Desktop\payday5 unrendered.camproj
2014-04-09 22:16 - 2014-04-09 22:16 - 07074573 _____ () C:\Users\Luca\Desktop\diablo three wan (Frame 0_11_38;26).xcf
2014-04-09 21:18 - 2013-10-05 20:41 - 00000000 ____D () C:\Games
2014-04-09 21:18 - 2013-09-17 17:42 - 00000000 ____D () C:\Users\Luca\Documents\My Games
2014-04-09 20:55 - 2014-04-09 20:55 - 00086944 _____ () C:\Users\Luca\Downloads\ice_sticks.zip
2014-04-09 20:53 - 2014-04-09 20:53 - 00029718 _____ () C:\Users\Luca\Downloads\winterice.zip
2014-04-09 20:13 - 2014-04-09 20:12 - 31429160 _____ (Any-Video-Converter.com ) C:\Users\Luca\Downloads\avc-free (3).exe
2014-04-09 19:20 - 2014-04-09 19:20 - 00063487 _____ () C:\Users\Luca\Desktop\diablo three wan two.camproj
2014-04-09 19:20 - 2014-04-09 19:20 - 00020158 _____ () C:\Users\Luca\Desktop\diablo three wan two 4.camproj
2014-04-09 14:53 - 2014-04-09 14:53 - 00042969 _____ () C:\Users\Luca\Desktop\diablo three wan.camproj
2014-04-09 14:29 - 2014-04-09 14:28 - 24126958 _____ () C:\Users\Luca\Desktop\Diablo 3 Cinematic Trailer deutsch HD.avi
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-04-09 14:25 - 2013-11-10 02:04 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-04-09 14:25 - 2013-10-09 15:26 - 00000000 ____D () C:\Users\Luca\AppData\Roaming\DVDVideoSoft
2014-04-09 14:21 - 2014-04-09 14:21 - 00636688 _____ () C:\Users\Luca\Downloads\FreeYouTubeDownload (1).exe
Some content of TEMP:
====================
C:\Users\Luca\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumsydl.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2013-01-01 23:42] - [2011-02-25 08:36] - 0295296 ____A (Microsoft Corporation) C9D0EAF58D6BA71E128E715EA43AD87D
LastRegBack: 2014-05-01 14:43
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-05-2014
Ran by Luca at 2014-05-07 19:10:34
Running from C:\Users\Luca\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Premiere Pro CC (HKLM-x32\...\{505FF1AC-E7F5-4462-BBA7-08900E7E9EEF}) (Version: 7.2.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
AIDA64 Extreme Edition v3.00 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 3.00 - FinalWire Ltd.)
Any Video Converter 5.5.8 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2016 - Avast Software)
AVS Video ReMaker 4.3.1.161 (HKLM-x32\...\AVS Video ReMaker_is1) (Version: 4.3.1.161 - Online Media Technologies Ltd.)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - )
Borderlands 2 (HKLM-x32\...\Steam App 49520) (Version: - Gearbox Software)
Camtasia Studio 8 (HKLM-x32\...\{F5C9BE9A-04C3-4A72-8CD0-BB67C722D608}) (Version: 8.1.2.1344 - TechSmith Corporation)
CINEMA 4D Demo 15.057 (HKLM\...\MAXONE03ECA7E) (Version: 15.057 - MAXON Computer GmbH)
Counter-Strike: Source (HKLM-x32\...\Counter-Strike: Source) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.47.1.0333 - Disc Soft Ltd)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dragon's Prophet (EU) (HKLM-x32\...\Steam App 259020) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version: - )
Free YouTube Download version 3.2.32.327 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.2.32.327 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.30.319 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.30.319 - DVDVideoSoft Ltd.)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2884 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
Java 7 Update 40 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417040FF}) (Version: 7.0.400 - Oracle)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.141.11 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 RC (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50861 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 RC (Version: 4.5.50861 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{9634d50a-0c4d-4f52-8a9f-894a2baae370}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
MSI Afterburner 2.3.1 (HKLM-x32\...\Afterburner) (Version: 2.3.1 - MSI Co., LTD)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
Need For Speed™ World (HKLM-x32\...\{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1) (Version: 1.0.0.659 - Electronic Arts)
Neverwinter (HKLM-x32\...\Steam App 109600) (Version: - Cryptic Studios)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.5.2 - Notepad++ Team)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.5.195 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version: - OVERKILL - a Starbreeze Studio.)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PlanetSide 2 (HKLM-x32\...\Steam App 218230) (Version: - Sony Online Entertainment)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Qualcomm Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6873 - Realtek Semiconductor Corp.)
RIFT™ (HKLM-x32\...\Steam App 39120) (Version: - Trion Worlds)
Rust (HKLM-x32\...\Steam App 252490) (Version: - Facepunch Studios)
SAMSUNG Android USB Modem Software (HKLM\...\SAMSUNG Android USB Modem) (Version: V5.28.2.1 - )
Sauerbraten (HKLM-x32\...\Sauerbraten) (Version: - )
SHARKOON Skiller (HKLM-x32\...\{91C25547-9534-41A5-823A-1E54BA16EA3F}) (Version: 1.00.0000 - )
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
Shutdown4U (HKLM-x32\...\Shutdown4U) (Version: - )
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 1.0.0.0 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.24951 - TeamViewer)
TextMaker Viewer (HKLM-x32\...\TextMaker Viewer) (Version: - SoftMaker Software GmbH)
The Mighty Quest For Epic Loot (HKLM-x32\...\Steam App 239220) (Version: - Ubisoft Montreal)
Tom Clancy's Ghost Recon Phantoms - EU (HKLM-x32\...\Steam App 272350) (Version: - Ubisoft Singapore)
Tor (remove only) (HKLM-x32\...\Tor) (Version: - )
TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.2.0.0 - Azureus Software, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666 - Nullsoft, Inc)
WinRAR 5.00 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2013-09-20 17:01 - 2011-12-22 16:11 - 00000833 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {16316755-0DBF-41E5-A9A1-C20F7EC10265} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {2BC8F961-CCF9-4E20-AD88-DA4002E60D45} - System32\Tasks\Red Giant Link => C:\Program Files (x86)\Red Giant Link\Red Giant Link.exe
Task: {51CFC7AC-0595-4673-A78B-22A2EE3863C5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-01-04] (Google Inc.)
Task: {A6B799F4-F654-4A68-B93F-10C0FE78C89A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-30] (Adobe Systems Incorporated)
Task: {B0D692B1-ECE6-47D5-BC64-2EBAD9DC4AC4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\AAvast\AvastEmUpdate.exe [2014-03-23] (AVAST Software)
Task: {F7C95EEE-8CE9-4AF5-B6C6-0D32207E016D} - System32\Tasks\AdobeAAMUpdater-1.0-Luca-PC-Luca => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-20 17:22 - 2014-04-27 01:13 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-05-07 12:31 - 2014-05-07 12:31 - 02253312 _____ () C:\Program Files\AVAST Software\AAvast\defs\14050700\algo.dll
2014-05-07 17:33 - 2014-05-07 17:33 - 00041984 _____ () c:\users\luca\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpumsydl.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 _____ () C:\Users\Luca\AppData\Roaming\Dropbox\bin\libcef.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2014-04-30 15:04 - 2014-04-24 02:33 - 13692232 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.131\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
==================== EXE Association (whitelisted) =============
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: BEService => 3
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: FileZilla Server => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\Services: IePluginService => 2
MSCONFIG\Services: LMIGuardianSvc => 2
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: MpsSvc => 2
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer8 => 2
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: TermService => 3
MSCONFIG\Services: VSS => 3
MSCONFIG\Services: WinDefend => 2
MSCONFIG\Services: Wpm => 2
MSCONFIG\Services: wuauserv => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip => C:\Windows\pss\CurseClientStartup.ccip.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Luca^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Xfire2.lnk => C:\Windows\pss\Xfire2.lnk.Startup
MSCONFIG\startupreg: 20131121 => C:\Program Files\AVAST Software\Avast\setup\emupdate\d7b75d88-4a8c-4970-ad30-67d2d5f9da39.exe /check
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: Battle.net => "C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe" --autostarted
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: EADM => "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
MSCONFIG\startupreg: FileZilla Server Interface => "C:\Program Files (x86)\FileZilla Server\FileZilla Server Interface.exe"
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Nvtmru => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
MSCONFIG\startupreg: Overwolf => C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
MSCONFIG\startupreg: ProfilerU => C:\Program Files\SmartTechnology\Software\ProfilerU.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RocketDock => "C:\Program Files (x86)\RocketDock\RocketDock.exe"
MSCONFIG\startupreg: SaiMfd => C:\Program Files\SmartTechnology\Software\SaiMfd.exe
MSCONFIG\startupreg: se => "C:\Users\Luca\AppData\Roaming\SkypEmoticons\SE.exe" /minimized
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Luca\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: Xfire => C:\Program Files (x86)\Xfire2\Xfire.exe
==================== Faulty Device Manager Devices =============
Name: USB Camera-B4.04.27.1
Description: USB Camera-B4.04.27.1
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm chrome.exe, Version 34.0.1847.131 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 660
Startzeit: 01cf695970ddb1d7
Endzeit: 16
Anwendungspfad: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Berichts-ID: bb79540f-d54c-11e3-acbc-60a44ccaf0fb
Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: Volumeschattenkopie-Dienstfehler: Beim Aufrufen von Routine "CoCreateInstance" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
.
Vorgang:
VSS-Server wird instanziiert
Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: Volumenschattenkopie-Dienst-Informationen: Der COM-Server mit CLSID {e579ab5f-1cc4-44b4-bed9-de0991ff0623} und dem Namen "IVssCoordinatorEx2" kann nicht gestartet werden. [0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
]
Vorgang:
VSS-Server wird instanziiert
Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm Skype.exe, Version 6.14.0.104 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: adc
Startzeit: 01cf685e34e25564
Endzeit: 150
Anwendungspfad: C:\Program Files (x86)\Skype\Phone\Skype.exe
Berichts-ID:
Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
Error: (05/03/2014 04:37:25 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm firefox.exe, Version 27.0.1.5156 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1640
Startzeit: 01cf66dd0c5bcba3
Endzeit: 18
Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Berichts-ID: 6f975c06-d2d0-11e3-98a4-60a44ccaf0fb
Error: (05/03/2014 04:26:09 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: NvBackend.exe, Version: 11.10.11.1, Zeitstempel: 0x52ddc011
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc00000fd
Fehleroffset: 0x74f1e254
ID des fehlerhaften Prozesses: 0xa88
Startzeit der fehlerhaften Anwendung: 0xNvBackend.exe0
Pfad der fehlerhaften Anwendung: NvBackend.exe1
Pfad des fehlerhaften Moduls: NvBackend.exe2
Berichtskennung: NvBackend.exe3
Error: (05/02/2014 09:25:49 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.
System errors:
=============
Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Error: (05/07/2014 05:43:14 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion:
Aktualisierungsquelle: %NT-AUTORITÄT15
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/07/2014 05:42:58 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.173.1428.0
Aktualisierungsquelle: %NT-AUTORITÄT59
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\SYSTEM
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 1.173.1428.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0
Aktualisierungsquelle: %NT-AUTORITÄT51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Fehlercode: %NT-AUTORITÄT601
Fehlerbeschreibung: %NT-AUTORITÄT602
Error: (05/06/2014 02:12:16 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %NT-AUTORITÄT60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion:
Aktualisierungsquelle: %NT-AUTORITÄT15
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %NT-AUTORITÄT602
Aktualisierungstyp: %NT-AUTORITÄT604
Benutzer: NT-AUTORITÄT\NETZWERKDIENST
Aktuelle Modulversion: %NT-AUTORITÄT605
Vorherige Modulversion: %NT-AUTORITÄT606
Fehlercode: %NT-AUTORITÄT607
Fehlerbeschreibung: %NT-AUTORITÄT608
Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2001)
Description: Beim Aktualisieren der Signaturen wurde von %Luca-PC60 ein Fehler festgestellt.
Neue Signaturversion:
Vorherige Signaturversion: 0.0.0.0
Aktualisierungsquelle: %Luca-PC51
Aktualisierungsphase: 4.5.0216.00
Quellpfad: 4.5.0216.01
Signaturtyp: %Luca-PC602
Aktualisierungstyp: %Luca-PC604
Benutzer: Luca-PC\Luca
Aktuelle Modulversion: %Luca-PC605
Vorherige Modulversion: %Luca-PC606
Fehlercode: %Luca-PC607
Fehlerbeschreibung: %Luca-PC608
Error: (05/06/2014 02:11:50 PM) (Source: Microsoft Antimalware) (User: ) (EventID: 2003)
Description: Beim Aktualisieren des Moduls wurde von %Luca-PC60 ein Fehler festgestellt.
Neue Modulversion:
Vorherige Modulversion:
Modultyp: %Luca-PC604
Benutzer: Luca-PC\Luca
Fehlercode: %Luca-PC601
Fehlerbeschreibung: %Luca-PC602
Microsoft Office Sessions:
=========================
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/07/2014 07:10:36 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/06/2014 08:32:19 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: chrome.exe34.0.1847.13166001cf695970ddb1d716C:\Program Files (x86)\Google\Chrome\Application\chrome.exebb79540f-d54c-11e3-acbc-60a44ccaf0fb
Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 8193)
Description: CoCreateInstance0x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/06/2014 02:02:18 PM) (Source: VSS) (User: ) (EventID: 13)
Description: {e579ab5f-1cc4-44b4-bed9-de0991ff0623}IVssCoordinatorEx20x80070422, Der angegebene Dienst kann nicht gestartet werden. Er ist deaktiviert oder nicht mit aktivierten Geräten verbunden.
Vorgang:
VSS-Server wird instanziiert
Error: (05/05/2014 04:17:45 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Skype.exe6.14.0.104adc01cf685e34e25564150C:\Program Files (x86)\Skype\Phone\Skype.exe
Error: (05/03/2014 07:33:47 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0
Error: (05/03/2014 04:37:25 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: firefox.exe27.0.1.5156164001cf66dd0c5bcba318C:\Program Files (x86)\Mozilla Firefox\firefox.exe6f975c06-d2d0-11e3-98a4-60a44ccaf0fb
Error: (05/03/2014 04:26:09 PM) (Source: Application Error) (User: ) (EventID: 1000)
Description: NvBackend.exe11.10.11.152ddc011unknown0.0.0.000000000c00000fd74f1e254a8801cf66db683db9bcC:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeunknownde498461-d2ce-11e3-98a4-60a44ccaf0fb
Error: (05/02/2014 09:25:49 PM) (Source: SideBySide) (User: ) (EventID: 59)
Description: c:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exec:\program files (x86)\Steam\steamapps\common\borderlands 2\Binaries\Win32\Launcher.exe.Config0
==================== Memory info ===========================
Percentage of memory in use: 51%
Total physical RAM: 4042.17 MB
Available physical RAM: 1963.02 MB
Total Pagefile: 8082.48 MB
Available Pagefile: 5805.8 MB
Total Virtual: 8192 MB
Available Virtual: 8191.78 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:152.71 GB) NTFS
Drive d: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.08 GB) NTFS
Drive f: () (Fixed) (Total:465.66 GB) (Free:365.34 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 0AA6531E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 72DB2739)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.05.2014, 18:31
| #4 | |
| /// TB-Ausbilder /// Anleitungs-Guru | Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang.Zitat:
 Liege aber sowieso krank im Bett, da kann ich Deine Logs gut studieren...
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
07.05.2014, 18:37
| #5 |
| | Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. haha oh gott dann gute besserung! Und danke für die mühen |
|
08.05.2014, 09:23
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. Danke und Hallo, so gehts weiter: Schritt 1   Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code:
ATTFilter HKLM Group Policy restriction on software: C:\Program Files (x86)\Malwarebytes' Anti-Malware <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\.DEFAULT\...\Policies\system: [DisableCMD] 0
HKU\.DEFAULT\...\Policies\system: [NoDispAppearancePage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispBackgroundPage] 0
HKU\.DEFAULT\...\Policies\system: [NoDispSettingsPage] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\.DEFAULT\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFind] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoFile] 0
HKU\.DEFAULT\...\Policies\Explorer: [HideClock] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetFolders] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoDFSTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoLogoff] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoSaveSettings] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoHardwareTab] 0
HKU\.DEFAULT\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Run: [vaqljsh] => regsvr32.exe "C:\ProgramData\vaqljsh.dat"
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFolderOptions] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoShellSearchButton] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFind] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.qone8.com/?type=hp&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.searchisbestmy.info/?l=1&q={searchTerms}&pid=1320&r=2013/11/15&hid=2996348407604931384&lg=EN&cc=DE&unqvl=41
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.qone8.com/web/?type=ds&ts=1396741059&from=ild&uid=TOSHIBAXDT01ACA050_83HTV1GESXX83HTV1GESX&q={searchTerms}
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-19\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-20\Software\Classes\exefile: "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION!
HKU\S-1-5-21-844691490-1622691613-2440493073-1000\Software\Classes\exefile: "%1" %* <===== ATTENTION!
Schritt 2 Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers Schritt 3  Bitte starte FRST erneut, setze den Haken auch bei Addition.txt und drücke auf Scan. Bitte poste das Fixlog.txt, das mbar-log, FRST.txt und Addition.txt in Deiner nächsten Antwort.
__________________ --> Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. |
|
| Themen zu Avast und Malwarebytes Anti-Malware werdenvon gruppenrichtlinie geblockt + aussergewöhnliche meldung nach dem bootvorgang. |
| administrator, ahnung, anti-malware, aufeinmal, avast, avast free antivirus, bootvorgang, brauch, fehler, fehler beim laden des moduls, forum, frage, geblockt, gruppenrichtlinie, kaputt, laden, malwarebyte startet nicht, malwarebytes, meldung, neu, probleme, regsvr32, regsvr32 fehler beim laden des moduls, seitdem, start, starte, starten, warscheinlich, win, win7 |
Hybrid-Darstellung
