| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast meldet alle 15 minuten URL:Mal InfektionWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.06.2014, 19:22
| #1 |
 |  Avast meldet alle 15 minuten URL:Mal Infektion Seit gestern bekomm ich ständig die Medlung das AVast eine Infektion blockiert hat DAnn wird diese Url angezeigt: hxxp://getmegan.info/?e=svon&cht=2&dcu=1&cpatch=2&dcs=1&pf01&publisher=28328dc Und drunter: Infektion URL:MAL Kann mir jemand helfen wie ich das wieder loswerde ? Gruß Michael |
|
24.06.2014, 19:49
| #2 |
| /// the machine /// TB-Ausbilder    | Avast meldet alle 15 minuten URL:Mal Infektion hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.06.2014, 20:58
| #3 |
| | Avast meldet alle 15 minuten URL:Mal Infektion Hallo und Danke für die Antwort
__________________Hier die Logs: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by xx (administrator) on PC-SYSTEM-1 on 24-06-2014 21:43:51
Running from C:\Users\xx\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1073271260-1846524946-4136632871-1003\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-1073271260-1846524946-4136632871-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1073271260-1846524946-4136632871-1003\...\Run: [InetStat] => C:\Users\xx\AppData\Roaming\InetStat\inetstat.exe [1259488 2014-06-24] ()
Startup: C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
SearchScopes: HKCU - DefaultScope {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\xx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\xx\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\xx\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-11-25]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\xx\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\xx\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-11-25]
Chrome:
=======
CHR HomePage: hxxp://istart.webssearches.com/?type=hp&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144
CHR StartupUrls: "hxxp://istart.webssearches.com/?type=hp&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144"
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google-Suche) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (Google Wallet) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Google Mail) - C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]
CHR StartMenuInternet: Google Chrome - Chrome.exe
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10684672 2007-07-17] (Sonix Co. Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-24 21:43 - 2014-06-24 21:43 - 02082816 _____ (Farbar) C:\Users\xx\Desktop\FRST64.exe
2014-06-24 21:43 - 2014-06-24 21:43 - 00022126 _____ () C:\Users\xx\Desktop\FRST.txt
2014-06-24 21:43 - 2014-06-24 21:43 - 00000000 ____D () C:\FRST
2014-06-24 20:39 - 2014-06-24 20:39 - 00001314 _____ () C:\Users\xx\Desktop\Landwirtschafts Simulator 2013 .lnk
2014-06-24 20:05 - 2014-06-24 20:05 - 00033352 _____ () C:\Users\xx\Desktop\121.txt
2014-06-24 19:57 - 2014-06-24 19:57 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-24 19:57 - 2014-06-24 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-24 19:57 - 2014-06-24 19:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-24 19:57 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-24 19:57 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-24 19:57 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-24 19:31 - 2014-06-24 19:31 - 00000000 ____D () C:\Users\xx\AppData\Local\freeSOFTtoday
2014-06-24 19:31 - 2014-06-24 19:31 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-24 19:29 - 2014-06-24 19:29 - 00000000 ____D () C:\Users\xx\AppData\Roaming\SupTab
2014-06-24 19:29 - 2014-06-24 19:29 - 00000000 ____D () C:\Users\xx\AppData\Roaming\InetStat
2014-06-24 19:28 - 2014-06-24 19:28 - 00000000 ____D () C:\Users\xx\AppData\Local\14524
2014-06-22 18:09 - 2014-06-22 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2014-06-22 18:08 - 2014-06-22 18:14 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2013
2014-06-21 21:51 - 2014-06-24 16:07 - 00000000 ____D () C:\Users\xx\Desktop\MAP
2014-06-21 21:49 - 2014-06-21 21:49 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-21 21:49 - 2014-06-21 21:49 - 00001099 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-21 19:19 - 2014-06-21 19:22 - 464729106 _____ () C:\Users\xx\Downloads\all_mods_download (1).zip
2014-06-21 19:11 - 2014-06-21 19:11 - 17131656 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\MBTrac1600Turbo.exe
2014-06-21 19:09 - 2014-06-21 19:09 - 31898240 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\UnimogU1200_U1600.exe
2014-06-19 21:41 - 2014-06-19 21:44 - 453302040 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\FarmingSimulator2013TitaniumAddon_v1.0.5.exe
2014-06-19 20:28 - 2014-06-19 20:28 - 03554868 _____ () C:\Users\xx\Downloads\savegame1.zip
2014-06-19 20:24 - 2014-06-19 20:24 - 00000000 ____D () C:\Users\xx\AppData\Local\Overwolf
2014-06-19 20:22 - 2014-06-19 20:23 - 403688302 _____ () C:\Users\xx\Downloads\all_mods_download.zip
2014-06-17 07:17 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\xx\AppData\Local\Adobe
2014-06-15 09:18 - 2014-06-24 00:23 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Google
2014-06-15 09:17 - 2014-06-24 19:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-11 16:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 16:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 16:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 16:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 16:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 16:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 16:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 16:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 16:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 16:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 16:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 16:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 16:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 16:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 16:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 16:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 16:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 16:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 16:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 16:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 16:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 16:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 16:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 16:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 16:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 16:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 16:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 16:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 16:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 16:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 16:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 16:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 16:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 16:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 16:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 16:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 16:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 16:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 16:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 16:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 16:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 16:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 16:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 16:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 16:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 16:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 16:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 16:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 16:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 16:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 16:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 16:52 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 16:52 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 16:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 16:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 16:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 16:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 16:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 16:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 16:51 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:51 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 15:51 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-06-10 15:51 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-06-10 00:26 - 2014-06-22 18:12 - 00000000 ____D () C:\Users\xx\Documents\My Games
2014-06-10 00:26 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-06-10 00:26 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-06-10 00:23 - 2014-06-17 18:46 - 00000000 ____D () C:\Users\xx\Desktop\LS13
2014-06-02 15:32 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 15:32 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:49 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-05-26 18:48 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-05-26 18:48 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 01515296 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00492376 _____ (NVIDIA Corporation) C:\Windows\system32\nvEncodeAPI64.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00416712 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvEncodeAPI.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00382240 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFROpenGL.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00335704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFROpenGL.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00197408 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2014-05-26 18:48 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-05-26 18:48 - 2014-05-20 04:44 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2014-05-26 18:42 - 2014-05-26 18:42 - 00000000 ____D () C:\Users\xx\AppData\Local\NVIDIA Corporation
2014-05-26 18:42 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-05-26 18:42 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-05-26 18:42 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-05-26 18:42 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-05-26 18:42 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-05-26 18:42 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
==================== One Month Modified Files and Folders =======
2014-06-24 21:43 - 2014-06-24 21:43 - 02082816 _____ (Farbar) C:\Users\xx\Desktop\FRST64.exe
2014-06-24 21:43 - 2014-06-24 21:43 - 00022126 _____ () C:\Users\xx\Desktop\FRST.txt
2014-06-24 21:43 - 2014-06-24 21:43 - 00000000 ____D () C:\FRST
2014-06-24 21:41 - 2013-01-13 11:25 - 00000000 ____D () C:\Users\xx\Documents\Outlook-Dateien
2014-06-24 21:27 - 2013-09-12 17:23 - 00000000 ____D () C:\Users\xx\AppData\Roaming\Skype
2014-06-24 21:14 - 2013-01-12 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 21:10 - 2013-01-12 13:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 20:39 - 2014-06-24 20:39 - 00001314 _____ () C:\Users\xx\Desktop\Landwirtschafts Simulator 2013 .lnk
2014-06-24 20:14 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 20:14 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 20:13 - 2010-11-21 08:50 - 00704034 _____ () C:\Windows\system32\perfh007.dat
2014-06-24 20:13 - 2010-11-21 08:50 - 00151172 _____ () C:\Windows\system32\perfc007.dat
2014-06-24 20:13 - 2009-07-14 07:13 - 01633002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 20:11 - 2013-01-12 13:04 - 01578106 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 20:07 - 2014-05-13 15:57 - 00045566 _____ () C:\Windows\PFRO.log
2014-06-24 20:07 - 2013-01-12 13:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 20:07 - 2013-01-08 12:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-24 20:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 20:07 - 2009-07-14 06:51 - 00219065 _____ () C:\Windows\setupact.log
2014-06-24 20:05 - 2014-06-24 20:05 - 00033352 _____ () C:\Users\xx\Desktop\121.txt
2014-06-24 19:59 - 2014-05-01 05:53 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 19:57 - 2014-06-24 19:57 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-24 19:57 - 2014-06-24 19:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-24 19:57 - 2014-06-24 19:57 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-24 19:33 - 2013-01-12 13:21 - 00000000 ____D () C:\Program Files\Google
2014-06-24 19:33 - 2013-01-12 13:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-24 19:32 - 2014-06-15 09:17 - 00000000 ____D () C:\ProgramData\Google
2014-06-24 19:32 - 2013-01-12 13:21 - 00000000 ____D () C:\Users\xx\AppData\Local\Google
2014-06-24 19:31 - 2014-06-24 19:31 - 00000000 ____D () C:\Users\xx\AppData\Local\freeSOFTtoday
2014-06-24 19:31 - 2014-06-24 19:31 - 00000000 ____D () C:\Program Files (x86)\predm
2014-06-24 19:29 - 2014-06-24 19:29 - 00000000 ____D () C:\Users\xx\AppData\Roaming\SupTab
2014-06-24 19:29 - 2014-06-24 19:29 - 00000000 ____D () C:\Users\xx\AppData\Roaming\InetStat
2014-06-24 19:28 - 2014-06-24 19:28 - 00000000 ____D () C:\Users\xx\AppData\Local\14524
2014-06-24 19:28 - 2013-01-12 13:22 - 00002438 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-24 19:28 - 2013-01-12 13:17 - 00001700 _____ () C:\Users\xx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-24 16:08 - 2013-05-27 16:08 - 00000670 _____ () C:\Windows\Tasks\hpwebreg_CN16I3305C05MQ.job
2014-06-24 16:07 - 2014-06-21 21:51 - 00000000 ____D () C:\Users\xx\Desktop\MAP
2014-06-24 00:46 - 2014-01-05 00:54 - 00000000 ____D () C:\Users\xx\Desktop\Ford
2014-06-24 00:23 - 2014-06-15 09:18 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Google
2014-06-22 18:45 - 2014-05-17 11:05 - 00000000 ____D () C:\Users\xx\AppData\Roaming\TS3Client
2014-06-22 18:14 - 2014-06-22 18:08 - 00000000 ____D () C:\Program Files (x86)\Landwirtschafts Simulator 2013
2014-06-22 18:14 - 2011-04-27 14:40 - 00002936 _____ () C:\Windows\DirectX.log
2014-06-22 18:12 - 2014-06-10 00:26 - 00000000 ____D () C:\Users\xx\Documents\My Games
2014-06-22 18:09 - 2014-06-22 18:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2014-06-22 13:18 - 2013-01-12 15:37 - 00000000 ____D () C:\Users\xx\AppData\Local\CrashDumps
2014-06-22 07:56 - 2013-01-12 13:18 - 00109232 _____ () C:\Users\xx\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 07:55 - 2009-07-14 06:45 - 00416376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-21 21:49 - 2014-06-21 21:49 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-21 21:49 - 2014-06-21 21:49 - 00001099 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-21 21:49 - 2013-01-12 13:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-21 19:22 - 2014-06-21 19:19 - 464729106 _____ () C:\Users\xx\Downloads\all_mods_download (1).zip
2014-06-21 19:11 - 2014-06-21 19:11 - 17131656 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\MBTrac1600Turbo.exe
2014-06-21 19:09 - 2014-06-21 19:09 - 31898240 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\UnimogU1200_U1600.exe
2014-06-20 16:05 - 2013-01-12 13:21 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 16:05 - 2013-01-12 13:21 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 21:44 - 2014-06-19 21:41 - 453302040 _____ (GIANTS Software GmbH) C:\Users\xx\Downloads\FarmingSimulator2013TitaniumAddon_v1.0.5.exe
2014-06-19 20:28 - 2014-06-19 20:28 - 03554868 _____ () C:\Users\xx\Downloads\savegame1.zip
2014-06-19 20:24 - 2014-06-19 20:24 - 00000000 ____D () C:\Users\xx\AppData\Local\Overwolf
2014-06-19 20:23 - 2014-06-19 20:22 - 403688302 _____ () C:\Users\xx\Downloads\all_mods_download.zip
2014-06-18 05:26 - 2013-01-12 13:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-17 18:46 - 2014-06-10 00:23 - 00000000 ____D () C:\Users\xx\Desktop\LS13
2014-06-17 07:17 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\xx\AppData\Local\Adobe
2014-06-15 09:17 - 2013-01-12 13:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-15 09:17 - 2013-01-12 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-15 09:17 - 2013-01-12 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 00:49 - 2013-08-15 00:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:49 - 2011-04-27 13:44 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 00:48 - 2014-05-06 17:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 00:48 - 2013-01-13 11:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-09 07:38 - 2014-04-27 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-09 07:38 - 2013-09-12 17:23 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 14:11 - 2013-07-22 23:06 - 00000000 ____D () C:\Users\xx\Desktop\Jeppesen
2014-06-08 11:13 - 2014-06-11 16:51 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:09 - 2013-01-12 13:59 - 00000000 _____ () C:\Users\xx\AppData\Roaming\FileOut.cns
2014-06-08 11:09 - 2013-01-12 13:59 - 00000000 _____ () C:\Users\xx\AppData\Roaming\FileIn.cns
2014-06-08 11:08 - 2014-06-11 16:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-02 16:25 - 2013-11-06 07:18 - 00000000 ____D () C:\Users\xxxx\Desktop\Konto
2014-06-02 15:32 - 2013-01-08 12:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 12:21 - 2014-06-11 16:52 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 16:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 16:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 16:52 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 16:52 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 16:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 16:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 16:52 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 16:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 16:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 16:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 16:52 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 16:52 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 16:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 16:52 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 16:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 16:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 16:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 16:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 16:52 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 16:52 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 16:52 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 16:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 16:52 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 16:52 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 16:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 16:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 16:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 16:52 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 16:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 16:52 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 16:52 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 16:52 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 16:52 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 16:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 16:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 16:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 16:52 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 16:52 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 16:52 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 16:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 16:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 16:52 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 16:52 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 16:52 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 16:52 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 16:52 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 16:52 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 16:52 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 16:52 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 01:07 - 2014-06-02 15:32 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 15:32 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-10-29 07:26 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-10-29 07:26 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-28 18:32 - 2014-02-23 10:17 - 00000000 ____D () C:\Users\xx\Desktop\U23
2014-05-27 08:13 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-26 18:50 - 2014-05-26 18:50 - 00000000 ____D () C:\Program Files (x86)\AGEIA Technologies
2014-05-26 18:50 - 2014-05-10 15:52 - 00000000 ____D () C:\temp
2014-05-26 18:50 - 2013-01-08 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-05-26 18:50 - 2013-01-08 12:35 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-05-26 18:42 - 2014-05-26 18:42 - 00000000 ____D () C:\Users\xx\AppData\Local\NVIDIA Corporation
2014-05-26 18:42 - 2013-07-31 08:14 - 00000000 ____D () C:\Users\xx\AppData\Local\NVIDIA
2014-05-26 18:42 - 2013-01-08 12:35 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
Some content of TEMP:
====================
C:\Users\xx\AppData\Local\Temp\inethnfd-setup.exe
C:\Users\xx\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\xx\AppData\Local\Temp\nvStInst.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 01:25
==================== End Of Log ============================
und Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-06-2014
Ran by xx at 2014-06-24 21:44:07
Running from C:\Users\xx\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Acrobat 4.0 (HKLM-x32\...\Adobe Acrobat 4.0) (Version: 4.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Avant Browser (remove only) (HKLM-x32\...\AvantBrowser) (Version: 12.5.0.0 - Avant Force)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2018 - Avast Software)
B-Cargo Nordwaggon Habbins v.1.1. (HKLM-x32\...\B-Cargo Nordwaggon Habbins v.1.1.) (Version: - )
BR 440 "Fugger-Express" 1.0 (HKLM-x32\...\BR 440 "Fugger-Express" 1.0) (Version: 1.0 - vizzart)
Cheat Engine 6.2 (HKLM-x32\...\Cheat Engine 6.2_is1) (Version: - Dark Byte)
CityVilleBot (HKLM-x32\...\{AC7EDC76-DE45-4BC3-BC4F-3273F0836464}_is1) (Version: - CityVilleBot)
Classic Silver Drivers (HKLM-x32\...\{8678BD65-D66E-48BB-8531-91D0EF8998A1}) (Version: 4.0.2.6 - Hercules)
CrystalDiskInfo 5.6.2 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.6.2 - Crystal Dew World)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DB Br 294 verkehrsrot 1.0 Installation (HKLM-x32\...\DB Br 294 verkehrsrot 1.0 Installation) (Version: - )
DB_Uaai (HKLM-x32\...\DB_Uaai) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{CA75CBF9-B078-47CB-ABA3-74EFD4FC9A43}) (Version: - Microsoft)
DEG - BR 146-BIN (HKLM-x32\...\DEG - BR 146-BIN) (Version: - )
DEG - SAMMS (HKLM-x32\...\DEG - SAMMS) (Version: - )
Druckertüchtigte IC-Wagen für den MSTS 1.0 (HKLM-x32\...\Druckertüchtigte IC-Wagen für den MSTS) (Version: 1.0 - wander-baustelle)
ffdshow v1.2.4422 [2012-04-09] (HKLM-x32\...\ffdshow_is1) (Version: 1.2.4422.0 - )
File Association Helper (HKLM\...\{C168639F-5810-4EC8-B1E8-0251AA8A771C}) (Version: 1.2.225.65451 - WinZip Computing International, LLC)
Fotogalerie (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Freeway_Lint41 (HKCU\...\Freeway_Lint41) (Version: - )
Galería de fotos (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
GIMP 2.8.6 (HKLM\...\GIMP-2_is1) (Version: 2.8.6 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Güter- und Personenwagen Aufgabenpack V1.1 (HKCU\...\Güter- und Personenwagen Aufgabenpack V1.1) (Version: - )
Haali Media Splitter (HKLM-x32\...\HaaliMkx) (Version: - )
Hercules Classic Silver (HKLM-x32\...\{B1549CC1-EB81-4E7C-9C7C-8B97CD9FD37A}) (Version: - )
Hercules Webcam Station Evolution SE (HKLM-x32\...\{C3C44248-B8F7-4B20-A5C7-994870B60F55}) (Version: 4.1.1.0 - Hercules)
HoyTank2 (HKLM-x32\...\HoyTank2) (Version: - )
HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät (HKLM\...\{479B309B-E6B4-4947-8B83-472CF4272582}) (Version: 23.0.504.0 - Hewlett-Packard Co.)
HP Deskjet 3070 B611 series Hilfe (HKLM-x32\...\{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.5192 - HP Photo Creations)
HP Update (HKLM-x32\...\{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}) (Version: 5.002.007.004 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
ICQ 8.0 (build 5981, für aktuellen Benutzer) (HKCU\...\ICQ) (Version: 8.0.5981.0 - Mail.Ru)
InetStat (HKCU\...\InetStat) (Version: 0.4 - InetStat)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.6.245 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Kohlezug G48444 (HKCU\...\Kohlezug G48444) (Version: - )
Landwirtschafts Simulator 2013 (HKLM-x32\...\FarmingSimulator2013DE_is1) (Version: 1.0 - GIANTS Software)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{90D3D490-F6C4-4F4A-971B-93D0A66F2E2E}) (Version: - Microsoft)
Microsoft Office 2010 Language Pack Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Language Pack 2010 - German/Deutsch (HKLM-x32\...\Office14.OMUI.de-de) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office O MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office SharePoint Designer MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.4734.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office X MUI (German) 2010 (x32 Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4024.1220 - Microsoft Corporation)
Microsoft SharePoint Designer 2010 Service Pack 1 (SP1) (x32 Version: - Microsoft) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.002.03.07.40 - Huawei Technologies Co.,Ltd)
Movie Maker (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
MSTS Aufgaben-Analyse 2.18 (HKLM-x32\...\MSTS Aufgaben-Analyse 2.18) (Version: - )
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
ÖBB 4020 059-4 v. 1.0 Kami K. (HKLM-x32\...\ÖBB 4020 059-4 v. 1.0 Kami K.) (Version: - )
ÖBB 4024 (HKCU\...\ÖBB 4024) (Version: - )
ÖBB 4024-074 (HKCU\...\ÖBB 4024-074) (Version: - )
ÖBB EANOS (HKCU\...\ÖBB EANOS) (Version: - )
Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
PhotoFiltre 7 (HKCU\...\PhotoFiltre 7) (Version: - )
ProTrain 36 1.0 (HKLM-x32\...\ProTrain 36 1.0) (Version: 1.0 - BlueSky Interactive)
RailArts Berlin-Dresden (HKLM-x32\...\{A789F410-6D00-48C8-90D3-C642468B6FC5}) (Version: 1.0 - vizzart)
RailArts 'Berlin-Dresden' Raildriver 1.0 (HKLM-x32\...\RailArts 'Berlin-Dresden' Raildriver 1.0) (Version: 1.0 - Blue Sky Interactive)
RailArts Berlin-Halle 2013 (HKLM-x32\...\{61CC4218-9A43-479B-809C-B52782F3440D}) (Version: 1.0 - vizzart)
RailArts Berlin-Halle 2013 Update (HKLM-x32\...\{102D64FF-11D5-4FF8-9692-65507A2B0338}) (Version: 1.11 - vizzart)
RailArts Berlin-Halle 2013 Update (HKLM-x32\...\{40DC9F97-1983-4773-9BB3-BBA72F6C9D40}) (Version: 1.1 - vizzart)
RDZ_WLABmee v1.0 (HKLM-x32\...\{C97D86CB-CE6C-4C07-A7D4-371D1ED2C2AC}_is1) (Version: - ml-train.ucoz.ru.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (HKLM\...\Redirection Port Monitor) (Version: - )
Rollmaterial für die Westbahn (HKCU\...\Rollmaterial für die Westbahn) (Version: - )
Samsung_MonSetup (HKLM-x32\...\{8EA79DBF-D637-448A-89D6-410A087A4493}) (Version: 1.00.0000 - Samsung)
Shape Viewer (HKLM-x32\...\{88DA244E-4CEA-49E4-AD6A-301B65131E25}) (Version: 2.2.0.237 - )
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shotcut (HKLM-x32\...\Shotcut) (Version: - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
StAGUacs (HKLM-x32\...\StAGUacs) (Version: - )
STP DB ICE1 Prinz Eugen (HKLM-x32\...\STP DB ICE1 Prinz Eugen) (Version: - )
STP DB ICE3 403 V1.0 (HKLM-x32\...\STP DB ICE3 403 V1.0) (Version: - )
Studie zur Verbesserung von HP Deskjet 3070 B611 series Produkten (HKLM\...\{CAD7B6DD-9C82-4D17-BAE8-3E9AE4971B90}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
SupraSavings (Version: 1.0.0.0 - SupraSavings) Hidden <==== ATTENTION
Taurus Aufgabenpack (HKCU\...\Taurus Aufgabenpack) (Version: - )
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.29480 - TeamViewer)
TL-WN851ND Driver (HKLM-x32\...\{4BAE4C76-44C3-418F-B715-6BBF5A65323E}) (Version: 1.00.0000 - TP-LINK)
TomTom HOME (HKLM-x32\...\{99072AB4-D795-44D5-9D65-E3C9F8322C97}) (Version: 2.9.7 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Train Store V3.2 (HKLM-x32\...\Train Store V3.2) (Version: - )
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (HKLM-x32\...\{90140000-006E-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{32E700B9-1A94-48B4-99E1-CB8BD5F7340A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (HKLM-x32\...\{90140000-00A1-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{0C175ED0-26B9-4B09-AFA9-3F16A03A29B9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{81CA2EFA-7250-4B1E-B3A6-E0595224E2CD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft SharePoint Designer 2010 (KB2553459) 32-Bit Edition (HKLM-x32\...\{90140000-0017-0407-0000-0000000FF1CE}_Office14.OMUI.de-de_{7A518447-45D0-4C4F-B4C3-7FA72E4F6DB9}) (Version: - Microsoft)
Virtual Train DB 103 Pack Rot-Beige C (HKLM-x32\...\Virtual Train DB 103 Pack Rot-Beige C) (Version: - )
Virtual Train DB 140 VR Beta (HKLM-x32\...\Virtual Train DB 140 VR Beta) (Version: - )
VLC media player 2.1.0 (HKLM-x32\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Vossloh G2000 pack (HKLM-x32\...\Vossloh G2000 pack) (Version: - )
Windows Live Communications Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3522.0110 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3522.0110 - Microsoft Corporation) Hidden
WinRAR 5.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip Driver Updater (HKLM-x32\...\{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1) (Version: 1.0.648.15384 - WinZip Computing, S.L. (WinZip Computing))
==================== Restore Points =========================
17-06-2014 08:28:31 Windows Update
20-06-2014 13:58:24 Windows Update
22-06-2014 16:09:53 DirectX wurde installiert
22-06-2014 16:14:40 DirectX wurde installiert
24-06-2014 08:21:22 Windows Update
24-06-2014 17:29:47 Windows Defender Checkpoint
24-06-2014 17:43:29 Wiederherstellungsvorgang
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-05-12 16:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {012644AE-E388-4E91-A91F-F4DD43394C0D} - \BonanzaDealsUpdate No Task File <==== ATTENTION
Task: {0BDCE512-7625-40C6-9268-6AC4FB671451} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
Task: {13DA9C4C-18FE-4EBA-98F3-69E655A09D55} - \Omiga Plus RunAsStdUser No Task File <==== ATTENTION
Task: {16E18870-3969-4E88-A9BA-1F412BB1BC1D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-05-08] (AVAST Software)
Task: {2B53B817-8325-4047-89B9-A465AE8FC353} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {53C63525-6D8D-4226-913F-9EABA2F0CDB8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-15] (Adobe Systems Incorporated)
Task: {6BE2247A-49A4-40D3-8DB1-67D77B27159C} - System32\Tasks\hpwebreg_CN16I3305C05MQ => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\hpwebreg.exe [2011-03-30] (Hewlett-Packard Co.)
Task: {75CB3424-4A67-4E96-8794-902001CBF965} - System32\Tasks\HPCustParticipation HP Deskjet 3070 B611 series => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {85DDD5E0-CBA5-4183-80F2-F48025C64DED} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {8AB88281-BA1D-475C-91F8-87B783908F45} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12] (Google Inc.)
Task: {B14F8305-9B3B-4EE8-AE8C-832DE5AA75B2} - System32\Tasks\HP Deskjet 3070 B611 series.exe_{258F7099-963B-45F2-8815-3541D7DD911A} => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HP Deskjet 3070 B611 series.exe [2011-03-30] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\hpwebreg_CN16I3305C05MQ.job => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HpWebReg.exe
==================== Loaded Modules (whitelisted) =============
2013-01-08 12:35 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-05-04 09:19 - 2010-06-17 20:56 - 00087040 _____ () C:\Windows\System32\redmonnt.dll
2010-01-09 21:17 - 2010-01-09 21:17 - 04254560 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2014-06-24 14:17 - 2014-06-24 14:17 - 02783744 _____ () C:\Program Files\AVAST Software\Avast\defs\14062400\algo.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-12-03 22:17 - 2013-12-03 22:17 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-02-26 20:00 - 2014-02-26 20:00 - 00017920 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_32\PSIClient\7fb509dd6887788f670fac03bb2f996d\PSIClient.ni.dll
2013-01-08 12:36 - 2012-06-25 11:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2010-01-09 21:18 - 2010-01-09 21:18 - 04254560 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-01-10 02:05 - 2010-01-10 02:05 - 01040736 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SecureAssist => ""="service"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: GoogleChromeAutoLaunch_3C660A3B65503C791DBD0D2D9747317A => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
MSCONFIG\startupreg: icq => C:\Users\xx\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: TomTomHOME.exe => "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/24/2014 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 07:59:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm mbam.exe, Version 1.0.0.532 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1984
Startzeit: 01cf8fd5d63d11f2
Endzeit: 2
Anwendungspfad: C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
Berichts-ID: 3b3d3c55-fbc9-11e3-9d90-d43d7e046618
Error: (06/24/2014 07:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 07:44:55 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: Der ausgewählte Wiederherstellungspunkt wurde während der Wiederherstellung beschädigt oder gelöscht (Windows Update).
Error: (06/24/2014 07:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x924
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 07:41:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x93c
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 07:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x8f4
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 10:17:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x8ac
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/24/2014 05:40:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x8e8
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
Error: (06/23/2014 11:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_stisvc, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: wiaservc.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ca0f
Ausnahmecode: 0x40000015
Fehleroffset: 0x0000000000047a6b
ID des fehlerhaften Prozesses: 0x894
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_stisvc0
Pfad der fehlerhaften Anwendung: svchost.exe_stisvc1
Pfad des fehlerhaften Moduls: svchost.exe_stisvc2
Berichtskennung: svchost.exe_stisvc3
System errors:
=============
Error: (06/24/2014 08:07:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2014 07:49:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2014 07:44:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2014 07:41:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2014 07:33:47 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/24/2014 05:24:42 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/24/2014 00:05:59 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/24/2014 10:57:37 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/24/2014 10:57:30 AM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (06/24/2014 10:17:03 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (06/24/2014 08:07:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b89401cf8fd72af05655C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll6960dd27-fbca-11e3-ad9e-d43d7e046618
Error: (06/24/2014 07:59:09 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mbam.exe1.0.0.532198401cf8fd5d63d11f22C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe3b3d3c55-fbc9-11e3-9d90-d43d7e046618
Error: (06/24/2014 07:49:32 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b93c01cf8fd4a69a4395C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dlle516ff68-fbc7-11e3-9d90-a0f3c1322a39
Error: (06/24/2014 07:44:55 PM) (Source: System Restore) (EventID: 8206) (User: )
Description: Windows Update
Error: (06/24/2014 07:44:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b92401cf8fd3ffb34634C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll3ed96177-fbc7-11e3-84f8-d43d7e046618
Error: (06/24/2014 07:41:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b93c01cf8fd3891d3df5C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllc7b3ea6a-fbc6-11e3-b2c6-a0f3c1322a39
Error: (06/24/2014 07:33:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b8f401cf8fd271ebcadfC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllb10d5242-fbc5-11e3-8e80-d43d7e046618
Error: (06/24/2014 10:17:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b8ac01cf8f84ac13cf3cC:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllea82cf6e-fb77-11e3-9fcd-d43d7e046618
Error: (06/24/2014 05:40:52 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b8e801cf8f5e1801a3b7C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dll5665f588-fb51-11e3-81bf-d43d7e046618
Error: (06/23/2014 11:47:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.1.7600.163854a5bc3c1wiaservc.dll6.1.7601.175144ce7ca0f400000150000000000047a6b89401cf8f2cb41a3918C:\Windows\system32\svchost.exec:\windows\system32\wiaservc.dllf371285f-fb1f-11e3-894b-d43d7e046618
CodeIntegrity Errors:
===================================
Date: 2014-05-12 15:59:41.297
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-05-12 15:59:41.240
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 25%
Total physical RAM: 8140.86 MB
Available physical RAM: 6105.39 MB
Total Pagefile: 16279.91 MB
Available Pagefile: 14214.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Win7HPx64) (Fixed) (Total:111.79 GB) (Free:9.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:931.51 GB) (Free:844.52 GB) NTFS
Drive e: (FS13 Titanium) (CDROM) (Total:1.97 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: DE64EDDE)
Partition 1: (Active) - (Size=112 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: BC572A64)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
25.06.2014, 18:16
| #4 |
| /// the machine /// TB-Ausbilder | Avast meldet alle 15 minuten URL:Mal Infektion hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.06.2014, 20:23
| #5 |
| | Avast meldet alle 15 minuten URL:Mal Infektion Hi, hier das Combo Log Code:
ATTFilter ComboFix 14-06-24.01 - xx 25.06.2014 21:00:04.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8141.5864 [GMT 2:00]
ausgeführt von:: c:\users\xx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Java\jre7\bin\jp2ssv.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-25 bis 2014-06-25 ))))))))))))))))))))))))))))))
.
.
2014-06-25 19:06 . 2014-06-25 19:06 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-06-25 19:06 . 2014-06-25 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-25 13:51 . 2014-06-25 13:51 -------- d-----w- c:\users\xx\Neuer Ordner (2)
2014-06-24 19:43 . 2014-06-24 19:44 -------- d-----w- C:\FRST
2014-06-24 17:57 . 2014-06-24 17:57 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-24 17:57 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-24 17:57 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-24 17:57 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-24 17:31 . 2014-06-24 17:31 -------- d-----w- c:\program files (x86)\predm
2014-06-24 17:31 . 2014-06-24 17:31 -------- d-----w- c:\users\x\AppData\Local\freeSOFTtoday
2014-06-24 17:29 . 2014-06-24 17:29 -------- d-----w- c:\users\x\AppData\Roaming\InetStat
2014-06-24 17:29 . 2014-06-24 17:29 -------- d-----w- c:\users\x\AppData\Roaming\SupTab
2014-06-24 17:28 . 2014-06-24 17:28 -------- d-----w- c:\users\x\AppData\Local\14524
2014-06-24 08:21 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F3637475-DA47-4C8A-B93D-6E1F7963AECF}\mpengine.dll
2014-06-22 16:08 . 2014-06-22 16:14 -------- d-----w- c:\program files (x86)\Landwirtschafts Simulator 2013
2014-06-19 18:24 . 2014-06-19 18:24 -------- d-----w- c:\users\x\AppData\Local\Overwolf
2014-06-17 05:17 . 2014-06-17 05:17 -------- d-----w- c:\users\x\AppData\Local\Adobe
2014-06-11 14:51 . 2014-06-08 09:13 506368 ----a-w- c:\windows\system32\aepdu.dll
2014-06-11 14:51 . 2014-06-08 09:08 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-06-10 13:51 . 2010-02-04 08:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2014-06-10 13:51 . 2007-04-04 16:54 107368 ----a-w- c:\windows\system32\xinput1_3.dll
2014-06-09 22:26 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2014-06-09 22:26 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-06-09 05:38 . 2014-06-09 05:38 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-02 13:32 . 2014-05-29 23:07 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-06-02 13:32 . 2014-05-29 23:07 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-24 17:59 . 2014-05-01 03:53 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-15 07:17 . 2013-01-12 11:21 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-06-15 07:17 . 2013-01-12 11:21 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-11 22:49 . 2011-04-27 11:44 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-29 23:07 . 2013-10-29 05:26 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-05-29 23:07 . 2013-10-29 05:26 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
2014-05-20 02:44 . 2014-05-26 16:48 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-05-20 02:44 . 2014-05-26 16:48 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-05-20 02:44 . 2014-05-26 16:48 1515296 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-05-20 02:44 . 2014-05-26 16:48 9735256 ----a-w- c:\windows\SysWow64\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 16:48 9697640 ----a-w- c:\windows\SysWow64\nvopencl.dll
2014-05-20 02:44 . 2014-05-26 16:48 895776 ----a-w- c:\windows\system32\NvIFR64.dll
2014-05-20 02:44 . 2014-05-26 16:48 892704 ----a-w- c:\windows\system32\NvFBC64.dll
2014-05-20 02:44 . 2014-05-26 16:48 867784 ----a-w- c:\windows\SysWow64\NvIFR.dll
2014-05-20 02:44 . 2014-05-26 16:48 861128 ----a-w- c:\windows\SysWow64\NvFBC.dll
2014-05-20 02:44 . 2014-05-26 16:48 837056 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2014-05-20 02:44 . 2014-05-26 16:48 492376 ----a-w- c:\windows\system32\nvEncodeAPI64.dll
2014-05-20 02:44 . 2014-05-26 16:48 416712 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll
2014-05-20 02:44 . 2014-05-26 16:48 382240 ----a-w- c:\windows\system32\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 16:48 354016 ----a-w- c:\windows\system32\nvoglshim64.dll
2014-05-20 02:44 . 2014-05-26 16:48 335704 ----a-w- c:\windows\SysWow64\NvIFROpenGL.dll
2014-05-20 02:44 . 2014-05-26 16:48 3141976 ----a-w- c:\windows\system32\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 16:48 31387936 ----a-w- c:\windows\system32\nvoglv64.dll
2014-05-20 02:44 . 2014-05-26 16:48 305600 ----a-w- c:\windows\SysWow64\nvoglshim32.dll
2014-05-20 02:44 . 2014-05-26 16:48 2953672 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2014-05-20 02:44 . 2014-05-26 16:48 2785568 ----a-w- c:\windows\system32\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 16:48 25256224 ----a-w- c:\windows\system32\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 16:48 2412376 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2014-05-20 02:44 . 2014-05-26 16:48 24025376 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2014-05-20 02:44 . 2014-05-26 16:48 1889112 ----a-w- c:\windows\system32\nvdispco6433788.dll
2014-05-20 02:44 . 2014-05-26 16:48 17561544 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2014-05-20 02:44 . 2014-05-26 16:48 17480432 ----a-w- c:\windows\system32\nvd3dumx.dll
2014-05-20 02:44 . 2014-05-26 16:48 166568 ----a-w- c:\windows\system32\nvinitx.dll
2014-05-20 02:44 . 2014-05-26 16:48 16003912 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2014-05-20 02:44 . 2014-05-26 16:48 1541576 ----a-w- c:\windows\system32\nvdispgenco6433788.dll
2014-05-20 02:44 . 2014-05-26 16:48 146480 ----a-w- c:\windows\SysWow64\nvinit.dll
2014-05-20 02:44 . 2014-05-26 16:48 12688328 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2014-05-20 02:44 . 2014-05-26 16:48 11644928 ----a-w- c:\windows\system32\nvcuda.dll
2014-05-20 02:44 . 2014-05-26 16:48 11599072 ----a-w- c:\windows\system32\nvopencl.dll
2014-05-20 02:44 . 2013-02-25 22:32 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2013-02-25 22:32 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 02:44 . 2013-02-25 22:32 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2013-02-25 22:32 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2013-02-25 22:32 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2013-01-08 10:35 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2013-01-08 10:35 52056 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-20 01:25 . 2013-01-08 10:35 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2013-01-08 10:35 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2013-01-08 10:35 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2013-01-08 10:35 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2013-01-08 10:35 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2013-01-08 10:35 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-19 23:10 . 2014-05-26 16:49 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-05-15 16:15 . 2014-01-06 20:00 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-15 16:15 . 2013-01-12 11:23 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-15 16:15 . 2013-01-12 11:23 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-05-14 23:49 . 2013-01-08 10:35 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-08 16:15 . 2014-05-08 16:15 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-05-08 16:15 . 2014-05-08 16:15 43152 ----a-w- c:\windows\avastSS.scr
2014-05-08 16:15 . 2013-03-19 05:21 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-05-08 16:15 . 2013-03-19 05:21 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-05-08 16:15 . 2013-01-12 11:23 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-05-08 16:15 . 2013-01-12 11:23 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-05-08 16:15 . 2013-01-12 11:23 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-12 02:22 . 2014-05-15 10:58 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:22 . 2014-05-15 10:58 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:19 . 2014-05-15 10:58 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-15 10:58 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-15 10:58 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-15 10:58 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-15 10:58 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-15 10:58 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-15 10:58 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 16:42 . 2014-05-26 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-03-31 16:42 . 2013-10-29 05:25 37320 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-03-31 16:42 . 2014-05-26 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-03-31 07:35 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-16 08:03 222920 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-16 08:03 222920 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-16 08:03 222920 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Deskjet 3070 B611 series (NET)"="c:\program files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe" [2011-03-30 2547048]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-05-08 21444224]
"InetStat"="c:\users\x\AppData\Roaming\InetStat\inetstat.exe" [2014-06-24 1259488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-24 3890208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2010-1-21 226176]
Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk - c:\windows\system32\RunDll32.exe "c:\program files\HP\HP Deskjet 3070 B611 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN16I3305C05MQ;CONNECTION=NW;MONITOR=1; [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 hxctlflt;hxctlflt;c:\windows\system32\DRIVERS\hxctlflt.sys;c:\windows\SYSNATIVE\DRIVERS\hxctlflt.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\drivers\nvstusb.sys;c:\windows\SYSNATIVE\drivers\nvstusb.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SIVDriver;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX64.sys;c:\windows\SYSNATIVE\Drivers\SIVX64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys;c:\windows\SYSNATIVE\drivers\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys;c:\windows\SYSNATIVE\drivers\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\drivers\iusb3hub.sys;c:\windows\SYSNATIVE\drivers\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys;c:\windows\SYSNATIVE\drivers\iusb3xhc.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 22:05 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-12 07:17]
.
2014-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 11:21]
.
2014-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-12 11:21]
.
2014-06-25 c:\windows\Tasks\hpwebreg_CN16I3305C05MQ.job
- c:\program files\HP\HP Deskjet 3070 B611 series\Bin\hpwebreg.exe [2011-03-30 17:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-03-16 08:03 261832 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-03-16 08:03 261832 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-03-16 08:03 261832 ----a-w- c:\users\x\AppData\Local\Microsoft\SkyDrive\17.0.4024.1220\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-05-08 16:15 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
"FAHConsole"="c:\program files\File Association Helper\FAHConsole.exe" [2014-01-28 729272]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mStart Page = www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
mDefault_Page_URL = www.google.com
mDefault_Search_URL = www.google.com
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Nvtmru - c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-DB_Uaai - c:\users\x\Desktop\WAG\uninstall.exe
AddRemove-PlusWinks - c:\program files (x86)\Cool Smiley Bar for Facebook\uninst.exe
AddRemove-{9854A5C4-5BE5-46E2-A989-352DD8B37E20}_is1 - c:\program files (x86)\WinZip Driver Updater\unins000.exe
AddRemove-{C97D86CB-CE6C-4C07-A7D4-371D1ED2C2AC}_is1 - c:\users\x\Desktop\WAG\Train Simulator\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_125_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_125.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-25 21:17:03
ComboFix-quarantined-files.txt 2014-06-25 19:17
.
Vor Suchlauf: 16 Verzeichnis(se), 10.480.640.000 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 10.139.222.016 Bytes frei
.
- - End Of File - - C3D2DF43E7C195760FA5BA3C9DD38ED2
|
|
26.06.2014, 20:26
| #6 |
| /// the machine /// TB-Ausbilder | Avast meldet alle 15 minuten URL:Mal Infektion Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Avast meldet alle 15 minuten URL:Mal Infektion |
|
26.06.2014, 22:02
| #7 |
| | Avast meldet alle 15 minuten URL:Mal Infektion Hi, hier die gewünschten Logs: mbam: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 26.06.2014 Suchlauf-Zeit: 22:32:15 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.26.08 Rootkit Datenbank: v2014.06.23.02 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: x Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 364906 Verstrichene Zeit: 4 Min, 2 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.SuperFish.A, HKU\S-1-5-21-1073271260-1846524946-4136632871-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [3dd3d2ab2754b680daf64a60659d0ff1], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 2 PUP.Optional.WebsSearches.A, C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://istart.webssearches.com/?type=hp&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144" ],), Ersetzt,[c848eb92e19a64d2fe3e70478183768a] PUP.Optional.WebsSearches.A, C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://istart.webssearches.com/?type=hp&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144",), Ersetzt,[a769d1acb4c7c274cb72ffb87c8846ba] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by x on 26.06.2014 at 22:45:40,36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26.06.2014 at 22:50:10,46
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 26/06/2014 um 22:41:48
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : x - PC-SYSTEM-1
# Gestartet von : C:\Users\x\Desktop\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\x\AppData\Local\Freesofttoday
Ordner Gelöscht : C:\Users\x\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\x\AppData\Roaming\SupTab
Datei Gelöscht : C:\Uninstall.exe
Datei Gelöscht : C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\x\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [InetStat]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKLM\Software\Free_soft_today
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
*************************
AdwCleaner[R0].txt - [4834 octets] - [26/06/2014 22:40:29]
AdwCleaner[S0].txt - [3640 octets] - [26/06/2014 22:41:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3700 octets] ##########
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by x (administrator) on PC-SYSTEM-1 on 26-06-2014 22:51:36
Running from C:\Users\x\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-10-16] (Intel Corporation)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-24] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-1073271260-1846524946-4136632871-1003\...\Run: [HP Deskjet 3070 B611 series (NET)] => C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe [2547048 2011-03-30] (Hewlett-Packard Co.)
HKU\S-1-5-21-1073271260-1846524946-4136632871-1003\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 3070 B611 series (Netzwerk).lnk -> C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKLM-x32 - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASBJS;
SearchScopes: HKCU - DefaultScope {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL =
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {ABDE2F3F-1D9C-4041-BBCA-E614C0A7D0CB} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\xx\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF HKLM-x32\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\x\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\x\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-11-25]
FF HKCU\...\Firefox\Extensions: [speedtest4354@BestOffers] - C:\Users\x\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers
FF Extension: Speed Test (4354) - C:\Users\x\AppData\Roaming\Mozilla\Extensions\speedtest4354@BestOffers [2013-11-25]
Chrome:
=======
CHR HomePage:
CHR DefaultSearchKeyword: webssearches
CHR DefaultSearchProvider: webssearches
CHR DefaultSearchURL: hxxp://istart.webssearches.com/web/?type=ds&ts=1403630903&from=amt&uid=ADATAXSSDXS510X120GBXXXXXXXXXXXXXXXXXX_02924201500500004144&q={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
CHR Plugin: (Intel Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll No File
CHR Extension: (YouTube) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-01-12]
CHR Extension: (Google-Suche) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-01-12]
CHR Extension: (Google Wallet) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-27]
CHR Extension: (Google Mail) - C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-01-12]
CHR StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-05-08] (AVAST Software)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-05-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-05-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-05-08] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-05-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-05-08] ()
S3 hxctlflt; C:\Windows\System32\DRIVERS\hxctlflt.sys [111104 2009-02-09] (Guillemot Corporation)
R0 iaStorF; C:\Windows\System32\drivers\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-26] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [129856 2012-10-20] (Ray Hinchliffe)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10684672 2007-07-17] (Sonix Co. Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 22:50 - 2014-06-26 22:50 - 00000750 _____ () C:\Users\x\Desktop\JRT.txt
2014-06-26 22:45 - 2014-06-26 22:45 - 01016261 _____ (Thisisu) C:\Users\x\Desktop\JRT.exe
2014-06-26 22:43 - 2014-06-26 22:43 - 00003816 _____ () C:\Users\x\Desktop\AdwCleaner[S0].txt
2014-06-26 22:39 - 2014-06-26 22:41 - 00000000 ____D () C:\AdwCleaner
2014-06-26 22:39 - 2014-06-26 22:39 - 01342659 _____ () C:\Users\x\Desktop\adwcleaner_3.213.exe
2014-06-26 22:38 - 2014-06-26 22:38 - 00001977 _____ () C:\Users\x\Desktop\MBAM.txt
2014-06-26 22:31 - 2014-06-26 22:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 22:31 - 2014-06-26 22:31 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-26 22:31 - 2014-06-26 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-26 22:31 - 2014-06-26 22:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-26 22:31 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-26 22:31 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-26 22:31 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-26 18:42 - 2014-06-26 18:42 - 00000926 _____ () C:\Users\x\Desktop\Landwirtschafts Simulator 2013 .lnk
2014-06-26 18:42 - 2014-06-26 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2014-06-26 18:40 - 2014-06-26 22:01 - 00000000 ____D () C:\Users\x\Documents\My Games
2014-06-25 21:17 - 2014-06-25 21:30 - 00028390 _____ () C:\ComboFix.txt
2014-06-25 20:59 - 2014-06-25 21:17 - 00000000 ____D () C:\Qoobox
2014-06-25 20:59 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-25 20:59 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-25 20:59 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-25 20:59 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-25 20:59 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-25 20:59 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-25 20:59 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-25 20:59 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-25 20:57 - 2014-06-25 20:57 - 05211571 ____R (Swearware) C:\Users\x\Desktop\ComboFix.exe
2014-06-25 15:51 - 2014-06-25 15:51 - 00000000 ____D () C:\Users\x\Neuer Ordner (2)
2014-06-24 21:44 - 2014-06-24 21:58 - 00039973 _____ () C:\Users\x\Desktop\Addition.txt
2014-06-24 21:43 - 2014-06-26 22:51 - 00021145 _____ () C:\Users\x\Desktop\FRST.txt
2014-06-24 21:43 - 2014-06-26 22:51 - 00000000 ____D () C:\FRST
2014-06-24 21:43 - 2014-06-24 21:43 - 02082816 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-06-24 20:05 - 2014-06-24 20:05 - 00033352 _____ () C:\Users\x\Desktop\121.txt
2014-06-24 19:28 - 2014-06-24 19:28 - 00000000 ____D () C:\Users\x\AppData\Local\14524
2014-06-21 21:51 - 2014-06-24 16:07 - 00000000 ____D () C:\Users\x\Desktop\MAP
2014-06-21 21:49 - 2014-06-21 21:49 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-21 21:49 - 2014-06-21 21:49 - 00001099 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-21 19:19 - 2014-06-21 19:22 - 464729106 _____ () C:\Users\x\Downloads\all_mods_download (1).zip
2014-06-21 19:11 - 2014-06-21 19:11 - 17131656 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\MBTrac1600Turbo.exe
2014-06-21 19:09 - 2014-06-21 19:09 - 31898240 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\UnimogU1200_U1600.exe
2014-06-19 21:41 - 2014-06-19 21:44 - 453302040 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\FarmingSimulator2013TitaniumAddon_v1.0.5.exe
2014-06-19 20:28 - 2014-06-19 20:28 - 03554868 _____ () C:\Users\x\Downloads\savegame1.zip
2014-06-19 20:24 - 2014-06-19 20:24 - 00000000 ____D () C:\Users\x\AppData\Local\Overwolf
2014-06-19 20:22 - 2014-06-19 20:23 - 403688302 _____ () C:\Users\x\Downloads\all_mods_download.zip
2014-06-17 07:17 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\x\AppData\Local\Adobe
2014-06-15 09:18 - 2014-06-24 00:23 - 00000000 ____D () C:\Users\x\AppData\Roaming\Google
2014-06-15 09:17 - 2014-06-24 19:32 - 00000000 ____D () C:\ProgramData\Google
2014-06-11 16:52 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 16:52 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 16:52 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 16:52 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 16:52 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 16:52 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 16:52 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 16:52 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 16:52 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 16:52 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 16:52 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 16:52 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 16:52 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 16:52 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 16:52 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 16:52 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 16:52 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 16:52 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 16:52 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 16:52 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 16:52 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 16:52 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-11 16:52 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 16:52 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 16:52 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-11 16:52 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 16:52 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 16:52 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 16:52 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 16:52 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 16:52 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 16:52 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-11 16:52 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-11 16:52 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 16:52 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 16:52 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 16:52 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-11 16:52 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 16:52 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 16:52 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 16:52 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 16:52 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 16:52 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 16:52 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-11 16:52 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 16:52 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 16:52 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 16:52 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 16:52 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 16:52 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 16:52 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 16:52 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 16:52 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 16:52 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-11 16:52 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 16:52 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 16:52 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 16:52 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 16:52 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 16:52 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 16:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 16:52 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 16:52 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 16:52 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 16:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 16:52 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-11 16:51 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 16:51 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-10 15:51 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-06-10 15:51 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-06-10 00:26 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-06-10 00:26 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-06-10 00:23 - 2014-06-17 18:46 - 00000000 ____D () C:\Users\x\Desktop\LS13
2014-06-02 15:32 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-02 15:32 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
==================== One Month Modified Files and Folders =======
2014-06-26 22:51 - 2014-06-24 21:43 - 00021145 _____ () C:\Users\x\Desktop\FRST.txt
2014-06-26 22:51 - 2014-06-24 21:43 - 00000000 ____D () C:\FRST
2014-06-26 22:51 - 2013-01-13 11:25 - 00000000 ____D () C:\Users\x\Documents\Outlook-Dateien
2014-06-26 22:50 - 2014-06-26 22:50 - 00000750 _____ () C:\Users\x\Desktop\JRT.txt
2014-06-26 22:50 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 22:50 - 2009-07-14 06:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 22:48 - 2010-11-21 08:50 - 00704034 _____ () C:\Windows\system32\perfh007.dat
2014-06-26 22:48 - 2010-11-21 08:50 - 00151172 _____ () C:\Windows\system32\perfc007.dat
2014-06-26 22:48 - 2009-07-14 07:13 - 01633002 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-26 22:45 - 2014-06-26 22:45 - 01016261 _____ (Thisisu) C:\Users\x\Desktop\JRT.exe
2014-06-26 22:43 - 2014-06-26 22:43 - 00003816 _____ () C:\Users\x\Desktop\AdwCleaner[S0].txt
2014-06-26 22:43 - 2013-09-12 17:23 - 00000000 ____D () C:\Users\x\AppData\Roaming\Skype
2014-06-26 22:43 - 2013-01-12 13:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-26 22:43 - 2013-01-12 13:21 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 22:43 - 2013-01-08 12:35 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-26 22:43 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 22:43 - 2009-07-14 06:51 - 00220241 _____ () C:\Windows\setupact.log
2014-06-26 22:42 - 2014-05-13 15:57 - 00046778 _____ () C:\Windows\PFRO.log
2014-06-26 22:42 - 2013-01-12 13:04 - 01637567 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 22:41 - 2014-06-26 22:39 - 00000000 ____D () C:\AdwCleaner
2014-06-26 22:41 - 2013-01-12 13:22 - 00001291 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-26 22:41 - 2013-01-12 13:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-26 22:41 - 2013-01-12 13:17 - 00001010 _____ () C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-06-26 22:39 - 2014-06-26 22:39 - 01342659 _____ () C:\Users\x\Desktop\adwcleaner_3.213.exe
2014-06-26 22:38 - 2014-06-26 22:38 - 00001977 _____ () C:\Users\x\Desktop\MBAM.txt
2014-06-26 22:31 - 2014-06-26 22:31 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-26 22:31 - 2014-06-26 22:31 - 00001115 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-26 22:31 - 2014-06-26 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-26 22:31 - 2014-06-26 22:31 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-26 22:14 - 2013-01-12 13:21 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 22:11 - 2013-01-12 13:21 - 00001114 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-26 22:01 - 2014-06-26 18:40 - 00000000 ____D () C:\Users\x\Documents\My Games
2014-06-26 18:45 - 2011-04-27 14:40 - 00004034 _____ () C:\Windows\DirectX.log
2014-06-26 18:42 - 2014-06-26 18:42 - 00000926 _____ () C:\Users\x\Desktop\Landwirtschafts Simulator 2013 .lnk
2014-06-26 18:42 - 2014-06-26 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2013
2014-06-26 18:35 - 2013-09-19 15:35 - 00000000 ____D () C:\Users\x\Desktop\Neuer Ordner (2)
2014-06-26 16:08 - 2013-05-27 16:08 - 00000670 _____ () C:\Windows\Tasks\hpwebreg_CN16I3305C05MQ.job
2014-06-25 21:30 - 2014-06-25 21:17 - 00028390 _____ () C:\ComboFix.txt
2014-06-25 21:17 - 2014-06-25 20:59 - 00000000 ____D () C:\Qoobox
2014-06-25 21:07 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-25 20:57 - 2014-06-25 20:57 - 05211571 ____R (Swearware) C:\Users\x\Desktop\ComboFix.exe
2014-06-25 17:21 - 2013-11-06 07:18 - 00000000 ____D () C:\Users\x\Desktop\Konto
2014-06-25 15:51 - 2014-06-25 15:51 - 00000000 ____D () C:\Users\x\Neuer Ordner (2)
2014-06-25 15:51 - 2013-01-12 13:15 - 00000000 ____D () C:\Users\x
2014-06-24 21:58 - 2014-06-24 21:44 - 00039973 _____ () C:\Users\x\Desktop\Addition.txt
2014-06-24 21:43 - 2014-06-24 21:43 - 02082816 _____ (Farbar) C:\Users\x\Desktop\FRST64.exe
2014-06-24 20:05 - 2014-06-24 20:05 - 00033352 _____ () C:\Users\x\Desktop\121.txt
2014-06-24 19:33 - 2013-01-12 13:21 - 00000000 ____D () C:\Program Files\Google
2014-06-24 19:33 - 2013-01-12 13:21 - 00000000 ____D () C:\Program Files (x86)\Google
2014-06-24 19:32 - 2014-06-15 09:17 - 00000000 ____D () C:\ProgramData\Google
2014-06-24 19:32 - 2013-01-12 13:21 - 00000000 ____D () C:\Users\x\AppData\Local\Google
2014-06-24 19:28 - 2014-06-24 19:28 - 00000000 ____D () C:\Users\x\AppData\Local\14524
2014-06-24 16:07 - 2014-06-21 21:51 - 00000000 ____D () C:\Users\x\Desktop\MAP
2014-06-24 00:46 - 2014-01-05 00:54 - 00000000 ____D () C:\Users\x\Desktop\Ford
2014-06-24 00:23 - 2014-06-15 09:18 - 00000000 ____D () C:\Users\x\AppData\Roaming\Google
2014-06-22 18:45 - 2014-05-17 11:05 - 00000000 ____D () C:\Users\x\AppData\Roaming\TS3Client
2014-06-22 13:18 - 2013-01-12 15:37 - 00000000 ____D () C:\Users\x\AppData\Local\CrashDumps
2014-06-22 07:56 - 2013-01-12 13:18 - 00109232 _____ () C:\Users\x\AppData\Local\GDIPFONTCACHEV1.DAT
2014-06-22 07:55 - 2009-07-14 06:45 - 00416376 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-06-21 21:49 - 2014-06-21 21:49 - 00001111 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-06-21 21:49 - 2014-06-21 21:49 - 00001099 _____ () C:\Users\Public\Desktop\TeamViewer 9.lnk
2014-06-21 21:49 - 2013-01-12 13:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-06-21 19:22 - 2014-06-21 19:19 - 464729106 _____ () C:\Users\x\Downloads\all_mods_download (1).zip
2014-06-21 19:11 - 2014-06-21 19:11 - 17131656 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\MBTrac1600Turbo.exe
2014-06-21 19:09 - 2014-06-21 19:09 - 31898240 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\UnimogU1200_U1600.exe
2014-06-20 16:05 - 2013-01-12 13:21 - 00004110 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-20 16:05 - 2013-01-12 13:21 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 21:44 - 2014-06-19 21:41 - 453302040 _____ (GIANTS Software GmbH) C:\Users\x\Downloads\FarmingSimulator2013TitaniumAddon_v1.0.5.exe
2014-06-19 20:28 - 2014-06-19 20:28 - 03554868 _____ () C:\Users\x\Downloads\savegame1.zip
2014-06-19 20:24 - 2014-06-19 20:24 - 00000000 ____D () C:\Users\x\AppData\Local\Overwolf
2014-06-19 20:23 - 2014-06-19 20:22 - 403688302 _____ () C:\Users\x\Downloads\all_mods_download.zip
2014-06-17 18:46 - 2014-06-10 00:23 - 00000000 ____D () C:\Users\x\Desktop\LS13
2014-06-17 07:17 - 2014-06-17 07:17 - 00000000 ____D () C:\Users\x\AppData\Local\Adobe
2014-06-15 09:17 - 2013-01-12 13:21 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-06-15 09:17 - 2013-01-12 13:21 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-06-15 09:17 - 2013-01-12 13:21 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-06-12 15:22 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-06-12 00:49 - 2013-08-15 00:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:49 - 2011-04-27 13:44 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-12 00:48 - 2014-05-06 17:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 00:48 - 2013-01-13 11:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-09 07:38 - 2014-04-27 16:27 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-09 07:38 - 2013-09-12 17:23 - 00000000 ____D () C:\ProgramData\Skype
2014-06-08 14:11 - 2013-07-22 23:06 - 00000000 ____D () C:\Users\x\Desktop\Jeppesen
2014-06-08 11:13 - 2014-06-11 16:51 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:09 - 2013-01-12 13:59 - 00000000 _____ () C:\Users\x\AppData\Roaming\FileOut.cns
2014-06-08 11:09 - 2013-01-12 13:59 - 00000000 _____ () C:\Users\x\AppData\Roaming\FileIn.cns
2014-06-08 11:08 - 2014-06-11 16:51 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-02 15:32 - 2013-01-08 12:34 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-05-30 12:21 - 2014-06-11 16:52 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-11 16:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-11 16:52 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-11 16:52 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-11 16:52 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-11 16:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-11 16:52 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-11 16:52 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-11 16:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-11 16:52 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-11 16:52 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-11 16:52 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-11 16:52 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-11 16:52 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-11 16:52 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-11 16:52 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-11 16:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-11 16:52 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-11 16:52 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-11 16:52 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-11 16:52 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-11 16:52 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-11 16:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-11 16:52 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-11 16:52 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-11 16:52 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-11 16:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-11 16:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-11 16:52 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-11 16:52 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-11 16:52 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-11 16:52 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-11 16:52 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-11 16:52 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-11 16:52 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-11 16:52 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-11 16:52 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-11 16:52 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-11 16:52 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-11 16:52 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-11 16:52 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-11 16:52 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-11 16:52 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-11 16:52 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-11 16:52 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-11 16:52 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-11 16:52 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-11 16:52 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-11 16:52 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-11 16:52 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-11 16:52 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-30 01:07 - 2014-06-02 15:32 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-05-30 01:07 - 2014-06-02 15:32 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-05-30 01:07 - 2013-10-29 07:26 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-05-30 01:07 - 2013-10-29 07:26 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-05-28 18:32 - 2014-02-23 10:17 - 00000000 ____D () C:\Users\x\Desktop\U23
2014-05-27 08:13 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\x\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-18 01:25
==================== End Of Log ============================
Gruß Michael |
|
27.06.2014, 13:46
| #8 |
| /// the machine /// TB-Ausbilder | Avast meldet alle 15 minuten URL:Mal InfektionESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 16:30
| #9 |
| | Avast meldet alle 15 minuten URL:Mal Infektion HI, das Problem mit dem Avast ist weg, aber was ist mit den 12 Dateien die jetzt Eset gefunden hat ? Sonnst sind keine Probleme mehr da hier die 2 Logs: Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=7eea590d202c9741b59cf1acb3d37d53
# engine=18917
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-06-27 03:18:50
# local_time=2014-06-27 05:18:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 251115 168302820 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 10128 155512180 0 0
# scanned=1589547
# found=12
# cleaned=0
# scan_time=4827
sh=9B65A06B630598916A1574E7A16201AAF04B430D ft=1 fh=afff72e543a80d66 vn="Win32/InstallCore.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FLV Player\FLVPlayer.exe"
sh=F21E26D3CA78403ED77A2D0C465BD3BF4A67B777 ft=1 fh=878964870df83fcd vn="Variante von Win32/Amonetize.AX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\14524\a4634.exe"
sh=A8A5083AFF253683D27E202DBA983C038DDA2A65 ft=1 fh=885e6ada0c0f3ab2 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\xx\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000000"
sh=8465E36C59A6E75AEF5C0E7F8C83C5CC1846C873 ft=1 fh=fc9007c1130ffc56 vn="Win32/DomaIQ.BA evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\004\t\00\00000001"
sh=1ADB2C1243CE0C3568D434AF3B7430A2C6F5D164 ft=1 fh=0fb5fcb428a4c356 vn="Variante von Win32/DomaIQ.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\006\t\00\00000000"
sh=4D633F8D2B410EFE1F91AB5A77E441C35C52C938 ft=1 fh=efd8f5c07568aa69 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\008\t\00\00000000"
sh=418BB7A98C8B338F48B1693709ED8212B553347D ft=1 fh=d4dbcb4558080b9f vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\009\t\00\00000002"
sh=678AB9074EE42EC88D79CFAB674B965E673227A9 ft=1 fh=83a65bbc58080b9f vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\010\t\00\00000000"
sh=5684522CD391ABB6D47418064DA9282DF227A079 ft=1 fh=9f39d62058080b9f vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\011\t\00\00000000"
sh=131F04C4CD60E92EB2CE6C1BB0B55EDFFA5A59C4 ft=1 fh=da43eef7f2bf3fb6 vn="Variante von Win32/DomaIQ.BG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\AppData\Local\Google\Chrome\User Data\Default\File System\012\t\00\00000000"
sh=B21D8548E27B23C5CA4CC7F045287A5FBBF15618 ft=1 fh=4621e847e69fd955 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\Desktop\Wichtig\iLividSetup-r287-n-bc.exe"
sh=B21D8548E27B23C5CA4CC7F045287A5FBBF15618 ft=1 fh=4621e847e69fd955 vn="Variante von Win32/iLivid.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\x\Desktop\Wichtig\iLividSetup-r394-n-bc.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 55
Adobe Flash Player 13.0.0.214
Adobe Reader XI
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
28.06.2014, 13:48
| #10 |
| /// the machine /// TB-Ausbilder | Avast meldet alle 15 minuten URL:Mal Infektion Und der Rest von oben? Revo Uninstaller - Download - Filepony damit Chrome deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.google.com/chrome/answer/3296214?hl=de
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avast meldet alle 15 minuten URL:Mal Infektion |
| 5 minuten, angezeigt, avast, blockiert, gestern, infektion, melde, meldet, minute, minuten, publisher, pup.optional.superfish.a, pup.optional.webssearches.a, url:mal, win32/amonetize.ax, win32/domaiq.az, win32/domaiq.ba, win32/domaiq.bg, win32/ilivid.a, win32/installcore.a |
WARNUNG an die MITLESER: 
Linear-Darstellung
