|
Log-Analyse und Auswertung: Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..."Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.07.2014, 19:38 | #16 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Jup....... ESET dauert lange...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.07.2014, 11:29 | #17 |
| Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Moinsän,
__________________musste das sogar über Nacht laufen lassen. Da stand zwar abgeschlossener Vorgang aber der Laptop war heut morgen aus. Hier die, der, das Log von Eset: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=80fd274e3242c04a86d060fe519aabb3 # engine=18992 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-03 12:15:04 # local_time=2014-07-03 02:15:04 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 22429 130184718 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 20829761 155976354 0 0 # scanned=349138 # found=29 # cleaned=0 # scan_time=20681 sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir" sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir" sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir" sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir" sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir" sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir" sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir" sh=75F4A06A0290B613622C7E10E3B05EE0525C1481 ft=1 fh=e7b99738d4ab1513 vn="MSIL/AdvancedSystemProtector.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\System Speedup\systweakasp.exe.vir" sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AD evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir" sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=16068B8977B4DC562AE782D91BC009472667E331 ft=1 fh=c3b5a87b7d152749 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Local\Temp\OCS\ocs_v71a.exe.vir" sh=247AA1A2895A677D12E4CB35DDCFD9E7CF649760 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\18c3bc7a-b2aa-43c1-885a-665d2f25cf89@d6802e59-3519-4428-bef7-bce888d550bb.com\extensionData\plugins\91.js.vir" sh=247AA1A2895A677D12E4CB35DDCFD9E7CF649760 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\f80af4ec-42b9-429d-99b0-4078ec7cf864@44882d20-8865-4b13-b79e-ae8470d9a955.com\extensionData\plugins\91.js.vir" sh=3191611ECBDEF87FB6079264FF07AD2087620554 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com\extensionData\plugins\91.js.vir" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/Packed.VMProtect.AAA Trojaner" ac=I fn="C:\Joe\Images\Dirt3\sr-dirt3.iso" sh=BD1F64FAD123964030CD0D58AE65F8E51514DBAE ft=1 fh=4ce0876a42f2e9b6 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Joe\Programme\CCleaner - CHIP-Downloader.exe" sh=F1EFF6451CED129C0E5C0A510955F234A01158A0 ft=1 fh=332b4278a72373e2 vn="Variante von Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Joe\Programme\Unlocker1.9.2.exe" sh=D9D511307464AA58675941565A23254BA53FD2DC ft=1 fh=47f3511eb4ee4c12 vn="Variante von Win32/Kryptik.BODD Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\3wfltz8.dss.vir" sh=46C1319EE38510C365A4226621DE30BDF7E462FF ft=1 fh=662930a683ab766b vn="Win64/Conedex.C Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000004.@.vir" sh=A065922E48E274F827BC8A04091A44632D498373 ft=1 fh=f3684398a5f5cf1b vn="Win64/Conedex.I Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\00000008.@.vir" sh=810E28D4E7B28D658DC48A82F0C65B46149AAE89 ft=1 fh=120d32a29875bbd8 vn="Win64/Conedex.B Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\000000cb.@.vir" sh=C7EA4E12ED380165FAC4E1AE2A8B764F6A61327E ft=1 fh=0daf92794ff3c3d1 vn="Variante von Win64/Sirefef.BJ Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000000.@.vir" sh=27225F67A70DCCAF067E83B899BE159595301FF6 ft=1 fh=cb86aa94e5ee7d17 vn="Variante von Win32/Sirefef.GC Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000032.@.vir" sh=9BD8ECE8181FA59934F263DD433E6F8043B52459 ft=1 fh=c2a5b334ddc1d0c1 vn="Variante von Win64/Sirefef.AZ Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Local\Google\Desktop\Install\{d41ae97b-10e3-c648-1caf-041ba960838a}\2E2F~1\28F0~1\E628~1\{d41ae97b-10e3-c648-1caf-041ba960838a}\U\80000064.@.vir" sh=552184A4E7F51ABBCB2421D22BD5BF5E8846BB86 ft=1 fh=4382aa97147ef0ec vn="Win32/LockScreen.AQD Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\Users\Joe\AppData\Roaming\cache.dat.vir" sh=FD942573716CE74025AB21FC97F68BCE4DCC405F ft=1 fh=8163034171d57f79 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Joe\Downloads\ashampoo_home_designer_1.0.0_7591.exe" sh=31048732171730E332CF83C59A1E9C8F87FE9D9B ft=1 fh=69d728c96126b483 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Joe\Downloads\ashampoo_photo_optimizer_4_4.0.3_12123.exe" sh=81F2F4A73EDBAA245B680095A7DAC456DBE90A42 ft=0 fh=0000000000000000 vn="Variante von MSIL/FakeTool.HK Trojaner" ac=I fn="C:\Users\Joe\Downloads\Top Eleven Hack v.2.70.zip" sh=FBB73EDC3D95BB5F4C6DD320B026622ABC503971 ft=1 fh=ee89828fae9f150e vn="Win32/TopMedia.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Joe\Downloads\vshare-plugin.exe" FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-07-2014 Ran by Joe (administrator) on JOE´S-PC on 03-07-2014 07:52:02 Running from C:\Users\Joe\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe () C:\Windows\SysWOW64\PnkBstrB.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Sierra Wireless, Inc.) C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (SanDisk Corporation) C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PWRISOVM.EXE] => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [336992 2012-12-09] (Power Software Ltd) HKU\S-1-5-21-2168211459-3127497666-3910615475-1000\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation) HKU\S-1-5-21-2168211459-3127497666-3910615475-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SansaDispatch] => C:\Users\Joe\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2014-03-14] (SanDisk Corporation) ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x01ED3657BBCCCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - DefaultScope value is missing. BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\system32\mscoree.dll (Microsoft Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) BHO-x32: Citavi Picker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{2EDCA1BE-6DA2-4813-BAD2-BB8E3AA6EE10}: [NameServer]139.7.30.125 139.7.30.126 Tcpip\..\Interfaces\{AF2A3D51-91A7-4FCA-AED4-CF72E6F4B1D9}: [NameServer]139.7.30.126 139.7.30.125 Tcpip\..\Interfaces\{B5127C26-120D-45E9-9400-A2380AAA4DC5}: [NameServer]139.7.30.126 139.7.30.125 FireFox: ======== FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default FF SelectedSearchEngine: Google FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @java.com/DTPlugin,version=10.7.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc) FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation) FF SearchPlugin: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\searchplugins\leo-deu-eng.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml FF Extension: DoNotTrackMe: Online Privacy Protection - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\donottrackplus@abine.com [2014-07-02] FF Extension: ProxTube - Unblock YouTube - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\ich@maltegoetz.de [2014-05-23] FF Extension: YouTube Unblocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\youtubeunblocker@unblocker.yt [2014-05-23] FF Extension: Adblock Plus Pop-up Addon - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-05-13] FF Extension: Boost - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\boost@boost.net.xpi [2014-05-16] FF Extension: Grooveshark Unlocker - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\groovesharkUnlocker@overlord1337.xpi [2012-01-30] FF Extension: NASA Night Launch - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\nasanightlaunch@example.com.xpi [2012-12-03] FF Extension: vshare Add-On - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\iu55mij3.default\Extensions\{dd05fd3d-18df-4ce4-ae53-e795339c5f01}.xpi [2011-09-10] FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Optimization Client\addon FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-06-23] FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Joe\AppData\Roaming\13001.028 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1028688 2014-07-01] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2013-11-20] () S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed] S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-04-21] () R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [214520 2014-04-21] () R2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [317296 2011-06-24] (Sierra Wireless, Inc.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2013-11-20] (Intel® Corporation) S2 VmbService; "C:\Program Files (x86)\Vodafone\Vodafone Mobile Broadband\Bin\VmbService.exe" [X] ==================== Drivers (Whitelisted) ==================== R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-11-02] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG) S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [422400 2012-04-20] (Huawei Technologies Co., Ltd.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-11-02] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-06-12] (NetFilterSDK.com) S3 catchme; \??\C:\ComboFix\catchme.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-02 20:27 - 2014-07-02 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-02 20:25 - 2014-07-02 20:25 - 02347384 _____ (ESET) C:\Users\Joe\Desktop\esetsmartinstaller_deu.exe 2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt 2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt 2014-07-02 16:55 - 2014-07-03 02:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-02 16:55 - 2014-07-02 17:29 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 16:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-02 16:55 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-02 16:55 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-07-02 16:53 - 2014-07-02 16:54 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt 2014-07-02 15:47 - 2014-07-02 16:17 - 00000000 ____D () C:\Qoobox 2014-07-02 15:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-02 15:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-02 15:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-02 15:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-02 15:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-02 15:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-02 15:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-02 15:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-02 15:46 - 2014-07-02 16:13 - 00000000 ____D () C:\Windows\erdnt 2014-07-02 15:44 - 2014-07-02 15:45 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe 2014-07-02 14:54 - 2014-07-02 14:55 - 00000000 ____D () C:\AdwCleaner 2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe 2014-07-02 14:42 - 2014-07-02 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone 2014-07-02 14:03 - 2014-07-02 14:04 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable 2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip 2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt 2014-07-02 08:59 - 2014-07-03 07:52 - 00016133 _____ () C:\Users\Joe\Desktop\FRST.txt 2014-07-02 08:59 - 2014-07-03 07:52 - 00000000 ____D () C:\FRST 2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe 2014-07-02 08:36 - 2014-07-02 13:26 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup 2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk 2014-07-01 22:43 - 2014-07-02 18:32 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3 2014-07-01 22:18 - 2014-07-02 08:14 - 00000000 ____D () C:\Users\Joe\Desktop\Anti 2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798} 2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com 2014-07-01 16:19 - 2014-07-02 19:20 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-07-01 16:19 - 2014-07-01 16:26 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-06-30 15:17 - 2014-06-30 15:18 - 00008990 _____ () C:\Windows\DPINST.LOG 2014-06-30 15:17 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Intel 2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-06-24 22:01 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\Windows\system32\CNMLMAT.DLL 2014-06-24 22:01 - 2011-03-31 10:07 - 00302080 _____ (CANON INC.) C:\Windows\system32\CNC_ATC.dll 2014-06-24 22:01 - 2011-03-31 10:06 - 00112128 _____ (CANON INC.) C:\Windows\system32\CNC_ATI.dll 2014-06-24 22:01 - 2011-03-30 12:55 - 00373248 _____ (CANON INC.) C:\Windows\system32\CNC_ATL.dll 2014-06-24 22:01 - 2010-11-12 11:13 - 00068096 _____ () C:\Windows\system32\CNC1754D.TBL 2014-06-24 22:01 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll 2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar 2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software 2014-06-23 18:24 - 2014-07-02 18:44 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4 2014-06-23 18:24 - 2014-06-23 18:28 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software 2014-06-23 18:21 - 2014-06-23 18:22 - 00000000 ____D () C:\ProgramData\Swiss Academic Software 2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk 2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4 2014-06-23 18:20 - 2014-06-23 18:21 - 00000000 ____D () C:\Program Files (x86)\Citavi 4 2014-06-23 18:14 - 2014-06-23 18:15 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe 2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys 2014-06-11 19:27 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-11 19:27 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-11 19:27 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-11 19:27 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-11 19:27 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-11 19:27 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-11 19:27 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-11 19:27 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-11 19:27 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-11 19:27 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-11 19:27 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-11 19:27 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-11 19:27 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-11 19:27 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-11 19:27 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-11 19:27 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-11 19:27 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-11 19:27 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-11 19:27 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-11 19:27 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-11 19:27 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-11 19:27 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-11 19:27 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-11 19:27 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-11 19:27 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-11 19:27 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-11 19:27 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-11 19:27 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-11 19:27 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-11 19:27 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-11 19:27 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-11 19:27 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-11 19:27 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-11 19:27 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-11 19:27 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-11 19:27 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-11 19:27 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-11 19:27 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-11 19:27 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-11 19:27 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-11 19:27 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-11 19:27 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-11 19:27 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-11 19:27 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-11 19:27 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-11 19:27 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-11 19:27 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-11 19:27 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-11 19:27 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-11 19:27 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-11 19:27 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-11 19:27 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-11 19:27 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-11 19:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-11 19:27 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-11 19:27 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-11 19:27 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-11 19:27 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-11 19:27 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-11 19:27 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-11 19:27 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-11 19:27 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-11 19:25 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-11 19:25 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe ==================== One Month Modified Files and Folders ======= 2014-07-03 07:52 - 2014-07-02 08:59 - 00016133 _____ () C:\Users\Joe\Desktop\FRST.txt 2014-07-03 07:52 - 2014-07-02 08:59 - 00000000 ____D () C:\FRST 2014-07-03 07:48 - 2012-02-15 16:04 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-03 07:31 - 2012-07-10 10:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-03 07:31 - 2011-07-15 18:18 - 01053135 _____ () C:\Windows\WindowsUpdate.log 2014-07-03 02:24 - 2014-07-02 16:55 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-03 00:48 - 2012-02-15 16:04 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-02 20:27 - 2014-07-02 20:27 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-07-02 20:25 - 2014-07-02 20:25 - 02347384 _____ (ESET) C:\Users\Joe\Desktop\esetsmartinstaller_deu.exe 2014-07-02 20:23 - 2009-07-14 12:57 - 00699682 _____ () C:\Windows\system32\perfh007.dat 2014-07-02 20:23 - 2009-07-14 12:57 - 00149790 _____ () C:\Windows\system32\perfc007.dat 2014-07-02 20:23 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-02 19:37 - 2014-02-12 21:14 - 00005128 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC 2014-07-02 19:28 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-02 19:28 - 2009-07-14 06:45 - 00015360 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-02 19:20 - 2014-07-01 16:19 - 00000008 __RSH () C:\ProgramData\ntuser.pol 2014-07-02 19:20 - 2013-12-19 08:39 - 00030123 _____ () C:\Windows\setupact.log 2014-07-02 19:20 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-02 19:18 - 2014-01-08 08:36 - 00286912 _____ () C:\Windows\PFRO.log 2014-07-02 19:15 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-07-02 18:44 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\Documents\Citavi 4 2014-07-02 18:32 - 2014-07-01 22:43 - 00000000 ____D () C:\Program Files (x86)\CB78F643-3729-434F-8C25-F28D15F025F3 2014-07-02 17:34 - 2014-07-02 17:34 - 00013981 _____ () C:\Users\Joe\Desktop\ANTI-Malware2.txt 2014-07-02 17:32 - 2014-07-02 17:32 - 00001254 _____ () C:\Users\Joe\Desktop\ANTI-Malware.txt 2014-07-02 17:29 - 2014-07-02 16:55 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-02 16:55 - 2014-07-02 16:55 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-02 16:55 - 2014-07-02 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-02 16:54 - 2014-07-02 16:53 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Joe\Desktop\mbam-setup-2.0.2.1012.exe 2014-07-02 16:40 - 2011-07-15 19:58 - 00118928 _____ () C:\Users\Joe\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-02 16:17 - 2014-07-02 15:47 - 00000000 ____D () C:\Qoobox 2014-07-02 16:17 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-07-02 16:16 - 2014-07-02 16:16 - 00029961 _____ () C:\ComboFix.txt 2014-07-02 16:13 - 2014-07-02 15:46 - 00000000 ____D () C:\Windows\erdnt 2014-07-02 16:04 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-07-02 15:45 - 2014-07-02 15:44 - 05212874 ____R (Swearware) C:\Users\Joe\Desktop\ComboFix.exe 2014-07-02 15:40 - 2012-05-30 02:36 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-07-02 15:40 - 2011-07-15 18:53 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-02 14:57 - 2009-07-14 06:45 - 00467512 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-02 14:55 - 2014-07-02 14:54 - 00000000 ____D () C:\AdwCleaner 2014-07-02 14:55 - 2011-07-15 18:45 - 00001025 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-07-02 14:55 - 2011-07-15 18:45 - 00001013 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-07-02 14:55 - 2011-07-15 18:39 - 00000985 _____ () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-07-02 14:52 - 2014-07-02 14:52 - 01342659 _____ () C:\Users\Joe\Desktop\adwcleaner_3.213.exe 2014-07-02 14:44 - 2014-07-02 14:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vodafone 2014-07-02 14:42 - 2013-09-12 16:36 - 00000000 ____D () C:\ProgramData\Vodafone 2014-07-02 14:04 - 2014-07-02 14:03 - 00000000 ____D () C:\Users\Joe\Desktop\revouninstaller-portable 2014-07-02 14:01 - 2014-07-02 14:01 - 03007700 _____ () C:\Users\Joe\Desktop\revouninstaller.zip 2014-07-02 13:26 - 2014-07-02 08:36 - 00003132 _____ () C:\Windows\System32\Tasks\System Speedup 2014-07-02 09:01 - 2014-07-02 09:01 - 00054018 _____ () C:\Users\Joe\Desktop\Addition.txt 2014-07-02 08:59 - 2014-07-02 08:59 - 02083840 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe 2014-07-02 08:35 - 2014-07-02 08:35 - 00001038 _____ () C:\Users\Public\Desktop\System Speedup.lnk 2014-07-02 08:14 - 2014-07-01 22:18 - 00000000 ____D () C:\Users\Joe\Desktop\Anti 2014-07-01 16:33 - 2014-07-01 16:33 - 00003164 _____ () C:\Windows\System32\Tasks\{908B9EC9-1106-4C32-A877-84E0562A3798} 2014-07-01 16:26 - 2014-07-01 16:19 - 00000000 ____D () C:\ProgramData\TEMP 2014-07-01 16:24 - 2013-11-04 15:45 - 00000000 ____D () C:\Windows\uninstall 2014-07-01 16:22 - 2014-07-01 16:22 - 00000000 ____D () C:\Users\Joe\AppData\Local\com 2014-07-01 16:19 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-07-01 14:33 - 2013-08-08 00:27 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2014-06-30 15:19 - 2014-06-30 15:19 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Intel 2014-06-30 15:19 - 2011-07-15 18:38 - 00000000 ____D () C:\Users\Joe 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\ProgramData\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files\Common Files\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-06-30 15:18 - 2014-06-30 15:18 - 00000000 ____D () C:\Program Files (x86)\Cisco 2014-06-30 15:18 - 2014-06-30 15:17 - 00008990 _____ () C:\Windows\DPINST.LOG 2014-06-30 15:18 - 2014-06-30 15:17 - 00000000 ____D () C:\Program Files\Intel 2014-06-30 15:17 - 2014-06-30 15:17 - 00000000 ____D () C:\ProgramData\Package Cache 2014-06-25 19:18 - 2009-07-14 13:20 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-06-25 07:38 - 2012-03-31 22:17 - 00000000 ____D () C:\Users\Joe\Desktop\Bachelor-Thesis 2014-06-23 18:28 - 2014-06-23 18:28 - 00000000 ____D () C:\ProgramData\Gibraltar 2014-06-23 18:28 - 2014-06-23 18:24 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Swiss Academic Software 2014-06-23 18:25 - 2014-06-23 18:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Swiss Academic Software 2014-06-23 18:22 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Swiss Academic Software 2014-06-23 18:21 - 2014-06-23 18:21 - 00001909 _____ () C:\Users\Public\Desktop\Citavi 4.lnk 2014-06-23 18:21 - 2014-06-23 18:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citavi 4 2014-06-23 18:21 - 2014-06-23 18:20 - 00000000 ____D () C:\Program Files (x86)\Citavi 4 2014-06-23 18:18 - 2013-09-12 16:34 - 00000000 ____D () C:\Users\Joe\AppData\Local\Downloaded Installations 2014-06-23 18:15 - 2014-06-23 18:14 - 88342536 _____ (Swiss Academic Software) C:\Users\Joe\Downloads\Citavi4Setup.exe 2014-06-20 00:43 - 2012-02-15 16:04 - 00004100 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-20 00:43 - 2012-02-15 16:04 - 00003848 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 11:18 - 2014-01-08 00:17 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-06-15 23:17 - 2014-01-08 09:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-06-15 23:16 - 2013-10-21 07:55 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-13 20:26 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-13 18:33 - 2012-06-24 20:37 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\dvdcss 2014-06-12 21:05 - 2014-06-12 21:05 - 00046376 _____ (NetFilterSDK.com) C:\Windows\system32\Drivers\netfilter64.sys 2014-06-12 00:03 - 2013-08-14 20:59 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-12 00:00 - 2012-01-07 01:54 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-11 23:56 - 2014-05-06 11:20 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-11 12:46 - 2014-02-13 00:09 - 00000000 ____D () C:\Users\Joe\Desktop\Programme 2014-06-11 12:45 - 2011-07-16 00:56 - 00000000 ____D () C:\Users\Joe\Desktop\Games 2014-06-11 12:44 - 2012-01-15 23:35 - 00000000 ____D () C:\Users\Joe\Desktop\FH 2014-06-08 11:13 - 2014-06-11 19:25 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 11:08 - 2014-06-11 19:25 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-03 23:01 - 2013-08-08 00:27 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2014-06-03 14:53 - 2014-06-03 14:53 - 00000000 ____D () C:\Users\Joe\AppData\Local\Adobe Some content of TEMP: ==================== C:\Users\Joe\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 00:51 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-07-2014 Ran by Joe at 2014-07-03 07:52:59 Running from C:\Users\Joe\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden Activision(R) (x32 Version: 1.00.0000 - Activision) Hidden Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Adobe Reader X (10.1.0) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated) Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.7.637 - Adobe Systems, Inc.) ANNO 1404 - Venedig (HKLM-x32\...\{A07B2C21-863B-47AB-AE7E-20BB00BD7D33}) (Version: 2.01.5010 - Ubisoft) ANNO 1404 (HKLM-x32\...\{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}) (Version: 1.02.0000 - Ubisoft) Anno 1404 (x32 Version: 1.00.0000 - Ubisoft) Hidden Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team) Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.450 - Avira) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Blur(TM) (HKLM-x32\...\InstallShield_{589A63D3-89E1-4D9B-8DBC-6039BB27289E}) (Version: 1.00.0000 - Activision) Borderlands 2 (HKLM-x32\...\Borderlands 2_is1) (Version: - ) Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.0 - Activision) Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.3 - Activision) Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 2 Patch 1.3 (x32 Version: 1.3 - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) (HKLM-x32\...\InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}) (Version: 1.7 - Activision) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: - ) Hidden Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden Call of Juarez - Bound in Blood (HKLM-x32\...\InstallShield_{FEFAF112-4DA8-479C-89E2-7DE25091711A}) (Version: 1.01.0000 - Ubisoft) Call of Juarez - Bound in Blood (x32 Version: 1.01.0000 - Ubisoft) Hidden Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - ) Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - ) Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - ) Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - ) Canon MG5300 series Benutzerregistrierung (HKLM-x32\...\Canon MG5300 series Benutzerregistrierung) (Version: - ) Canon MG5300 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5300_series) (Version: - ) Canon MG5300 series On-screen Manual (HKLM-x32\...\Canon MG5300 series On-screen Manual) (Version: - ) Canon MP Navigator EX 5.0 (HKLM-x32\...\MP Navigator EX 5.0) (Version: - ) Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: - ) Canon Solution Menu EX (HKLM-x32\...\CanonSolutionMenuEX) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.08 - Piriform) Citavi 4 (HKLM-x32\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software) CoH SGAMappack (HKLM-x32\...\{F7B034EF-7F81-4E7A-8D70-BBC0185D5701}_is1) (Version: 1.0 - Henry666) Command & Conquer 3 (HKLM-x32\...\{B0C30E93-D3D9-4F04-A2AC-54749B573275}) (Version: 1.00.0000 - Ihr Firmenname) Command & Conquer The First Decade (HKLM-x32\...\{66D6F3BD-CA23-41A4-9FA3-96B26B32528C}) (Version: 1.00.0000 - Electronic Arts) Command & Conquer™ 3: Kanes Rache (HKLM-x32\...\{CC2422C9-F7B5-4175-B295-5EC2283AA674}) (Version: 1.00.0000 - Ihr Firmenname) Company of Heroes - FAKEMSI (x32 Version: 2.0.0.0 - THQ Inc.) Hidden Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{2BC398D2-11C8-43B1-AB84-675D33EB28C2}) (Version: - Microsoft) DiRT2 Demo (HKLM-x32\...\{AE04B8FC-4CD9-4A94-BE8F-C2434470FB11}) (Version: 1.00.0000 - Codemasters) Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.1.0.0 - Ubisoft) Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.) EA Installer (HKLM-x32\...\EA Installer.581008153) (Version: 2.3.0.74 - Electronic Arts, Inc.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden Half-Life 2: Deathmatch (HKLM-x32\...\Steam App 320) (Version: - Valve) Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) How to Survive (HKLM-x32\...\How to Survive_is1) (Version: - ) Intel(R) PRO/Wireless Driver (Version: 16.07.0000.0730 - Intel Corporation) Hidden Intel® PROSet/Wireless Software (HKLM-x32\...\{440d014b-4444-4533-b96d-2910e1ca2bcf}) (Version: 16.7.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (Version: 16.7.0.0297 - Intel Corporation) Hidden JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation) Joint Operations: Typhoon Rising (HKLM-x32\...\{0325F1C1-883A-41AB-8981-B27359ABDFAF}) (Version: 1.00.0000 - ) Magic 2014 Demo (HKLM-x32\...\Steam App 213870) (Version: - Stainless Games) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE (HKLM-x32\...\{B45FABE7-D101-4D99-A671-E16DA40AF7F0}) (Version: 3.0.86.0 - Microsoft Corporation) Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{B578C85A-A84C-4230-A177-C5B2AF565B8C}) (Version: 3.0.17.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office 365 ProPlus - de-de (HKLM\...\O365ProPlusRetail - de-de) (Version: 15.0.4623.1003 - Microsoft Corporation) Microsoft Office 64-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Excel 2007 (HKLM-x32\...\EXCEL) (Version: 12.0.6612.1000 - Microsoft Corporation) Microsoft Office Excel 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office OSM MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden Microsoft Office Proofing Tools 2013 - English (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Proofing Tools 2013 - Italiano (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared 64-bit MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visio MUI (German) 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Visio Professional 2013 (HKLM-x32\...\Office15.VISPROR) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Visio Professional 2013 (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 13.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 13.0.1 (x86 de)) (Version: 13.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 13.0.1 - Mozilla) MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz) myPrintMileage (Officejet Pro 8000 A809) (HKLM-x32\...\{B10A30CF-CCFF-4056-9ABC-F8D42BDF141F}) (Version: 1.00.0000 - Hewlett-Packard) NVIDIA 3D Vision Controller Driver (x32 Version: 275.33 - NVIDIA Corporation) Hidden NVIDIA 3D Vision Controller-Treiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 275.33 - NVIDIA Corporation) NVIDIA Grafiktreiber 275.33 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 275.33 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.2.23.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.2.23.3 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.275.80.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.10.0514 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation) NVIDIA Systemsteuerung 275.33 (Version: 275.33 - NVIDIA Corporation) Hidden NVIDIA Update 1.3.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.3.5 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.3.5 - NVIDIA Corporation) Hidden Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4623.1003 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4623.1003 - Microsoft Corporation) Hidden OpenAL (HKLM-x32\...\OpenAL) (Version: - ) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) Outils de vérification linguistique 2013 de Microsoft Office*- Français (x32 Version: 15.0.4569.1506 - Microsoft Corporation) Hidden PDF24 Creator 5.7.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org) Photomizer (HKLM-x32\...\{A00F8237-F496-44D2-0001-E3CCF8CD58AE}) (Version: 1.3.12.723 - Engelmann Media GmbH) PowerISO (HKLM-x32\...\PowerISO) (Version: 5.5 - Power Software Ltd) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Rapture3D 2.3.26 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) Sansa Updater (HKCU\...\Sansa Updater) (Version: 1.406 - SanDisk Corporation) Secure Download Manager (HKLM-x32\...\{E98D115E-D621-4723-8AF0-147BADA9A466}) (Version: 3.1.40 - Kivuto Solutions Inc.) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{8D2E04ED-3350-4ECE-9D6E-3BC9A9A93A47}) (Version: - Microsoft) Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (x32 Version: - Microsoft) Hidden Shutdown Timer (HKLM\...\{373934DC-C16C-4CB5-83E2-1E5498CF99EC}) (Version: 3.0 - Sinvise Systems) Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SopCast 3.4.0 (HKLM-x32\...\SopCast) (Version: 3.4.0 - www.sopcast.com) Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve) Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft) swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore) Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore) Tom Clancy's Rainbow Six Vegas 2 (HKLM-x32\...\{FD416706-875C-4B0B-A23A-9E740DAE029E}) (Version: 1.00 - Ubisoft) Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT) Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_EXCEL_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft) Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0016-0000-0000-0000000FF1CE}_EXCEL_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.VISPROR_{071A9ED9-C72F-4CDA-9A88-F100C5EF9EE1}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.VISPROR_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.VISPROR_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version: - Microsoft) Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM-x32\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.VISPROR_{FE13BE31-2B5B-4D4E-8538-B3BB9B370C66}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft) Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0407-1000-0000000FF1CE}_Office15.VISPROR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft) Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM-x32\...\{90150000-002A-0000-1000-0000000FF1CE}_Office15.VISPROR_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft) Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft) Update for Microsoft Visio 2013 (KB2878322) 32-Bit Edition (HKLM-x32\...\{90150000-0054-0407-0000-0000000FF1CE}_Office15.VISPROR_{99298FA5-31E3-4F40-A6AF-021459F6F37D}) (Version: - Microsoft) Update for Microsoft Visio 2013 (KB2878322) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{99298FA5-31E3-4F40-A6AF-021459F6F37D}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft) Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM-x32\...\{91150000-0051-0000-0000-0000000FF1CE}_Office15.VISPROR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_EXCEL_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Veetle TV (HKLM-x32\...\Veetle TV) (Version: 0.9.19 - Veetle, Inc) VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN) Winamp (HKLM-x32\...\Winamp) (Version: 5.623 - Nullsoft, Inc) Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation) WinRAR Archivierer (HKLM-x32\...\WinRAR archiver) (Version: - ) Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision) Wolfenstein (x32 Version: 1.0 - Activision) Hidden ==================== Restore Points ========================= 03-07-2014 01:03:49 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:34 - 2014-07-02 16:01 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {07870BF4-0E26-4C8E-86A8-EAE8E86AB707} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-17] (Microsoft Corporation) Task: {083D9BF2-A350-46D7-A009-F0C3EB1CE756} - \APSnotifierPP1 No Task File <==== ATTENTION Task: {0FCD3A83-6424-4686-AFBB-94540C783304} - \System Speedup_UPDATES No Task File <==== ATTENTION Task: {1673B6C7-0D31-4DB8-A49B-C913C1DC7E2E} - \System Speedup_DEFAULT No Task File <==== ATTENTION Task: {3092BE9B-D7D2-4A9C-BDFF-01E3CB952A16} - \9ac29ed9-d605-445d-ab51-5460993c2e60-1 No Task File <==== ATTENTION Task: {32E1E90E-309E-408C-879D-579D822EFE5C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.) Task: {3C26D598-E2A5-49D8-BFD9-7F088132FC42} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-06-02] (Adobe Systems Incorporated) Task: {400F7083-CE3D-4B8D-B169-636D949B6FA1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-06-17] (Microsoft Corporation) Task: {4479D6A3-CE1F-4EA5-8AB8-C579B544D7AE} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-11 No Task File <==== ATTENTION Task: {46AFC184-84FE-429C-B0AD-56A420FD4C53} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-02-15] (Google Inc.) Task: {4E168A06-49B5-478C-A3EA-99AFA85691A2} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-1 No Task File <==== ATTENTION Task: {4F11DCD1-C5E0-4169-95DB-F74926ADB25E} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-10 No Task File <==== ATTENTION Task: {54614504-7C85-48AE-8262-816BE01CD976} - \7c0ceb46-411a-472a-9df7-f9c248bbe900-4 No Task File <==== ATTENTION Task: {71ADE8FB-0145-40C0-8564-96AC3927EE72} - \globalUpdateUpdateTaskMachineUA No Task File <==== ATTENTION Task: {7BD7C834-4B4A-43AF-81E3-E3E45576C408} - \9ac29ed9-d605-445d-ab51-5460993c2e60-4 No Task File <==== ATTENTION Task: {7D50953C-F3F1-4CD7-9F51-AE272B3658BB} - \9ac29ed9-d605-445d-ab51-5460993c2e60-5 No Task File <==== ATTENTION Task: {7F0CC97A-9B76-4A9A-9D05-BBB3B225AF30} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd) Task: {7F0EBBB2-AF1E-4974-8770-5259CAC5CB2C} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Joe´s-PC-Joe Joe´s-PC => C:\Program Files\Microsoft Office 15\root\Office15\MsoSync.exe [2014-06-17] (Microsoft Corporation) Task: {837C06CE-1F85-4ECD-9111-2F8978DE5D74} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-17] (Microsoft Corporation) Task: {84B76650-D83D-4F7E-AE0E-979648CD2404} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-05-13] (Microsoft Corporation) Task: {901BB7F9-FD93-47E8-ADDB-A176059B5DE8} - System32\Tasks\System Speedup => C:\Program Files (x86)\System Speedup\SystemSpeedup.exe Task: {A5BC3A41-C8AE-46DE-B3F0-3A7839D59E42} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-5 No Task File <==== ATTENTION Task: {B61F5613-C973-4E3C-98F9-B9E44F12DD92} - \globalUpdateUpdateTaskMachineCore No Task File <==== ATTENTION Task: {C4AF6F60-E02F-4FAC-A41A-E2B952F5BF2C} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-4 No Task File <==== ATTENTION Task: {C58BF484-6ACF-48E0-9856-A1297882A5A3} - \APSnotifierPP3 No Task File <==== ATTENTION Task: {D5A25039-6583-46E5-9769-C64293DD1D6D} - \APSnotifierPP2 No Task File <==== ATTENTION Task: {D6D6E326-0912-4FBE-91D6-F5516D9368D4} - \9ac29ed9-d605-445d-ab51-5460993c2e60-2 No Task File <==== ATTENTION Task: {E5E0EF1F-6593-49D1-9458-D5EEDB55901D} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-2 No Task File <==== ATTENTION Task: {EE6EFAEC-AC0D-493D-A712-FE6E34EB2EC2} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {F2A6CABF-5F81-4262-A8FD-D401ECFEF9D2} - \9ac29ed9-d605-445d-ab51-5460993c2e60-11 No Task File <==== ATTENTION Task: {F3A448AF-F7F0-49D2-939F-6C562F5874BF} - \29d989c7-1a71-4010-8cd0-9237e6a26eb4-3 No Task File <==== ATTENTION Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-03-15 19:19 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2011-10-28 23:00 - 2014-04-21 01:15 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2011-10-28 23:00 - 2014-04-21 01:14 - 00214520 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2011-07-15 18:45 - 2012-06-18 18:58 - 02042848 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-06-23 18:21 - 2014-01-28 07:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\ProgramData\TEMP:373E1720 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^Users^Joe^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: CanonSolutionMenuEx => C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon MSCONFIG\startupreg: Christmas Garland Light => C:\Users\Joe\Downloads\ChristmasGarlandLight.exe MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun MSCONFIG\startupreg: IJNetworkScannerSelectorEX => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Joe\Programme\Netzwerk online\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: PDFPrint => C:\Joe\Programme\PDF24\pdf24.exe MSCONFIG\startupreg: PWRISOVM.EXE => C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup MSCONFIG\startupreg: Steam => "C:\Joe\Games(install)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: WinampAgent => C:\Joe\Programme\Winamp\winampa.exe ==================== Faulty Device Manager Devices ============= Name: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20) Description: Realtek RTL8168D/8111D-Familie-PCI-E-Gigabit-Ethernet-NIC (NDIS 6.20) Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Realtek Service: RTL8167 Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: Description: Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft-Teredo-Tunneling-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device cannot start. (Code10) Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device. On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Basissystemgerät Description: Basissystemgerät Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (07/03/2014 07:46:45 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/03/2014 03:00:51 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Error: (07/03/2014 03:00:11 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 08:26:59 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 08:26:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 08:26:56 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 08:25:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 08:25:44 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (07/02/2014 03:40:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d6727a7 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6ca36c6a ID des fehlerhaften Prozesses: 0xeac Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0 Pfad der fehlerhaften Anwendung: explorer.exe1 Pfad des fehlerhaften Moduls: explorer.exe2 Berichtskennung: explorer.exe3 Error: (07/02/2014 02:46:48 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: ) Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer". Details: AddLegacyDriverFiles: Unable to back up image of binary Bytemobile Kernel Network Provider. System Error: Das System kann die angegebene Datei nicht finden. . System errors: ============= Error: (07/02/2014 09:17:49 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/02/2014 06:34:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst ZeroConfigService erreicht. Error: (07/02/2014 04:01:47 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/02/2014 04:01:43 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 5) (User: Joe´s-PC) Description: 0x8000002a34\??\c:\windows\erdnt\subs\software Error: (07/02/2014 04:01:23 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/02/2014 03:56:13 PM) (Source: Application Popup) (EventID: 1060) (User: ) Description: Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten. Error: (07/02/2014 03:52:36 PM) (Source: Service Control Manager) (EventID: 7030) (User: ) Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (07/02/2014 01:22:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (07/02/2014 01:22:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/02/2014 01:22:15 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht. Microsoft Office Sessions: ========================= Error: (11/07/2013 09:46:00 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: ) Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6683.5002, Microsoft Office Version: 12.0.6612.1000. This session lasted 3276 seconds with 1740 seconds of active time. This session ended with a crash. CodeIntegrity Errors: =================================== Date: 2014-07-02 15:56:13.287 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-07-02 15:56:13.147 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 46% Total physical RAM: 4078.07 MB Available physical RAM: 2163.79 MB Total Pagefile: 8154.32 MB Available Pagefile: 5976.49 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.66 GB) (Free:39.44 GB) NTFS Drive e: (CNC3KW) (CDROM) (Total:7.54 GB) (Free:0 GB) UDF Drive f: () (Removable) (Total:3.74 GB) (Free:3.68 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 1E6B5789) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: 06D8239B) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ |
03.07.2014, 11:56 | #18 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Hi,
__________________Downloade dir bitte Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ |
03.07.2014, 12:38 | #19 |
| Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." FSS: Code:
ATTFilter Farbar Service Scanner Version: 10-06-2014 Ran by Joe (administrator) on 03-07-2014 at 13:37:24 Running from "C:\Users\Joe\Desktop" Microsoft Windows 7 Professional Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log **** |
03.07.2014, 13:24 | #20 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Hi, was Du mit dem machst, ist Deine Sache... Code:
ATTFilter C:\Users\Joe\Downloads\Top Eleven Hack v.2.70.zip C:\Joe\Images\Dirt3\sr-dirt3.iso Desweiteren, prüfe mal Deine Firefox-Erweiterungen. Das dubiose Zeug braucht man doch nicht....Am besten ganz deinstallieren und neu anlegen. Aktuell ist Version 30! https://support.mozilla.org/de/kb/fi...einfach-loesen Flash-Link mit allen Browsern aufrufen. Flash aktualisieren. Optionale Angebote ablehnen. Java installieren. Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: Combofix-Deinstallation.
Alle Logs gepostet? Ja! Dann lade Dir bitte DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. >>clean<< Wir haben es geschafft! Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...und/oder das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. Wie kann ich mich in Zukunft besser schützen? Tipps, Dos & Don'ts Updates & Software
Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Firewall, Antivirus & Co.
Cracks, Downloads & Co. Neben unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch dubioser Websites kann bereits Risiken bergen. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten. Illegale Cracks, Keygens und Serials sind ein ausgesprochen einfacher und beliebter Weg um Malware zu verbreiten. Bei Dateien aus Peer-to-Peer- und Filesharingprogrammen oder von Filehostern kann man nie sicher sein, ob auch wirklich drin ist, was drauf steht. (Trojanisches Pferd^^)
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden zu verleiten, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Abschließend noch ein paar grundsätzliche Bemerkungen:
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
03.07.2014, 16:29 | #21 |
| Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Ups, hätte schwören können vorher was mit nem "Defogger" gemacht zu haben aber ich hab nochmal deine vorherigen Anweisungen gecheckt und nix gefunden. PowerISO läuft auch schon seit Gestern wieder im Hintergrund. Letzte sache noch Jürgen: Solange ich es nicht merke muss ich also auch keinen Defogger installieren? |
03.07.2014, 16:32 | #22 |
/// TB-Ausbilder /// Anleitungs-Guru | Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." Hi, wenn Du Defogger nicht wirksam gestartet hast, musst Du ihn auch nicht "deaktivieren". Deshalb steht ja "Falls" bei der Anweisung...
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
Themen zu Win7 64bit "Windows Version installer, Continue VuuPC Installation, MyPC Backup, Advanced System Protector,..." |
continue, hacktool.agent, msil/advancedsystemprotector.d, pup.optional.complitly.a, pup.optional.faststart.a, pup.optional.hdplus.a, pup.optional.mediaplayer.a, pup.optional.opencandy, pup.optional.qone8, pup.optional.remarkable.a, pup.optional.searchyah.a, pup.optional.suprasavings.a, pup.optional.vshareredir, pup.optional.weatheritup.a, pup.optional.wpm.a, riskware.tool.ck, trojan.0access, trojan.banker, trojan.fakems.ed, trojan.killav, win32/adware.yontoo.b, win32/elex.ad, win32/thinknice.a, win32/thinknice.b, win32/thinknice.c, win64/thinknice.a, windows version installer |