| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Merkwürdige E-Mails von der NSAWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.07.2014, 12:04
| #1 |
| |  Merkwürdige E-Mails von der NSA Guten Morgen, Ich habe hier ein etwas größeres Problem: Ich bekomme jeden Tag E-Mails vom Mail Delivery Subsystem, in denen geschrieben steht, dass eine E-Mail der nsa.gov nicht verschickt werden konnte. Der Inhalt, der meistens aus verschiedenen, gemischten Wörtern einer anderen Sprache besteht, sollte an beliebige E-Mail Adressen geschickt werden, die Ich nicht kenne. Ich bedanke mich jetzt schon und hoffe auf hilfreiche Antworten. Hier noch ein Foto der E-Mail:  Geändert von paul26601 (05.07.2014 um 12:11 Uhr) |
|
05.07.2014, 12:15
| #2 |
| /// the machine /// TB-Ausbilder    | Merkwürdige E-Mails von der NSA hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
05.07.2014, 12:33
| #3 |
| | Merkwürdige E-Mails von der NSA FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014
Ran by Paul (administrator) on PAUL-PC on 05-07-2014 13:29:03
Running from C:\Users\Paul\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Wajam) C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Facebook Inc.) C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Smartbar) C:\Users\Paul\AppData\Local\Smartbar\Application\QuickShare.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProSmartScan.exe
(PC Utilities Pro) C:\Program Files (x86)\Optimizer Pro\OptProReminder.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
(Iminent) C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcMon.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-05-27] (Egis Technology Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11474024 2010-10-05] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-05-27] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\Acer Arcade Deluxe\MediaEspresso\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ArcadeMovieService] => C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe [419112 2010-12-01] (CyberLink Corp.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [620136 2011-01-19] ()
HKLM-x32\...\Run: [BrMfcWnd] => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Iminent] => C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
HKLM-x32\...\Run: [IminentMessenger] => C:\Program Files (x86)\Iminent\Iminent.Messengers.exe [884784 2013-05-13] (Iminent)
HKLM-x32\...\Run: [ApnTBMon] => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [EA Core] => "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [Facebook Update] => C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2013-03-16] (Facebook Inc.)
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134104 2013-02-01] (PC Utilities Pro)
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [Dulycuaxc] => C:\Users\Paul\AppData\Roaming\Qorus\ovbu.exe
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [lollipop] => "c:\users\paul\appdata\local\lollipop\lollipop.exe" lollipop
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [Browser Infrastructure Helper] => C:\Users\Paul\AppData\Local\Smartbar\Application\QuickShare.exe [26904 2014-03-09] (Smartbar)
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\Run: [gqqistb] => regsvr32.exe "
HKU\S-1-5-21-3145083249-3314839790-1771552646-1000\...\MountPoints2: {b2250652-15e1-11df-89e3-806e6f6e6963} - E:\Autorun.exe
ShellIconOverlayIdentifiers: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: egisPSDP -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll (Egis Technology Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6PoL1Uu225WCA-QheaE6icPo2y8iBzY0DgHhC-SkCfzCXFHQQs0kFfeRplLahWZ4,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6Mvhj6VYmqNQzbIyc469htzEiDj-xcc3v3irifABRoQfNlw-0kLaQGUEvF6JCp1c,
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6PoL1Uu225WCA-QheaE6icPo2y8iBzY0DgHhC-SkCfzCXFHQQs0kFfeRplLahWZ4,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,BrowserMngr Start Page = hxxp://search.babylon.com/?affID=110823&tl=gcn27903&tt=120912_pcp_3912_7&babsrc=HP_ss&mntrId=be5e2604000000000000c89cdc2ab7c4
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = https://www.google.de/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://mysearch.sweetpacks.com/?src=10&st=12&crg=3.5000006.10053&barid={7B2896D5-F45E-11E2-9B31-C89CDC2AB7C4}
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=101&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6PoL1Uu225WCA-QheaE6icPo2y8iBzY0DgHhC-SkCfzCXFHQQs0kFfeRplLahWZ4,&q={searchTerms}
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6PoL1Uu225WCA-QheaE6icPo2y8iBzY0DgHhC-SkCfzCXFHQQs0kFfeRplLahWZ4,&q={searchTerms}
SearchScopes: HKCU - {DD658477-8F47-49F3-AED8-AF6165765E38} URL = https://www.google.com/search?q={searchTerms}
BHO: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho64.dll (Plus HD)
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll No File
BHO-x32: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.6.9.12\bh\BabylonToolbar.dll No File
BHO-x32: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
BHO-x32: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - No File
BHO-x32: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll" No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
Toolbar: HKLM-x32 - Wincore Mediabar - {28387537-e3f9-4ed7-860c-11e69af4a8a0} - C:\PROGRA~2\IMESHA~1\MediaBar\Datamngr\ToolBar\wincoreimdtx.dll No File
Toolbar: HKLM-x32 - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll No File
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll" No File
Toolbar: HKLM-x32 - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - No Name - !{8dcb7100-df86-4384-8842-8fa844297b3f} - No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default
FF NewTab: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6NJiuATJ3kgrexVWDJbrCN8aH8zf1xDAwQAwawOXWHeHhIfKOrQRNHGcL8dQ9O_k,
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6Mvhj6VYmqNQzbIyc469htzEiDj-xcc3v3irifABRoQfNlw-0kLaQGUEvF6JCp1c,
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRbHdKIqgRJyMidKuvnhDCuxhZjwitu2603iO2DKCmN--NXUfc66E4-0PDjam9Tf6WxHJ3a4imDc0U9sSw1Lx91g8nO9zPbKOTa3-Q3gQXeHdVvISPPL6PoL1Uu225WCA-QheaE6icPo2y8iBzY0DgHhC-SkCfzCXFHQQs0kFfeRplLahWZ4,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Paul\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Paul\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF user.js: detected! => C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\user.js
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\askcomsearch.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\BrowserDefender.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: LyricsContainer - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\128 [2013-08-17]
FF Extension: LyricsContainer - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\130 [2013-08-26]
FF Extension: Plus-HD-2.6 - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com [2014-06-29]
FF Extension: Savings Sidekick - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\crossriderapp5060@crossrider.com [2012-11-19]
FF Extension: Softonic Toolbar - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\ffxtlbra@softonic.com [2012-04-02]
FF Extension: Wincore Mediabar - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\{28387537-e3f9-4ed7-860c-11e69af4a8a0} [2012-06-17]
FF Extension: IMinent Toolbar - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2013-05-17]
FF Extension: QuickShare Widget - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\Extensions\{f0f63f9c-e53e-aa50-91e0-e89970838b1c} [2014-05-14]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-06-19]
FF HKLM\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKLM-x32\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\9b96qkfv.default\extensions\webbooster@iminent.com
FF HKLM-x32\...\Firefox\Extensions: [{DEDAF650-12B8-48f5-A843-BBA100716106}] - C:\Program Files\Updater By Sweetpacks\Firefox
FF HKCU\...\Firefox\Extensions: [{ba5b6935-63e1-431c-8fc6-7504512d2b94}] - C:\Program Files (x86)\LyricsContainer\130.xpi
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2013-08-06]
CHR Extension: (Plus-HD-2.6) - C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpfeggemggokijeahnacacopejaabljl [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [abfmigjiaapipflmopkaaooigcjjdojh] - C:\Program Files (x86)\LyricsContainer\130.crx [2013-10-02]
CHR HKLM-x32\...\Chrome\Extension: [dcillohgikpecbmgioknapdpcjofaafl] - C:\Users\Paul\AppData\Roaming\Claro\claro.crx [2012-11-01]
CHR HKLM-x32\...\Chrome\Extension: [igdhbblpcellaljokkpfhcjlagemhgjl] - C:\Program Files (x86)\Iminent\Iminent.crx [2012-11-01]
CHR HKLM-x32\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Paul\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-14]
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Paul\AppData\Local\Temp\YontooLayers.crx [2011-10-28]
==================== Services (Whitelisted) =================
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-14] (Microsoft Corporation)
S4 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
R2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation)
R2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2010-11-20] (Microsoft Corporation)
S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-14] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WajamUpdater; C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam) [File not signed]
S2 APNMCP; "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe" [X]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-10-02] ()
R3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-10-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S3 PAC207; C:\Windows\System32\DRIVERS\PFC027.SYS [572416 2006-12-05] (PixArt Imaging Inc.)
S0 sfdrv01a; C:\Windows\System32\drivers\sfdrv01a.sys [77688 2006-07-05] (Protection Technology (StarForce))
S0 sfsync04; C:\Windows\System32\drivers\sfsync04.sys [78208 2006-08-11] (Protection Technology (StarForce))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-05 13:26 - 2014-07-05 13:29 - 00027277 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-07-05 13:25 - 2014-07-05 13:29 - 00000000 ____D () C:\FRST
2014-07-05 13:25 - 2014-07-05 13:25 - 02084352 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-07-01 16:32 - 2014-07-01 16:32 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\skyz
2014-06-30 20:33 - 2014-06-30 20:33 - 00006192 _____ () C:\Users\Paul\Downloads\CV Ireneusz Wolczynski.odt
2014-06-19 20:34 - 2014-06-19 20:35 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-17 21:19 - 2014-06-17 21:19 - 00000000 ____D () C:\Users\Paul\Documents\ROBLOX
2014-06-17 21:13 - 2014-06-17 21:18 - 00000000 ____D () C:\Users\Paul\AppData\Local\Roblox
2014-06-17 21:12 - 2014-06-17 21:12 - 00635248 _____ (ROBLOX Corporation) C:\Users\Paul\Downloads\RobloxPlayerLauncher.exe
2014-06-17 20:30 - 2014-06-17 20:29 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-17 20:30 - 2014-06-17 20:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-17 20:30 - 2014-06-17 20:29 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-17 20:30 - 2014-06-17 20:29 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-17 20:29 - 2014-06-17 20:29 - 00000000 ____D () C:\Program Files\Java
2014-06-17 20:28 - 2014-06-17 20:28 - 30984104 _____ (Oracle Corporation) C:\Users\Paul\Downloads\jre-7u60-windows-x64.com
2014-06-14 14:13 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-14 14:13 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-14 14:13 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-14 14:13 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-14 14:13 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-14 14:13 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-14 14:13 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-14 14:13 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-14 14:13 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-14 14:13 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-14 14:13 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-14 14:13 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-14 14:13 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-14 14:13 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-14 14:13 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-14 14:13 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-14 14:13 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-14 14:13 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-14 14:13 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-14 14:13 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-14 14:13 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-14 14:13 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-14 14:13 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-14 14:13 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-14 14:13 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-14 14:13 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-14 14:13 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-14 14:13 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-14 14:13 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-14 14:13 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-14 14:13 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-14 14:13 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-14 14:13 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-14 14:13 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-14 14:13 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-14 14:13 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-14 14:13 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-14 14:13 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-14 14:13 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-14 14:13 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-14 14:13 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-14 14:13 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-14 14:13 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-14 14:13 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-14 14:13 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-14 14:13 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-14 14:13 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-14 14:13 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-14 14:13 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-14 14:13 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-14 14:13 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-14 14:13 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-14 14:13 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-14 14:13 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-14 14:13 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-14 14:13 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-14 14:13 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-14 14:13 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-14 14:13 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-14 14:13 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-14 14:13 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-14 14:13 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-14 14:13 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-14 14:13 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-14 14:10 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-14 14:10 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 21:45 - 2014-06-11 21:45 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-11 21:45 - 2014-06-11 21:45 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-06-11 21:45 - 2014-06-11 21:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-11 21:45 - 2014-06-11 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-11 21:44 - 2014-06-11 21:44 - 13849784 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\mseinstall.exe
==================== One Month Modified Files and Folders =======
2014-07-05 13:29 - 2014-07-05 13:26 - 00027277 _____ () C:\Users\Paul\Desktop\FRST.txt
2014-07-05 13:29 - 2014-07-05 13:25 - 00000000 ____D () C:\FRST
2014-07-05 13:28 - 2010-02-10 03:02 - 01961127 _____ () C:\Windows\WindowsUpdate.log
2014-07-05 13:25 - 2014-07-05 13:25 - 02084352 _____ (Farbar) C:\Users\Paul\Desktop\FRST64.exe
2014-07-05 13:20 - 2010-02-10 03:05 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-05 13:20 - 2009-07-14 06:51 - 00116871 _____ () C:\Windows\setupact.log
2014-07-04 17:57 - 2014-04-19 15:28 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\.minecraft
2014-07-04 16:55 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-04 16:55 - 2009-07-14 06:45 - 00009696 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-03 08:59 - 2012-07-19 10:18 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\SoftGrid Client
2014-07-02 17:38 - 2012-07-19 20:36 - 00000000 ____D () C:\Users\Paul\Desktop\Magda
2014-07-01 16:32 - 2014-07-01 16:32 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\skyz
2014-07-01 16:32 - 2014-04-22 11:27 - 00000000 ____D () C:\Users\Paul\Desktop\Minecraft Versions,worlds,mods
2014-06-30 20:33 - 2014-06-30 20:33 - 00006192 _____ () C:\Users\Paul\Downloads\CV Ireneusz Wolczynski.odt
2014-06-30 19:21 - 2012-04-11 18:30 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Skype
2014-06-30 18:55 - 2011-08-17 16:37 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-06-30 17:32 - 2010-02-10 11:54 - 03012432 _____ () C:\Windows\system32\perfh007.dat
2014-06-30 17:32 - 2010-02-10 11:54 - 00870188 _____ () C:\Windows\system32\perfc007.dat
2014-06-30 17:32 - 2009-07-14 07:13 - 00007616 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-30 17:30 - 2013-02-01 20:15 - 00158208 ___SH () C:\Users\Paul\Desktop\Thumbs.db
2014-06-26 20:28 - 2010-02-10 03:16 - 00000000 ____D () C:\ProgramData\Temp
2014-06-24 21:12 - 2011-08-16 20:20 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Adobe
2014-06-22 19:39 - 2014-05-14 16:15 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-20 11:42 - 2014-04-09 18:42 - 00000000 ____D () C:\Users\Paul\Desktop\FSX Flüge
2014-06-19 20:35 - 2014-06-19 20:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-06-19 13:56 - 2010-02-10 02:58 - 00547520 _____ () C:\Windows\PFRO.log
2014-06-18 21:16 - 2012-04-02 12:54 - 00178502 _____ () C:\Windows\wininit.ini
2014-06-17 21:19 - 2014-06-17 21:19 - 00000000 ____D () C:\Users\Paul\Documents\ROBLOX
2014-06-17 21:18 - 2014-06-17 21:13 - 00000000 ____D () C:\Users\Paul\AppData\Local\Roblox
2014-06-17 21:12 - 2014-06-17 21:12 - 00635248 _____ (ROBLOX Corporation) C:\Users\Paul\Downloads\RobloxPlayerLauncher.exe
2014-06-17 20:29 - 2014-06-17 20:30 - 00313256 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-06-17 20:29 - 2014-06-17 20:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-06-17 20:29 - 2014-06-17 20:30 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-06-17 20:29 - 2014-06-17 20:30 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-06-17 20:29 - 2014-06-17 20:29 - 00000000 ____D () C:\Program Files\Java
2014-06-17 20:28 - 2014-06-17 20:28 - 30984104 _____ (Oracle Corporation) C:\Users\Paul\Downloads\jre-7u60-windows-x64.com
2014-06-16 18:43 - 2013-11-25 13:45 - 00000000 ____D () C:\Users\Paul\AppData\Local\Loksim3D
2014-06-16 18:33 - 2013-11-25 13:45 - 00000000 ____D () C:\Users\Public\Documents\Loksim3D
2014-06-14 16:25 - 2013-08-17 15:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-14 16:23 - 2011-08-31 15:55 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 16:22 - 2014-05-06 19:05 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-14 14:35 - 2012-12-13 20:53 - 00000000 ____D () C:\Program Files (x86)\File Scout
2014-06-11 21:46 - 2011-10-28 17:03 - 00000000 ____D () C:\ProgramData\Avira
2014-06-11 21:45 - 2014-06-11 21:45 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-06-11 21:45 - 2014-06-11 21:45 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-06-11 21:45 - 2014-06-11 21:45 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-06-11 21:45 - 2014-06-11 21:45 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-06-11 21:44 - 2014-06-11 21:44 - 13849784 _____ (Microsoft Corporation) C:\Users\Paul\Downloads\mseinstall.exe
2014-06-08 11:13 - 2014-06-14 14:10 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 11:08 - 2014-06-14 14:10 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Files to move or delete:
====================
C:\Users\Paul\AppData\Roaming\Camdata.ini
C:\Users\Paul\AppData\Roaming\CamLayout.ini
C:\Users\Paul\AppData\Roaming\CamShapes.ini
Some content of TEMP:
====================
C:\Users\Magda\AppData\Local\Temp\AskSLib.dll
C:\Users\Paul\AppData\Local\Temp\7za.exe
C:\Users\Paul\AppData\Local\Temp\AdbeRdr940_de_DE.exe
C:\Users\Paul\AppData\Local\Temp\air156F.exe
C:\Users\Paul\AppData\Local\Temp\air18BC.exe
C:\Users\Paul\AppData\Local\Temp\air6EA9.exe
C:\Users\Paul\AppData\Local\Temp\air8AD1.exe
C:\Users\Paul\AppData\Local\Temp\airA89F.exe
C:\Users\Paul\AppData\Local\Temp\ApnStub.exe
C:\Users\Paul\AppData\Local\Temp\AskSLib.dll
C:\Users\Paul\AppData\Local\Temp\AutoRun.exe
C:\Users\Paul\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Paul\AppData\Local\Temp\avgnt.exe
C:\Users\Paul\AppData\Local\Temp\BackupSetup.exe
C:\Users\Paul\AppData\Local\Temp\contentDATs.exe
C:\Users\Paul\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Paul\AppData\Local\Temp\drm_dyndata_7360012.dll
C:\Users\Paul\AppData\Local\Temp\drm_dyndata_7380009.dll
C:\Users\Paul\AppData\Local\Temp\EADF5B.exe
C:\Users\Paul\AppData\Local\Temp\FileSystemView.dll
C:\Users\Paul\AppData\Local\Temp\First15.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel0.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel1.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel10.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel11.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel12.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel13.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel14.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel15.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel16.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel17.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel18.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel2.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel3.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel4.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel5.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel6.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel7.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel8.exe
C:\Users\Paul\AppData\Local\Temp\i4jdel9.exe
C:\Users\Paul\AppData\Local\Temp\iMesh_setup.exe
C:\Users\Paul\AppData\Local\Temp\Installer.exe
C:\Users\Paul\AppData\Local\Temp\installerdll1471760.dll
C:\Users\Paul\AppData\Local\Temp\installerdll1477813.dll
C:\Users\Paul\AppData\Local\Temp\installhelper.dll
C:\Users\Paul\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.6-R0.3-7-g48dcb3e-b2591jnks.dll
C:\Users\Paul\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\jre-7u7-windows-i586-iftw.exe
C:\Users\Paul\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Paul\AppData\Local\Temp\Notification.exe
C:\Users\Paul\AppData\Local\Temp\octFCB7.tmp.exe
C:\Users\Paul\AppData\Local\Temp\plus-hd-2-6.exe
C:\Users\Paul\AppData\Local\Temp\rootsupd.exe
C:\Users\Paul\AppData\Local\Temp\SecurityScan_Release.exe
C:\Users\Paul\AppData\Local\Temp\setup.exe
C:\Users\Paul\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Paul\AppData\Local\Temp\Shortcut_sweetim_0307_Y-d1264dfa.exe
C:\Users\Paul\AppData\Local\Temp\SIntf16.dll
C:\Users\Paul\AppData\Local\Temp\SIntf32.dll
C:\Users\Paul\AppData\Local\Temp\SIntfNT.dll
C:\Users\Paul\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Paul\AppData\Local\Temp\spacksyahoo_717_active.exe
C:\Users\Paul\AppData\Local\Temp\SRAssetsHelper.dll
C:\Users\Paul\AppData\Local\Temp\umbrella.exe
C:\Users\Paul\AppData\Local\Temp\uninst1.exe
C:\Users\Paul\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Paul\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Paul\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Paul\AppData\Local\Temp\VP6Install.exe
C:\Users\Paul\AppData\Local\Temp\VP6VFW.dll
C:\Users\Paul\AppData\Local\Temp\wajam_install.exe
C:\Users\Paul\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Paul\AppData\Local\Temp\WSSetup.exe
C:\Users\Paul\AppData\Local\Temp\YontooIEClient.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2012-10-09 12:57
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014
Ran by Paul at 2014-07-05 13:29:45
Running from C:\Users\Paul\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 5.1.8507 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 5.1.8507 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.7201 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3015 - Acer Incorporated)
Acer GameZone Console (HKLM-x32\...\{58F4D244-314F-4D26-B5EF-C28AB32E22CB}_is1) (Version: 6.1.0.9 - Oberon Media, Inc.)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 13.0.0.83 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 13.0.0.83 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.2 - Adobe Systems Incorporated)
Adobe Download Assistant (x32 Version: 1.2.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Amazonia (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}) (Version: - Oberon Media)
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Avira SearchFree Toolbar (HKLM-x32\...\{41564952-412D-5637-00A7-A758B70C0A03}) (Version: 12.10.3.4487 - APN, LLC)
BeamNG-Techdemo-0.3 (remove only) (HKCU\...\BeamNG-Techdemo-0.3) (Version: - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-5490CN (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Bus-Simulator 2009 (HKLM-x32\...\Bus-Simulator 2009_is1) (Version: - astragon Software GmbH)
Cake Mania (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}) (Version: - Oberon Media)
CamStudio version 2.7 (HKLM-x32\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7 - CamStudio Open Source)
Carnet d'activités À plus! 1 (HKLM-x32\...\{E8895A6B-1A5A-4754-AE70-70432DA6C6D6}) (Version: 1.00.000 - )
Cities in Motion (HKLM-x32\...\Steam App 73010) (Version: - )
Cities in Motion 2 (HKLM-x32\...\Steam App 225420) (Version: - Colossal Order Ltd.)
Claro Chrome Toolbar (HKLM-x32\...\{069B290F-5398-4629-A009-85B4BCB4B1B9}) (Version: 1.0.0.2 - Claro) <==== ATTENTION
Cobra 11 - Burning Wheels (remove only) (HKLM-x32\...\BurningWheels) (Version: - )
Crazy Machines (HKLM-x32\...\{8E6A3B40-DCE3-47D9-835B-FE1AD9C083D0}) (Version: 1.0 - FAKT Software GmbH)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Die Sims™ 3 Einfach tierisch (HKLM-x32\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
DomaIQ (HKLM-x32\...\DomaIQ Uninstaller) (Version: - Tuguu SLU) <==== ATTENTION
Dream Day First Home (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}) (Version: - Oberon Media)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
Eisenbahn.exe Professional 5.0 Platinum (HKLM-x32\...\{4E65796E-62E4-4EF7-9E1E-AADB7E0371CB}) (Version: 5.00.0000 - Trend)
Eisenbahn.exe Professional 6.0 (HKLM-x32\...\{6B249FAC-DD1A-405F-A8A2-AA6A2252ED32}) (Version: 6.00.0000 - Trend)
Eisenbahn-Skins 1.0 (HKLM-x32\...\Eisenbahn-Skins) (Version: 1.0 - oppie)
Emergency4 (HKLM-x32\...\{9A4C534E-431F-4A17-97D4-D1682B19A054}) (Version: 1.03.001 - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
Euro Truck Simulator 1.00 (HKLM-x32\...\Euro Truck Simulator) (Version: 1.00 - )
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Farm Frenzy 2 (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}) (Version: - Oberon Media)
Flight Simulator X (HKLM-x32\...\RTMshadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - )
Flight Simulator X Service Pack 1 (HKLM-x32\...\SP1shadow_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: - )
FLV Media Player version 1.3 (HKLM-x32\...\{0E08BAC8-845B-4327-8CDB-4B0F8C9857A5}_is1) (Version: 1.3 - FLVMPlayer)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
G DATA Logox4 Speechengine (HKLM-x32\...\lgx4.lgx.server) (Version: - G DATA Software AG)
Galapago (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}) (Version: - Oberon Media)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
Grand Theft Auto III 1.1 (HKLM-x32\...\Grand Theft Auto III 1.1) (Version: - )
Grand Theft Auto: San Andreas (HKLM-x32\...\Steam App 12120) (Version: - Rockstar Games)
Heroes of Hellas (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}) (Version: - Oberon Media)
Hotel Gigant 2 (HKLM-x32\...\{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}) (Version: 1.00 - Nobilis)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Acer Incorporated)
HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
iFunbox (v2.7.2386.747), iFunbox DevTeam (HKLM-x32\...\iFunbox_is1) (Version: v2.7.2386.747 - )
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Iminent (x32 Version: 6.20.11.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Internet Explorer Toolbar 4.9 by SweetPacks (HKLM-x32\...\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}) (Version: 4.9.0000 - SweetIM Technologies Ltd.) <==== ATTENTION
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 22 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216022F0}) (Version: 6.0.220 - Oracle)
Java(TM) 6 Update 33 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.330 - Oracle)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Klett Lernsoftware Mathematik - Lambacher Schweizer 5 HE (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schweizer 5 HE_is1) (Version: - )
Lernwerkstatt 8 (HKLM-x32\...\InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}) (Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH)
Lernwerkstatt 8 (x32 Version: 8.00.0000 - Medienwerkstatt Mühlacker Verlagsgesellschaft mbH) Hidden
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
Lollipop (HKCU\...\lollipop) (Version: - Lollipop Network, S.L.) <==== ATTENTION
McAfee Security Scan Plus (HKLM-x32\...\McAfee Security Scan) (Version: 3.0.318.3 - McAfee, Inc.)
MediaEspresso (x32 Version: 5.1.1116_32498 - CyberLink Corp.) Hidden
Merriam Websters Spell Jam (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}) (Version: - Oberon Media)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight Simulator 2002 (HKLM-x32\...\Flight Simulator 8.0) (Version: - )
Microsoft Flight Simulator X (x32 Version: 10.0.60905 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X: Acceleration (HKLM-x32\...\FlightSim_{7D606567-5047-451A-B49E-29FCB6012B4E}) (Version: 10.0.61637.0 - Microsoft Game Studios)
Microsoft Flight Simulator X: Acceleration (x32 Version: 10.0.61637.0 - Microsoft Game Studios) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - )
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Minecraft PC Gamer Demo version 1.5 (HKLM-x32\...\{55D65D27-C0CD-4375-9021-F3D3D024ED90}_is1) (Version: 1.5 - Mojang)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{889c1686-2039-4bef-b6fe-e55f7893efd6}) (Version: - Nero AG)
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.37.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.16.0.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.37.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Grafiktreiber 267.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 267.02 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.1.13.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.1.13.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.265.39.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (HKLM-x32\...\{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}) (Version: 9.10.0513 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (HKLM-x32\...\NVIDIAStereo) (Version: 7.17.12.6702 - NVIDIA Corporation)
NVIDIA Systemsteuerung 267.02 (Version: 267.02 - NVIDIA Corporation) Hidden
Optimizer Pro v3.0 (HKLM-x32\...\Optimizer Pro_is1) (Version: 3.0 - PC Utilities Pro) <==== ATTENTION
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4554 - Electronic Arts, Inc.)
PDF Reader (HKCU\...\PDF Reader) (Version: - )
Pdf995 (HKLM-x32\...\Pdf995) (Version: - )
Pflanzen gegen Zombies (HKLM-x32\...\{64991936-8873-7243-6337-338254618644}) (Version: 1.0 - Bluefish Games)
Pflanzen gegen Zombies (HKLM-x32\...\Pflanzen gegen Zombies) (Version: - PopCap Games)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Plus-HD-2.6 (HKLM-x32\...\Plus-HD-2.6) (Version: 1.28.153.1 - Plus HD) <==== ATTENTION
Poker Pop (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111355427}) (Version: - Oberon Media)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
ProTrain 20 Dortmund - Hannover 1.0 (HKLM-x32\...\ProTrain 20 Dortmund - Hannover 1.0) (Version: 1.0 - BlueSky Interactive)
ProTrain 20 Raildriver 1.0 (HKLM-x32\...\ProTrain 20 Raildriver 1.0) (Version: 1.0 - Blue Sky Interactive)
Qtrax (HKCU\...\Qtrax) (Version: 20.13.06.24 - Qtrax)
Qtrax Player (HKCU\...\915973767.portal.qtrax.com) (Version: - portal.qtrax.com)
QuickShare (HKLM-x32\...\{11D4FAA0-A577-4FA8-B24E-D24283D861D1}) (Version: 11.24.60.15709 - Linkury Inc.) <==== ATTENTION
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6215 - Realtek Semiconductor Corp.)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Schiff-Simulator 2008 (HKLM-x32\...\ShipSim2008) (Version: - )
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
SimCity 4 Deluxe (HKLM-x32\...\{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}) (Version: - )
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Softi FreeOCR (HKLM-x32\...\{ABBACAD2-4DAF-490E-932B-E330B33FCF98}) (Version: 2.6.0 - Softi Software)
Softonic toolbar on IE and Chrome (HKLM-x32\...\softonic) (Version: - ) <==== ATTENTION
Spin & Win (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110300453}) (Version: - Oberon Media)
SPORE™ Labor (HKLM-x32\...\{8CC42289-E228-4A35-B8A9-015242283BB2}) (Version: 1.00.0000 - Electronic Arts)
Sprengmeister LE 1.3.11 (HKLM-x32\...\{9210D131-609B-42A1-84AB-D278A6F17C00}_is1) (Version: - UIG GmbH)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Sims™ 3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.67.2 - Electronic Arts)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VAFPlayer (HKLM-x32\...\{EBE677C0-CBCB-4EBF-8098-E27E1B5271CF}) (Version: 1.6.8 - Tuguu SL) <==== ATTENTION
VirtualRides - Der Fahrgeschäftsimulator Version 1.0 (HKLM-x32\...\{A29906AD-C03C-4A1A-9D88-1B77EA561B25}_is1) (Version: 1.0 - VirtualRides Developement Team)
Wajam (HKLM-x32\...\Wajam) (Version: 1.45 - Wajam) <==== ATTENTION
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3102 - Acer Incorporated)
Wildlife Park 2 (HKLM-x32\...\{A1C659AF-C761-47A8-BAFD-5FD2BE1ED419}) (Version: 1.24 - Deep Silver)
Wincore MediaBar (HKLM-x32\...\Wincore MediaBar) (Version: 4.0.0.2790 - iMesh Inc.) <==== ATTENTION
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4225.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
World of Subways Vol.2 (HKLM-x32\...\{0A902DF4-B767-49DB-98D3-D413E6F1E703}) (Version: 1.20 - TML-Studios)
Yontoo Layers Runtime 1.10.01 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.10.01 - Yontoo LLC) <==== ATTENTION
==================== Restore Points =========================
11-06-2014 21:07:32 Windows Update
14-06-2014 14:21:44 Windows Update
16-06-2014 17:57:24 Windows Update
17-06-2014 18:29:15 Installed Java 7 Update 60 (64-bit)
17-06-2014 19:25:32 Windows Update
18-06-2014 19:17:28 Removed Claro Chrome Toolbar
18-06-2014 20:48:34 Windows Update
19-06-2014 16:58:09 Windows Update
19-06-2014 19:13:58 Windows Update
20-06-2014 11:29:35 Windows Update
20-06-2014 14:17:56 Windows Update
20-06-2014 19:57:33 Windows Update
22-06-2014 15:36:46 Windows Update
22-06-2014 20:52:14 Windows Update
24-06-2014 19:58:31 Windows Update
26-06-2014 18:33:16 Windows Update
29-06-2014 12:37:43 Windows Update
30-06-2014 20:10:37 Windows Update
01-07-2014 17:03:15 Windows Update
01-07-2014 20:33:15 Windows Update
02-07-2014 06:07:08 Windows Update
02-07-2014 16:58:17 Windows Update
03-07-2014 07:00:32 Windows Update
03-07-2014 17:10:28 Windows Update
04-07-2014 16:54:48 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {04CBA68A-3E44-4C09-8A4E-06BB04CAC240} - System32\Tasks\{D17D910D-E15A-4ABD-8F5E-B0B191D67303} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {31B66078-27DA-4CC5-8D8A-BE4D2C532CE0} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {31F3D8FD-5FE1-442D-A07F-90A17AB3F602} - System32\Tasks\EPUpdater => C:\Users\Paul\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe <==== ATTENTION
Task: {4938BA6F-038A-4C80-BD0E-ECCBBD5FF119} - System32\Tasks\{BC968819-8435-4AF9-8DE2-1397DCE22DB6} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {4A91BBED-76E0-405A-A344-113EFB3EE2FF} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-21] (Adobe Systems Incorporated)
Task: {635DCD1E-EF3E-4918-B8E7-8148E1612855} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3145083249-3314839790-1771552646-1000Core => C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-16] (Facebook Inc.)
Task: {67405CB6-FD0B-475E-BED8-D04FA16BE02D} - System32\Tasks\{190BA7D1-1633-4E8E-AA3F-F012C3670C7D} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {7D484AD9-80B2-4A01-B9A9-732666496A8E} - System32\Tasks\{CDAA342F-4D7B-4D86-BFCF-43B75B102FAB} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {89BC4569-D6C7-4F4B-BD7E-CD79A8901D98} - System32\Tasks\{8DED2526-A8BE-4965-A53D-5240299E671D} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {950FACE5-983E-47E7-9A23-5543D9E9D29A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
Task: {9ACAFD9F-763F-496E-B48C-F641EBBBAF54} - System32\Tasks\{CDC73136-726E-4068-B0D5-94096A81FD9A} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {A36ABAA0-B8B7-49E3-921E-3129C75665C6} - System32\Tasks\ArcadeDeluxeAgentTS => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe [2011-01-07] (CyberLink Corp.)
Task: {A9B2D034-4246-43FA-8E88-B45F21C93CB7} - System32\Tasks\BrowserDefendert => Sc.exe start BrowserDefendert <==== ATTENTION
Task: {AD07930C-0908-44E2-8917-CE7B5E7A74B4} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3145083249-3314839790-1771552646-1000UA => C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-03-16] (Facebook Inc.)
Task: {BE3664CF-D4CE-4C4D-B835-D247C2639AE7} - System32\Tasks\{36178DCD-ABDE-4890-A316-F7449D26D60C} => C:\Program Files (x86)\ARTDINK\A-Train8EU\Atrain8EU.exe
Task: {C1538725-DB2B-441F-960C-FD90BFC1C4DB} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {D13B845A-A593-4813-AB02-099C379FEB8C} - System32\Tasks\AcerArcadeDeluxe => C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe [2011-01-07] (Acer Incorporated)
Task: {ED882CAE-7E58-481A-B494-5222F098FA36} - System32\Tasks\{9239BB31-D091-4A8D-B67D-24234DDFAF74} => Firefox.exe hxxp://ui.skype.com/ui/0/5.8.0.158/de/abandoninstall?source=lightinstaller&page=tsPlugin
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3145083249-3314839790-1771552646-1000Core.job => C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3145083249-3314839790-1771552646-1000UA.job => C:\Users\Paul\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\Plus-HD-2.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.6-enabler.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\Plus-HD-2.6-updater.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2013\OneClick.exe
==================== Loaded Modules (whitelisted) =============
2011-01-19 03:08 - 2011-01-19 03:08 - 00620136 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00045848 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00067864 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srau.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00164632 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 02281752 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00065816 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\spbl.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00153880 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00013592 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\siem.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00060184 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\sppsm.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00695576 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00014104 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00077592 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00026392 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00055576 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srut.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00028440 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srsbs.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00064280 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00029976 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srom.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00029976 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\smtu.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00038168 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\smta.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00042776 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srbu.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00023320 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\sgml.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00060696 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Resources.LanguageSettings.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00023832 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srpdm.dll
2014-03-09 19:42 - 2014-03-09 19:42 - 00042264 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\MACTrackBarLib.dll
2014-03-09 19:41 - 2014-03-09 19:41 - 00025880 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\de\Smartbar.Resources.LanguageSettings.resources.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00034584 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll
2014-03-09 19:43 - 2014-03-09 19:43 - 00254232 _____ () C:\Users\Paul\AppData\Local\Smartbar\Application\srns.dll
2011-01-19 03:08 - 2011-01-19 03:08 - 00151656 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
2012-09-10 20:27 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2014-02-26 18:19 - 2014-02-26 18:19 - 00169472 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\0a0467413a424068d1471448ff6ca6cc\IsdiInterop.ni.dll
2010-02-10 03:10 - 2010-11-06 00:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\ProgramData\Temp:4D066AD2
AlternateDataStreams: C:\ProgramData\Temp:5D7E5A8F
AlternateDataStreams: C:\ProgramData\Temp:798A3728
AlternateDataStreams: C:\ProgramData\Temp:93EB7685
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:E1F04E8D
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
AlternateDataStreams: C:\ProgramData\Temp:E3C56885
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: McComponentHostService => 3
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TuneUp.UtilitiesSvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Paul^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk => C:\Windows\pss\CNET TechTracker.lnk.Startup
MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/05/2014 01:27:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm FRST64.exe, Version 5.6.2014.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1778
Startzeit: 01cf9843cc948602
Endzeit: 0
Anwendungspfad: C:\Users\Paul\Desktop\FRST64.exe
Berichts-ID: 58a4243f-0437-11e4-9f61-c89cdc2ab7c4
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (06/29/2014 00:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc3c1
Name des fehlerhaften Moduls: SSCORE.DLL, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c9ec
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000000146d
ID des fehlerhaften Prozesses: 0x2d0
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_LanmanServer0
Pfad der fehlerhaften Anwendung: svchost.exe_LanmanServer1
Pfad des fehlerhaften Moduls: svchost.exe_LanmanServer2
Berichtskennung: svchost.exe_LanmanServer3
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:10:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm javaw.exe, Version 7.0.550.14 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1a24
Startzeit: 01cf8bd8064cd3d4
Endzeit: 47
Anwendungspfad: C:\Program Files (x86)\Java\jre7\bin\javaw.exe
Berichts-ID: 2eb166d3-f7cc-11e3-911b-c89cdc2ab7c4
Error: (06/11/2014 09:25:06 PM) (Source: Google Update) (EventID: 20) (User: Paul-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
System errors:
=============
Error: (07/05/2014 01:21:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync04
Error: (07/05/2014 01:20:51 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.
Error: (07/05/2014 01:20:08 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.
Error: (07/05/2014 01:20:08 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync04.sys konnte nicht geladen werden.
Error: (07/04/2014 06:55:11 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x8024200d fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte Systeme (KB2667402)
Error: (07/04/2014 06:54:31 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {3EB3C877-1F16-487C-9050-104DBCD66683}
Error: (07/04/2014 04:48:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
sfdrv01a
sfsync04
Error: (07/04/2014 04:48:27 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: Beim Zugreifen auf den Registrierungsschlüssel SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration ist ein Fehler aufgetreten.
Error: (07/04/2014 04:47:44 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfdrv01a.sys konnte nicht geladen werden.
Error: (07/04/2014 04:47:44 PM) (Source: Application Popup) (EventID: 875) (User: )
Description: Treiber sfsync04.sys konnte nicht geladen werden.
Microsoft Office Sessions:
=========================
Error: (07/05/2014 01:27:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe5.6.2014.0177801cf9843cc9486020C:\Users\Paul\Desktop\FRST64.exe58a4243f-0437-11e4-9f61-c89cdc2ab7c4
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (06/30/2014 05:32:19 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (06/29/2014 00:23:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_LanmanServer6.1.7600.163854a5bc3c1SSCORE.DLL6.1.7601.175144ce7c9ecc0000005000000000000146d2d001cf93840f3c85e5C:\Windows\system32\svchost.exeC:\Windows\system32\SSCORE.DLL679199f7-ff77-11e3-8c1a-c89cdc2ab7c4
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 9968
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 9968
Error: (06/26/2014 08:15:24 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/19/2014 06:10:14 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: javaw.exe7.0.550.141a2401cf8bd8064cd3d447C:\Program Files (x86)\Java\jre7\bin\javaw.exe2eb166d3-f7cc-11e3-911b-c89cdc2ab7c4
Error: (06/11/2014 09:25:06 PM) (Source: Google Update) (EventID: 20) (User: Paul-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 6126.02 MB
Available physical RAM: 3714.12 MB
Total Pagefile: 12250.22 MB
Available Pagefile: 9625.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: (Acer) (Fixed) (Total:690.77 GB) (Free:509.25 GB) NTFS
Drive d: (Data) (Fixed) (Total:690.77 GB) (Free:368.96 GB) NTFS
Drive e: (RCT3) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 9233DC6B)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=691 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=691 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
05.07.2014, 22:29
| #4 |
| /// the machine /// TB-Ausbilder | Merkwürdige E-Mails von der NSA Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Avira <====== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Merkwürdige E-Mails von der NSA |
| adresse, adressen, andere, anderen, beliebige, delivery, e-mail, e-mails, foto, geschickt, guten, hilfreiche, hoffe, inhalt, mail delivery, merkwürdige, morgen, problem, sprache, subsystem, trojaner, verschickt, verschiedene, verschiedenen, worte, wörter |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
