| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Komme nicht mehr ins Internet (pup.optional.conduit.a)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.07.2014, 02:14
| #1 |
| |  Komme nicht mehr ins Internet (pup.optional.conduit.a) Hallo, ich hoffe auf Hilfe von Euch. Zu meinem Problem. Seit ca einer Woche funktioniert mein PC nicht mehr wie gewohnt. Beim starten meines Browsers (Chrome) erhalte ich nur einen weißen Bildschirm, in der Programmliste erscheint dazu noch in Klammern (keine Rückmeldung). Andere Browser ergeben das selbe Problem. Sämtlicher Netzwerkzugriff von Programmen oder Netzwerkplatten sind ebenfalls nicht online erreichbar. Ich habe einmal die Wiederherstellung getätigt, dies hielt 2-3 Tage, jetzt stehe ich wieder vor dem gleichen Problen. Bei mir läuft malewarebytes sowie AVG immer im Hintergrund. MBAM liefert mir permanent eine Bedrohung (pup.optional.conduit.a) unter C:\Users\********\appdata\local\google\chrome\User data\default\preferences, welche ich auch immer wieder in Quarantäne setze. Beim System Neustart tut sich dann aber nie etwas, er fährt einfach nicht runter. Gehe ich in den abgesicherten Modus mit Netzwerktreibern, dann funktioniert alles ohne Probleme. Ich habe mich bereits hier schon einmal auf dem Bord durchgelesen und mir ähnliche Fälle angesehen. Habe folgende Tools schon heruntergeladen: Revouninstall, defogger, frst, gmer, adwcleaner sowie jrt. Im abgesicherten Modus erhalte ich bei allen ein logfile, allerdings ohne ATTENTIONS. Im normalen Modus kann ich dieProgramme zwar öffnen, aber sie frieren sofort ein, weil teilweise nach Updates gesucht wird. Ich schreibe diese Zeilen derzeit vom Tablet, log Files kann ich euch nur die aus dem abgesicherten Modus schicken. Ich hoffe auf eure Hilfe, danke schon jetzt dafür! LG |
|
06.07.2014, 05:43
| #2 |
| /// the machine /// TB-Ausbilder    | Komme nicht mehr ins Internet (pup.optional.conduit.a) hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.07.2014, 08:55
| #3 |
| | Komme nicht mehr ins Internet (pup.optional.conduit.a) Guten Morgen, die Logfiles sind aber unter dem abgesicherten Modus entstanden, ich hoffe nicht dass das Urteil beeinträchtigt.
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by ******* (administrator) on *******-PC on 06-07-2014 09:53:31
Running from C:\Users\*******\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
==================== Processes (Whitelisted) =================
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [] => [X]
Winlogon\Notify\ScCertProp: wlnotify.dll [X]
HKU\S-1-5-21-2274986604-3607075537-2758682289-1000\...\MountPoints2: {864e9aba-bc59-11e3-90cd-00306792e1cc} - L:\Autorun.exe
Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA801ABDDAE2ACF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
Chrome:
=======
CHR HomePage: hxxp://www.google.de/
CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP18DABBE2-76D5-47B8-9A59-AE57AD7C6C3D&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1399117199&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1399982491&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400346069&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400403659&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400755698&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX"
CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-02-16]
CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-02-16]
CHR Extension: (Brushed) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-02-16]
CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-16]
CHR Extension: (SmoothScroll) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-02-16]
CHR Extension: (Adblock Plus) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-16]
CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-16]
CHR Extension: (Video Downloader professional) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-03-28]
CHR Extension: (AdBlock) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-02-16]
CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-16]
CHR Extension: (Adblock Pro) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-02-16]
CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-16]
========================== Services (Whitelisted) =================
S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.)
S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.)
S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) [File not signed]
S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15901984 2014-01-21] (NVIDIA Corporation)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-04-05] ()
S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
==================== Drivers (Whitelisted) ====================
S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-02-18] (BlueStack Systems)
S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [27600 2011-10-30] (CrystalIdea Software)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-05] (Disc Soft Ltd)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-06] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation)
S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [195448 2012-05-24] ()
S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp.sys [60280 2012-05-24] ()
S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [42872 2012-05-24] ()
R3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.)
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-06 02:23 - 2014-07-06 02:42 - 00000000 ____D () C:\AdwCleaner
2014-07-06 02:23 - 2014-07-06 02:23 - 01016261 _____ (Thisisu) C:\Users\*******\Downloads\JRT.exe
2014-07-06 02:22 - 2014-07-06 02:22 - 01346519 _____ () C:\Users\*******\Downloads\adwcleaner_3.214.exe
2014-07-06 02:18 - 2014-07-06 02:18 - 00000583 _____ () C:\Users\*******\Downloads\gmer.log
2014-07-06 02:16 - 2014-07-06 02:16 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe
2014-07-06 02:13 - 2014-07-06 02:16 - 00039336 _____ () C:\Users\*******\Downloads\Addition.txt
2014-07-06 02:12 - 2014-07-06 09:53 - 00001450 _____ () C:\Users\*******\Downloads\FRST.txt
2014-07-06 02:12 - 2014-07-06 09:53 - 00000000 ____D () C:\FRST
2014-07-06 02:12 - 2014-07-06 02:12 - 01074688 _____ (Farbar) C:\Users\*******\Downloads\FRST.exe
2014-07-06 02:10 - 2014-07-06 03:18 - 00000476 _____ () C:\Users\*******\Downloads\defogger_disable.log
2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-07-06 02:09 - 2014-07-06 02:09 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2014-07-06 02:01 - 2014-07-06 02:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*******\Downloads\revosetup95.exe
2014-07-06 02:01 - 2014-07-06 02:01 - 00001233 _____ () C:\Users\*******\Desktop\Revo Uninstaller.lnk
2014-07-06 02:01 - 2014-07-06 02:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-06 01:37 - 2014-07-06 01:37 - 00000000 ____D () C:\Windows\pss
2014-07-05 21:19 - 2014-07-06 01:21 - 00000000 ___RD () C:\Users\*******\Dropbox
2014-07-05 21:19 - 2014-07-05 21:19 - 00001010 _____ () C:\Users\*******\Desktop\Dropbox.lnk
2014-07-05 21:18 - 2014-07-05 21:19 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-05 21:16 - 2014-07-05 21:20 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox
2014-07-05 21:16 - 2014-07-05 21:16 - 00318944 _____ (Dropbox, Inc.) C:\Users\*******\Downloads\DropboxInstaller.exe
2014-07-01 23:54 - 2014-07-01 23:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-01 23:53 - 2014-07-02 21:01 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader 2.0
2014-07-01 23:52 - 2014-07-01 23:52 - 00000000 ____D () C:\Program Files\JDownloader
2014-07-01 23:44 - 2014-07-01 23:45 - 32056048 _____ (AppWork GmbH) C:\Users\*******\Downloads\JDownloader2Setup (adfree).exe
2014-07-01 23:44 - 2014-07-01 23:45 - 26539720 _____ (AppWork GmbH) C:\Users\*******\Downloads\JDownloaderSetup (adfree).exe
2014-07-01 23:40 - 2014-07-01 23:52 - 00010799 _____ () C:\Users\*******\Downloads\error.log
2014-07-01 23:33 - 2014-07-01 23:40 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader v2.0
2014-06-24 19:42 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Nero
2014-06-24 19:42 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-06-24 19:01 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-06-24 19:01 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-06-24 19:01 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Ahead
2014-06-24 19:01 - 2004-03-03 21:30 - 00125184 _____ (Ahead Software AG) C:\Windows\system32\Drivers\imagesrv.sys
2014-06-24 19:01 - 2004-03-03 21:30 - 00005504 _____ (Ahead Software AG) C:\Windows\system32\Drivers\imagedrv.sys
2014-06-24 19:01 - 2001-07-09 11:50 - 00155648 _____ (Ahead Software Gmbh) C:\Windows\system32\NeroCheck.exe
2014-06-24 19:01 - 2001-07-06 18:24 - 00283920 _____ (Pegasus Software, LLC) C:\Windows\system32\ImagXpr5.dll
2014-06-24 19:01 - 2001-07-06 14:41 - 00569344 _____ (Pegasus Software,LLC) C:\Windows\system32\imagr5.dll
2014-06-24 19:01 - 2001-07-06 12:44 - 00544768 _____ (Pegasus Software, LLC) C:\Windows\system32\imagx5.dll
2014-06-24 19:01 - 2001-06-26 08:15 - 00038912 _____ (Pegasus Imaging Corp.) C:\Windows\system32\picn20.dll
2014-06-24 19:01 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\Windows\system32\TwnLib20.dll
2014-06-24 18:40 - 2014-06-24 18:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nero
2014-06-24 18:35 - 2014-06-24 19:43 - 00000000 ____D () C:\ProgramData\Nero
2014-06-20 17:13 - 2014-07-01 23:13 - 00000000 ____D () C:\Users\*******\AppData\Local\Western_Digital_Technolog
2014-06-20 16:45 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-06-20 16:45 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-06-20 16:45 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Western Digital
2014-06-20 16:43 - 2014-06-20 16:43 - 03964296 _____ () C:\Users\*******\Downloads\wd_discovery_windows.zip
2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 ____D () C:\Users\*******\Downloads\wd_discovery_windows
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-06-14 21:27 - 2014-07-01 23:13 - 00000000 ____D () C:\Users\*******\Downloads\mlm
2014-06-14 21:27 - 2014-06-14 21:27 - 01120679 _____ () C:\Users\*******\Downloads\mlm.zip
2014-06-14 16:19 - 2014-06-14 16:19 - 00000000 ____D () C:\Users\*******\AppData\Local\Blizzard
2014-06-14 16:08 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-06-14 16:06 - 2014-06-14 16:06 - 03099552 _____ (Blizzard Entertainment) C:\Users\*******\Downloads\Hearthstone-Setup-deDE.exe
2014-06-13 09:28 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-13 09:28 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-13 09:28 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 09:28 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 09:28 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 09:28 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 09:28 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 09:28 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 09:28 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 09:28 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 09:28 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 09:28 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 09:28 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 09:28 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 09:28 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 09:28 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 09:28 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 09:28 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 09:28 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 09:28 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 09:28 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 09:28 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 09:28 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 09:28 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 09:28 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 09:28 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 09:28 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 09:28 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 09:28 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 09:28 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 09:28 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 09:28 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 09:28 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 09:28 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 09:28 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 09:28 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 09:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 12:53 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 12:53 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
==================== One Month Modified Files and Folders =======
2014-07-06 09:53 - 2014-07-06 02:12 - 00001450 _____ () C:\Users\*******\Downloads\FRST.txt
2014-07-06 09:53 - 2014-07-06 02:12 - 00000000 ____D () C:\FRST
2014-07-06 03:27 - 2014-02-16 02:37 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 03:27 - 2014-02-16 02:26 - 01133963 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 03:18 - 2014-07-06 02:10 - 00000476 _____ () C:\Users\*******\Downloads\defogger_disable.log
2014-07-06 02:42 - 2014-07-06 02:23 - 00000000 ____D () C:\AdwCleaner
2014-07-06 02:36 - 2009-07-14 06:34 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 02:36 - 2009-07-14 06:34 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 02:33 - 2014-02-16 13:16 - 00000000 ____D () C:\ProgramData\MFAData
2014-07-06 02:33 - 2014-02-16 02:37 - 00000000 ____D () C:\Users\*******\AppData\Local\Deployment
2014-07-06 02:29 - 2014-05-22 13:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 02:29 - 2014-03-18 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-06 02:29 - 2014-02-16 02:37 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 02:29 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 02:29 - 2009-07-14 06:39 - 00064051 _____ () C:\Windows\setupact.log
2014-07-06 02:23 - 2014-07-06 02:23 - 01016261 _____ (Thisisu) C:\Users\*******\Downloads\JRT.exe
2014-07-06 02:22 - 2014-07-06 02:22 - 01346519 _____ () C:\Users\*******\Downloads\adwcleaner_3.214.exe
2014-07-06 02:18 - 2014-07-06 02:18 - 00000583 _____ () C:\Users\*******\Downloads\gmer.log
2014-07-06 02:16 - 2014-07-06 02:16 - 00380416 _____ () C:\Users\*******\Downloads\Gmer-19357.exe
2014-07-06 02:16 - 2014-07-06 02:13 - 00039336 _____ () C:\Users\*******\Downloads\Addition.txt
2014-07-06 02:12 - 2014-07-06 02:12 - 01074688 _____ (Farbar) C:\Users\*******\Downloads\FRST.exe
2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-07-06 02:10 - 2014-02-16 02:32 - 00000000 ____D () C:\Users\*******
2014-07-06 02:09 - 2014-07-06 02:09 - 00050477 _____ () C:\Users\*******\Downloads\Defogger.exe
2014-07-06 02:01 - 2014-07-06 02:01 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\*******\Downloads\revosetup95.exe
2014-07-06 02:01 - 2014-07-06 02:01 - 00001233 _____ () C:\Users\*******\Desktop\Revo Uninstaller.lnk
2014-07-06 02:01 - 2014-07-06 02:01 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-07-06 01:37 - 2014-07-06 01:37 - 00000000 ____D () C:\Windows\pss
2014-07-06 01:21 - 2014-07-05 21:19 - 00000000 ___RD () C:\Users\*******\Dropbox
2014-07-05 21:20 - 2014-07-05 21:16 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox
2014-07-05 21:19 - 2014-07-05 21:19 - 00001010 _____ () C:\Users\*******\Desktop\Dropbox.lnk
2014-07-05 21:19 - 2014-07-05 21:18 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster
2014-07-05 21:18 - 2014-07-05 21:18 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-05 21:16 - 2014-07-05 21:16 - 00318944 _____ (Dropbox, Inc.) C:\Users\*******\Downloads\DropboxInstaller.exe
2014-07-04 14:49 - 2014-04-06 12:52 - 00000000 ____D () C:\Users\Arwen\AppData\Roaming\vlc
2014-07-03 12:58 - 2014-03-02 01:12 - 00000000 ____D () C:\Users\*******\AppData\Local\Battle.net
2014-07-02 21:01 - 2014-07-01 23:53 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader 2.0
2014-07-02 09:27 - 2014-04-01 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-07-01 23:54 - 2014-07-01 23:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2014-07-01 23:52 - 2014-07-01 23:52 - 00000000 ____D () C:\Program Files\JDownloader
2014-07-01 23:52 - 2014-07-01 23:40 - 00010799 _____ () C:\Users\*******\Downloads\error.log
2014-07-01 23:45 - 2014-07-01 23:44 - 32056048 _____ (AppWork GmbH) C:\Users\*******\Downloads\JDownloader2Setup (adfree).exe
2014-07-01 23:45 - 2014-07-01 23:44 - 26539720 _____ (AppWork GmbH) C:\Users\*******\Downloads\JDownloaderSetup (adfree).exe
2014-07-01 23:40 - 2014-07-01 23:33 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader v2.0
2014-07-01 23:13 - 2014-06-24 19:42 - 00000000 ____D () C:\Program Files\Nero
2014-07-01 23:13 - 2014-06-24 19:42 - 00000000 ____D () C:\Program Files\Common Files\Nero
2014-07-01 23:13 - 2014-06-24 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2014-07-01 23:13 - 2014-06-20 17:13 - 00000000 ____D () C:\Users\*******\AppData\Local\Western_Digital_Technolog
2014-07-01 23:13 - 2014-06-20 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
2014-07-01 23:13 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital
2014-07-01 23:13 - 2014-06-14 21:27 - 00000000 ____D () C:\Users\*******\Downloads\mlm
2014-07-01 23:13 - 2014-06-14 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone
2014-07-01 23:13 - 2014-05-27 18:14 - 00000000 ____D () C:\Users\*******\Logitech
2014-07-01 23:13 - 2014-05-27 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-07-01 23:13 - 2014-05-22 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-01 23:13 - 2014-05-22 13:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-07-01 23:13 - 2014-05-18 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
2014-07-01 23:13 - 2014-05-14 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More
2014-07-01 23:13 - 2014-05-03 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-01 23:13 - 2014-04-08 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-01 23:13 - 2014-04-07 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-07-01 23:13 - 2014-04-06 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Àíãëèéñêèé ÿçûê äëÿ Finale 2012.r3
2014-07-01 23:13 - 2014-04-06 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments
2014-07-01 23:13 - 2014-03-31 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus
2014-07-01 23:13 - 2014-03-02 01:12 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Battle.net
2014-07-01 23:13 - 2014-02-28 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2014-07-01 23:13 - 2014-02-24 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-07-01 23:13 - 2014-02-17 19:07 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-07-01 23:13 - 2014-02-17 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS4
2014-07-01 23:13 - 2014-02-16 23:37 - 00000000 ____D () C:\Users\Arwen\AppData\Roaming\Winamp
2014-07-01 23:13 - 2014-02-16 15:31 - 00000000 ____D () C:\Users\*******\AppData\Local\TeamSpeak 3 Client
2014-07-01 23:13 - 2014-02-16 15:01 - 00000000 ____D () C:\Users\*******\AppData\Roaming\vlc
2014-07-01 23:13 - 2014-02-16 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-01 23:13 - 2014-02-16 14:44 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Winamp
2014-07-01 23:13 - 2014-02-16 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
2014-07-01 23:13 - 2014-02-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0
2014-07-01 23:13 - 2014-02-16 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool
2014-07-01 23:13 - 2014-02-16 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON
2014-07-01 23:13 - 2014-02-16 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-07-01 23:13 - 2014-02-16 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-07-01 23:13 - 2014-02-16 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-07-01 23:13 - 2014-02-16 02:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-01 23:13 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-07-01 23:13 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp
2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration
2014-07-01 23:12 - 2014-06-24 19:01 - 00000000 ____D () C:\Program Files\Common Files\Ahead
2014-07-01 23:12 - 2014-06-24 19:01 - 00000000 ____D () C:\Program Files\Ahead
2014-07-01 23:12 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files\Western Digital
2014-07-01 23:12 - 2014-05-27 18:14 - 00000000 ____D () C:\Program Files\Logitech
2014-07-01 23:12 - 2014-05-27 18:14 - 00000000 ____D () C:\Program Files\Common Files\Remote Control Software Common
2014-07-01 23:12 - 2014-05-27 18:13 - 00000000 ____D () C:\Program Files\Common Files\Remote Control USB Driver
2014-07-01 23:12 - 2014-05-22 13:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-01 23:12 - 2014-05-03 13:54 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-07-01 23:12 - 2014-05-03 13:53 - 00000000 ____D () C:\Program Files\Java
2014-07-01 23:12 - 2014-04-05 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-07-01 23:12 - 2014-02-16 13:39 - 00000000 __RHD () C:\MSOCache
2014-07-01 07:39 - 2014-02-16 13:42 - 00000000 ____D () C:\Windows\PCHEALTH
2014-06-29 02:30 - 2014-02-16 15:32 - 00000000 ____D () C:\Users\*******\AppData\Roaming\TS3Client
2014-06-25 17:48 - 2014-02-16 16:31 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-24 19:43 - 2014-06-24 18:35 - 00000000 ____D () C:\ProgramData\Nero
2014-06-24 18:40 - 2014-06-24 18:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nero
2014-06-20 16:43 - 2014-06-20 16:43 - 03964296 _____ () C:\Users\*******\Downloads\wd_discovery_windows.zip
2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 ____D () C:\Users\*******\Downloads\wd_discovery_windows
2014-06-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys
2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys
2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys
2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys
2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys
2014-06-14 22:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-14 21:27 - 2014-06-14 21:27 - 01120679 _____ () C:\Users\*******\Downloads\mlm.zip
2014-06-14 21:01 - 2014-02-16 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-14 16:19 - 2014-06-14 16:19 - 00000000 ____D () C:\Users\*******\AppData\Local\Blizzard
2014-06-14 16:08 - 2014-02-16 14:44 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2014-06-14 16:06 - 2014-06-14 16:06 - 03099552 _____ (Blizzard Entertainment) C:\Users\*******\Downloads\Hearthstone-Setup-deDE.exe
2014-06-14 15:31 - 2014-05-06 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-13 01:14 - 2014-02-16 03:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 01:13 - 2014-02-16 03:15 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-08 22:42 - 2014-02-16 02:39 - 01627120 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-08 10:48 - 2014-06-13 09:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-13 09:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 10:30 - 2009-07-14 06:53 - 00032630 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-28 10:40
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:05-07-2014 01
Ran by ******* at 2014-07-06 02:13:34
Running from C:\Users\*******\Downloads
Boot Mode: Safe Mode (with Networking)
==========================================================
==================== Security Center ========================
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.30740 - BitTorrent Inc.)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 4 Design Standard (HKLM\...\Adobe_1e3ba55b33b1e8227645fb9c82acca3) (Version: 4.0 - Adobe Systems Incorporated)
Adobe Creative Suite 4 Design Standard (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (HKLM\...\{3A6829EF-0791-4FDD-9382-C690DD0821B9}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 10 Plugin (HKLM\...\{03DEEAD2-F3B7-45BF-9006-A25D015F00D2}) (Version: 10.0.2.54 - Adobe Systems, Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.2.54 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ImageStyler 1.0 (HKLM\...\Adobe ImageStyler 1.0) (Version: - )
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
AudioBox version 1.2 (HKLM\...\{554BB593-3543-4AEB-A192-2AC87EC3FF31}_is1) (Version: 1.2 - PreSonus)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4716 - AVG Technologies)
AVG 2014 (Version: 14.0.3986 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4716 - AVG Technologies) Hidden
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 2(TM) (HKLM\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: - )
BlueStacks App Player (HKLM\...\BlueStacks App Player) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM\...\{62763BAD-53A8-4C9F-B4CF-7CCABFEFD725}) (Version: 0.8.6.3059 - BlueStack Systems, Inc.)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM\...\Steam App 42750) (Version: - Infinity Ward - Sledgehammer Games)
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.810 - Curse)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Definition Update for Microsoft Office 2013 (KB2760587) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{2BC398D2-11C8-43B1-AB84-675D33EB28C2}) (Version: - Microsoft)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.4 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.2.20140326 - Landesfinanzdirektion Thüringen)
Free Audio Converter version 5.0.35.304 (HKLM\...\Free Audio Converter_is1) (Version: 5.0.35.304 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Joe (HKLM\...\{E8CD6D29-F0CD-492D-948B-57F737FE3C07}) (Version: 5.00.0000 - Wirth IT Design)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech Harmony Remote Software 7 (HKLM\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (Version: 7.7.0.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Access MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft DCF MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Korrekturhilfen 2013 - Deutsch (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Italiano (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Word MUI (German) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Native Instruments Controller Editor (HKLM\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.3.5.667 - Native Instruments) Hidden
Native Instruments Guitar Rig 5 (HKLM\...\Native Instruments Guitar Rig 5) (Version: - Native Instruments)
Native Instruments Guitar Rig 5 (Version: 5.0.0.2354 - Native Instruments) Hidden
Native Instruments Guitar Rig Mobile I/O (HKLM\...\Native Instruments Guitar Rig Mobile I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Mobile I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Guitar Rig Session I/O (HKLM\...\Native Instruments Guitar Rig Session I/O) (Version: - Native Instruments)
Native Instruments Guitar Rig Session I/O (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Rig Kontrol 3 (HKLM\...\Native Instruments Rig Kontrol 3) (Version: - Native Instruments)
Native Instruments Rig Kontrol 3 (Version: 3.0.0.625 - Native Instruments) Hidden
Native Instruments Service Center (HKLM\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
NAVIGON Fresh 3.5.1 (HKLM\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
NVIDIA 3D Vision Controller-Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 332.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 11.10.11 (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 11.10.11 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Remote Control USB Driver (HKLM\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.95 (HKLM\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Samsung Kies3 (HKLM\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (Version: 3.2.14013.45 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (Version: - Microsoft) Hidden
SHIELD Streaming (Version: 1.7.306 - NVIDIA Corporation) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney 8.0 (HKLM\...\{41696615-417E-41A6-8CD7-50961BCCCEF1}) (Version: 8.0 - Star Finanz GmbH)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.3 - CrystalIDEA Software, Inc.)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Excel 2013 (KB2881014) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{33BAD262-B737-4DFA-8527-02961A9CE7BB}) (Version: - Microsoft)
Update for Microsoft Lync 2013 (KB2850074) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{968E82F6-FAF7-45E0-BCC0-EF8AA31A4EB3}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7610F07-E844-4444-8E1D-D5BC8AD0B4C5}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{45B7D395-EB9B-414F-9E46-5849B42326E2}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{66421820-D3CA-450A-898C-78D7E40108E6}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1644D7F6-90EE-4252-8884-18E4E330529D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2826040) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{B7EA8070-C37F-4617-82F4-52CF3304595A}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{9BC5FF1D-9626-44D7-BC7F-EB44BD8BDB9F}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{AD7045B8-1D75-4B4C-8120-12F045D206C7}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2878313) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1FB43AFB-8112-41B9-B9A6-A43474F46123}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880457) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D27F6360-AE1E-4C8C-8ECD-C0375E20B923}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{5D6439FF-D651-4B13-B52E-2508AB9DE19D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880464) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{06EF2BF7-7351-4D70-A0D5-588FCCF9808D}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880476) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{DDF64A37-8E32-406E-A94C-9F5B03661A21}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{7C5CEE0F-6823-4BB7-A28F-76FEC14EB6AC}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{071A9ED9-C72F-4CDA-9A88-F100C5EF9EE1}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-0409-0000-0000000FF1CE}_Office15.PROPLUSR_{3365FE58-896F-45DE-8051-E48F6D8069FD}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-040C-0000-0000000FF1CE}_Office15.PROPLUSR_{A2D4D766-14AE-46CA-BD99-801FB1523626}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2880991) 32-Bit Edition (HKLM\...\{90150000-001F-0410-0000-0000000FF1CE}_Office15.PROPLUSR_{FE13BE31-2B5B-4D4E-8538-B3BB9B370C66}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0016-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{90150000-0090-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{01B80B63-C638-4004-9148-75B8C8518B1E}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM\...\{90150000-00BA-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneDrive for Business (KB2881018) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{D3CFB57E-39C0-4D2F-96D2-EC8BB1DB369D}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM\...\{90150000-00A1-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft)
Update for Microsoft OneNote 2013 (KB2880458) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{E102B907-56A0-476E-9D7F-D74C7C42527F}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{1BCA67A6-5329-48D0-A088-C097AC7A14BD}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM\...\{90150000-0018-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2881000) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{4F3B2C6F-B7F9-431F-84ED-C29F47B31DB7}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM\...\{90150000-0019-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft)
Update for Microsoft Publisher 2013 (KB2726952) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{173C8CEB-B73E-4C38-AF3A-05EA5BB860D4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{90150000-006E-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{25C61889-2E44-4BE1-9E96-9364BFDCF501}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{A7CD05CC-CA85-428C-91FD-74A908D126E1}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM\...\{90150000-001A-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM\...\{90150000-001B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM\...\{90150000-012B-0407-0000-0000000FF1CE}_Office15.PROPLUSR_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Update for Microsoft Word 2013 (KB2881005) 32-Bit Edition (HKLM\...\{91150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUSR_{F60958B9-F8A9-488F-99AD-8A6D95070CD8}) (Version: - Microsoft)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD Discovery (HKLM\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
World of Warcraft (HKLM\...\World of Warcraft) (Version: - Blizzard Entertainment)
==================== Restore Points =========================
25-06-2014 15:47:35 Installed Java 7 Update 60
02-07-2014 22:00:01 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1027367F-EE43-43A9-92FF-A15D2D91BA1A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {1718B58E-18B3-4EC6-AE3D-48AD793EDA0F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-02-16] (Google Inc.)
Task: {3A10AB46-3446-4DAB-9041-4A00E84A8D4E} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {6E0D55CE-884C-4F15-A596-FBF1B6FFB5A4} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {78BE2004-0C7A-4400-8EB4-F4E6483E7367} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {81619C68-DFF0-4ECB-9DD9-9F16C4E7187F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for *******-PC-******* *******-PC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2014-04-08] (Microsoft Corporation)
Task: {9214003B-E918-4B38-830F-B442C3708796} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {C3BB9A14-96AE-471D-AB87-20A17B088B8F} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-06-13 10:01 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-13 10:01 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-13 10:01 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\startupfolder: C:^Users^*******^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk => C:\Windows\pss\Dropbox.lnk.Startup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AudioBox VSL => C:\Program Files\PreSonus\AudioBox\AudioBox.exe -startup
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: NeroFilterCheck => C:\Windows\system32\NeroCheck.exe
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
==================== Faulty Device Manager Devices =============
Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/06/2014 01:54:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.153 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16bc
Startzeit: 01cf98ac41d57943
Endzeit: 60000
Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe
Berichts-ID: 8fe845ed-049f-11e4-847c-00306792e1cc
Error: (07/06/2014 01:23:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/05/2014 08:40:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm chrome.exe, Version 35.0.1916.153 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7b4
Startzeit: 01cf988052099b4b
Endzeit: 21704
Anwendungspfad: C:\Program Files\Google\Chrome\Application\chrome.exe
Berichts-ID: c5a13f5f-0473-11e4-97f9-00306792e1cc
Error: (07/05/2014 08:25:07 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/05/2014 00:29:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/05/2014 09:23:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/04/2014 00:22:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1". Fehler in Manifest- oder Richtliniendatei "Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"2" in Zeile Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Definition: Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error: (07/04/2014 09:33:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/04/2014 09:33:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (07/04/2014 09:33:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
System errors:
=============
Error: (07/06/2014 02:12:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:12:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:12:26 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:12:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:12:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:12:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:08:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:08:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:08:45 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Error: (07/06/2014 02:06:38 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%1068
Microsoft Office Sessions:
=========================
Error: (07/06/2014 01:54:45 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.15316bc01cf98ac41d5794360000C:\Program Files\Google\Chrome\Application\chrome.exe8fe845ed-049f-11e4-847c-00306792e1cc
Error: (07/06/2014 01:23:07 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/05/2014 08:40:29 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: chrome.exe35.0.1916.1537b401cf988052099b4b21704C:\Program Files\Google\Chrome\Application\chrome.exec5a13f5f-0473-11e4-97f9-00306792e1cc
Error: (07/05/2014 08:25:07 PM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/05/2014 00:29:08 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (07/05/2014 09:23:13 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/04/2014 00:22:55 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Microsoft.VC90.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"Microsoft.VC90.CRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"c:\program files\Samsung\Kies3\firmwareupdate\SM-N9005\DeviceController64.exec:\program files\Samsung\Kies3\firmwareupdate\SM-N9005\Microsoft.VC90.CRT.MANIFEST11
Error: (07/04/2014 09:33:47 AM) (Source: BstHdAndroidSvc) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. System.ApplicationException: Cannot start service. Service did not stop gracefully the last time it was run.
bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)
bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object state)
Error: (07/04/2014 09:33:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (07/04/2014 09:33:40 AM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 3031.12 MB
Available physical RAM: 2111.95 MB
Total Pagefile: 6060.52 MB
Available Pagefile: 5068.16 MB
Total Virtual: 2047.88 MB
Available Virtual: 1900.32 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:100 GB) (Free:45.65 GB) NTFS
Drive d: (Games) (Fixed) (Total:831.41 GB) (Free:636.35 GB) NTFS
Drive e: (Arwen) (Fixed) (Total:74.53 GB) (Free:21.13 GB) NTFS
Drive f: (leer) (Fixed) (Total:465.76 GB) (Free:464.71 GB) NTFS
Drive g: (16 Sep 2011) (CDROM) (Total:3.95 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 1C0FCF79)
Partition 1: (Not Active) - (Size=100 GB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=831 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 75 GB) (Disk ID: D495D495)
Partition 1: (Not Active) - (Size=75 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 484B484A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
06.07.2014, 11:43
| #4 |
| /// the machine /// TB-Ausbilder | Komme nicht mehr ins Internet (pup.optional.conduit.a) hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
06.07.2014, 12:45
| #5 |
| | Komme nicht mehr ins Internet (pup.optional.conduit.a) Alle Viren und Malware Programme waren deaktiviert, er hat dennoch 2x auf die aktiven Programme hingewiesen. Code:
ATTFilter ComboFix 14-07-03.01 - Marloni 06.07.2014 13:36:11.1.8 - x86 NETWORK
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3031.1716 [GMT 2:00]
ausgeführt von:: c:\users\Marloni\Desktop\ComboFix.exe
AV: AVG Internet Security 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2014 *Disabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Java\jre7\bin\jp2ssv.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-06 bis 2014-07-06 ))))))))))))))))))))))))))))))
.
.
2014-07-06 11:39 . 2014-07-06 11:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-07-06 11:39 . 2014-07-06 11:39 -------- d-----w- c:\users\Arwen\AppData\Local\temp
2014-07-06 00:23 . 2014-07-06 00:42 -------- d-----w- C:\AdwCleaner
2014-07-06 00:12 . 2014-07-06 07:53 -------- d-----w- C:\FRST
2014-07-06 00:01 . 2014-07-06 00:01 -------- d-----w- c:\program files\VS Revo Group
2014-07-05 19:16 . 2014-07-05 19:20 -------- d-----w- c:\users\Marloni\AppData\Roaming\Dropbox
2014-07-01 21:53 . 2014-07-06 08:39 -------- d-----w- c:\users\Marloni\AppData\Local\JDownloader 2.0
2014-07-01 21:52 . 2014-07-01 21:52 -------- d-----w- c:\program files\JDownloader
2014-07-01 21:33 . 2014-07-06 08:39 -------- d-----w- c:\users\Marloni\AppData\Local\JDownloader v2.0
2014-06-24 17:42 . 2014-07-01 21:13 -------- d-----w- c:\program files\Common Files\Nero
2014-06-24 17:42 . 2014-07-01 21:13 -------- d-----w- c:\program files\Nero
2014-06-24 17:01 . 2004-03-03 19:30 5504 ----a-w- c:\windows\system32\drivers\imagedrv.sys
2014-06-24 17:01 . 2004-03-03 19:30 125184 ----a-w- c:\windows\system32\drivers\imagesrv.sys
2014-06-24 17:01 . 2014-07-01 21:12 -------- d-----w- c:\program files\Common Files\Ahead
2014-06-24 17:01 . 2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2014-06-24 17:01 . 2001-07-06 16:24 283920 ----a-w- c:\windows\system32\ImagXpr5.dll
2014-06-24 17:01 . 2001-07-06 12:41 569344 ----a-w- c:\windows\system32\imagr5.dll
2014-06-24 17:01 . 2001-07-06 10:44 544768 ----a-w- c:\windows\system32\imagx5.dll
2014-06-24 17:01 . 2001-06-26 06:15 38912 ----a-w- c:\windows\system32\picn20.dll
2014-06-24 17:01 . 2000-06-26 09:45 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2014-06-24 17:01 . 2014-07-01 21:12 -------- d-----w- c:\program files\Ahead
2014-06-24 16:40 . 2014-06-24 16:40 -------- d-----w- c:\users\Marloni\AppData\Roaming\Nero
2014-06-24 16:35 . 2014-06-24 17:43 -------- d-----w- c:\programdata\Nero
2014-06-20 15:13 . 2014-07-01 21:13 -------- d-----w- c:\users\Marloni\AppData\Local\Western_Digital_Technolog
2014-06-20 14:45 . 2014-07-01 21:13 -------- d-----w- c:\program files\Common Files\Western Digital
2014-06-20 14:45 . 2014-07-01 21:12 -------- d-----w- c:\program files\Western Digital
2014-06-17 14:22 . 2014-06-17 14:22 188696 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2014-06-17 14:21 . 2014-06-17 14:21 197400 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2014-06-17 14:18 . 2014-06-17 14:18 241944 ----a-w- c:\windows\system32\drivers\avglogx.sys
2014-06-17 14:17 . 2014-06-17 14:17 147736 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2014-06-17 14:06 . 2014-06-17 14:06 199960 ----a-w- c:\windows\system32\drivers\avgidsdriverx.sys
2014-06-17 14:06 . 2014-06-17 14:06 121624 ----a-w- c:\windows\system32\drivers\avgdiskx.sys
2014-06-17 14:06 . 2014-06-17 14:06 98584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 27416 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2014-06-17 14:06 . 2014-06-17 14:06 21272 ----a-w- c:\windows\system32\drivers\avgidsshimx.sys
2014-06-14 14:19 . 2014-06-14 14:19 -------- d-----w- c:\users\Marloni\AppData\Local\Blizzard
2014-06-13 07:27 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-12 10:53 . 2014-05-08 09:06 2742784 ----a-w- c:\windows\system32\rdpcorets.dll
2014-06-12 10:53 . 2014-05-08 09:06 13824 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-07-06 10:27 . 2014-05-22 11:31 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-12 05:26 . 2014-05-22 11:31 51928 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-12 05:25 . 2014-05-22 11:31 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-12 05:25 . 2014-05-22 11:31 23256 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-03 11:53 . 2014-05-03 11:54 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-25 00:16 . 2014-04-25 00:16 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:15 . 2014-05-14 09:35 67520 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:15 . 2014-05-14 09:35 136640 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:12 . 2014-05-14 09:35 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 09:35 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:12 . 2014-05-14 09:35 22016 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:11 . 2014-05-14 09:35 1059840 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:11 . 2014-05-14 09:35 22528 ----a-w- c:\windows\system32\lsass.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap.dll" [2014-01-21 1048152]
"AVG_UI"="c:\program files\AVG\AVG2014\avgui.exe" [2014-06-17 5179408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
.
c:\users\Marloni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-2-17 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2013-05-08 01:17 642664 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
2013-05-08 12:14 44128 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AudioBox VSL]
2012-05-24 11:47 7591424 ----a-w- c:\program files\PreSonus\AudioBox\AudioBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2014-03-04 09:19 3696912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
.
R1 Avgdiskx;AVG Disk Driver;c:\windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
R1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
R1 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG2014\avgfws.exe [2014-06-17 1417160]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 BstHdDrv;BlueStacks Hypervisor;c:\program files\BlueStacks\HD-Hypervisor-x86.sys [2014-02-18 113424]
R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files\BlueStacks\HD-LogRotatorService.exe [2014-02-18 385808]
R2 BstHdUpdaterSvc;BlueStacks Updater Service;c:\program files\BlueStacks\HD-UpdaterService.exe [2014-02-18 766736]
R2 MBAMScheduler;MBAMScheduler;c:\program files\ Malwarebytes Anti-Malware \mbamscheduler.exe [2014-05-12 1809720]
R2 MBAMService;MBAMService;c:\program files\ Malwarebytes Anti-Malware \mbamservice.exe [2014-05-12 860472]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2011-04-07 3857408]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-01-21 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-01-21 15901984]
R2 StarMoney 8.0 OnlineUpdate;StarMoney 8.0 OnlineUpdate;c:\program files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [2012-12-21 699680]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-12-19 411936]
R3 CisUtMonitor;CisUtMonitor;c:\windows\system32\DRIVERS\CisUtMonitor.sys [2011-10-30 27600]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2014-01-22 88576]
R3 dmvsc;dmvsc;c:\windows\system32\DRIVERS\dmvsc.sys [2011-02-10 62464]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2014-05-12 23256]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad32v.sys [2013-12-27 34080]
R3 paeusbaudio;paeusbaudio;c:\windows\system32\DRIVERS\paeusbaudio.sys [2012-05-24 195448]
R3 paeusbaudiodsp;paeusbaudiodsp;c:\windows\system32\DRIVERS\paeusbaudiodsp.sys [2012-05-24 60280]
R3 paeusbaudioks;paeusbaudioks;c:\windows\system32\DRIVERS\paeusbaudioks.sys [2012-05-24 42872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2014-01-22 184192]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2011-02-10 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2013-10-02 49152]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\DRIVERS\TsUsbGD.sys [2011-02-10 27264]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2011-02-10 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [2014-06-17 147736]
S0 Avglogx;AVG Logging Driver;c:\windows\system32\DRIVERS\avglogx.sys [2014-06-17 241944]
S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [2014-06-17 27416]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2013-09-26 47928]
S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2014-04-05 243128]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
S3 SCR3XX2K;SCR3xx USB SmartCardReader;c:\windows\system32\DRIVERS\SCR3XX2K.sys [2011-09-07 59776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-13 07:58 1091912 ----a-w- c:\program files\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-16 00:37]
.
2014-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2014-02-16 00:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: An vorhandenes PDF anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.2.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe ImageStyler 1.0 - c:\windows\IsUn0407.exe
AddRemove-25_escape - c:\program files\SAMSUNG\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-06 13:41:05
ComboFix-quarantined-files.txt 2014-07-06 11:41
.
Vor Suchlauf: 10 Verzeichnis(se), 52.188.729.344 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 52.748.562.432 Bytes frei
.
- - End Of File - - E4F17E0862390B8E36C42F6A9CB9C06F
A36C5E4F47E84449FF07ED3517B43A31
|
|
06.07.2014, 17:47
| #6 |
| /// the machine /// TB-Ausbilder | Komme nicht mehr ins Internet (pup.optional.conduit.a) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Komme nicht mehr ins Internet (pup.optional.conduit.a) |
|
07.07.2014, 18:31
| #7 |
| | Komme nicht mehr ins Internet (pup.optional.conduit.a) Spezielle JRT ging wieder nur im abgesicherten Modus, im normalen Modus war es nur ein schwarzes cmd Fenster, ohne Meldung. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.07.2014 Suchlauf-Zeit: 11:18:17 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.07.01 Rootkit Datenbank: v2014.07.03.01 Lizenz: Premium Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: ******* Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 301488 Verstrichene Zeit: 5 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Conduit.A, C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "startup_urls": [ "hxxp://www.google.com/", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP18DABBE2-76D5-47B8-9A59-AE57AD7C6C3D&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1399117199&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1399982491&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400346069&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400403659&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400755698&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX" ],), Ersetzt,[6845e4b891ea8da9d0ffa81ca46019e7] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.214 - Bericht erstellt am 07/07/2014 um 10:24:11
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : ****** - ******-PC
# Gestartet von : C:\Users\******\Downloads\adwcleaner_3.214.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\FindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateFindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilFindRight_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Arwen\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1400656949&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX&q={searchTerms}
[ Datei : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=dspp&ts=1400755698&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX&q={searchTerms}
Gelöscht [Startup_urls] : hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP18DABBE2-76D5-47B8-9A59-AE57AD7C6C3D&SSPV=
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hp&ts=1399117199&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1399982491&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1400346069&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1400403659&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX
Gelöscht [Startup_urls] : hxxp://www.sweet-page.com/?type=hppp&ts=1400755698&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX
*************************
AdwCleaner[R1].txt - [5244 octets] - [06/07/2014 02:23:28]
AdwCleaner[R2].txt - [2812 octets] - [06/07/2014 02:41:59]
AdwCleaner[S1].txt - [2737 octets] - [07/07/2014 10:24:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2797 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x86
Ran by ******* on 07.07.2014 at 11:13:50,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.07.2014 at 11:15:00,12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01 Ran by ******* (administrator) on *******-PC on 07-07-2014 13:10:24 Running from C:\Users\*******\Desktop Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Safe Mode (with Networking) ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [1048152 2014-01-21] (NVIDIA Corporation) HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [NeroFilterCheck] => C:\Windows\system32\NeroCheck.exe [155648 2001-07-09] (Ahead Software Gmbh) Winlogon\Notify\ScCertProp: wlnotify.dll [X] Startup: C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA801ABDDAE2ACF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Acrobat - C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation) Chrome: ======= CHR HomePage: hxxp://www.google.de/ CHR StartupUrls: "hxxp://www.google.com/", "hxxp://www.google.com/", "hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP18DABBE2-76D5-47B8-9A59-AE57AD7C6C3D&SSPV=", "hxxp://www.sweet-page.com/?type=hp&ts=1399117199&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1399982491&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400346069&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400403659&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX", "hxxp://www.sweet-page.com/?type=hppp&ts=1400755698&from=cor&uid=HitachiXHDS721010CLA332_JP2940HZ0UG7TC0UG7TCX" CHR Extension: (Google Docs) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-06] CHR Extension: (Google Drive) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-06] CHR Extension: (Brushed) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfjgbcjfpbbfepcccpaffkjofcmglifg [2014-07-06] CHR Extension: (YouTube) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-06] CHR Extension: (SmoothScroll) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cccpiddacjljmfbbgeimpelpndgpoknn [2014-07-06] CHR Extension: (Adblock Plus) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-07-06] CHR Extension: (Google-Suche) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-06] CHR Extension: (Video Downloader professional) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2014-07-06] CHR Extension: (AdBlock) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-06] CHR Extension: (Google Wallet) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-06] CHR Extension: (Adblock Pro) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2014-07-06] CHR Extension: (Google Mail) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-06] ========================== Services (Whitelisted) ================= S2 avgfws; C:\Program Files\AVG\AVG2014\avgfws.exe [1417160 2014-06-17] (AVG Technologies CZ, s.r.o.) S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.) S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.) S2 BstHdAndroidSvc; C:\Program Files\BlueStacks\HD-Service.exe [402192 2014-02-18] (BlueStack Systems, Inc.) S2 BstHdLogRotatorSvc; C:\Program Files\BlueStacks\HD-LogRotatorService.exe [385808 2014-02-18] (BlueStack Systems, Inc.) S2 BstHdUpdaterSvc; C:\Program Files\BlueStacks\HD-UpdaterService.exe [766736 2014-02-18] (BlueStack Systems, Inc.) S2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [3857408 2011-04-07] (Native Instruments GmbH) [File not signed] S2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-21] (NVIDIA Corporation) S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15901984 2014-01-21] (NVIDIA Corporation) S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2014-04-05] () S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH) ==================== Drivers (Whitelisted) ==================== S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [47928 2013-09-26] (AVG Technologies CZ, s.r.o.) S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) S2 BstHdDrv; C:\Program Files\BlueStacks\HD-Hypervisor-x86.sys [113424 2014-02-18] (BlueStack Systems) S3 CisUtMonitor; C:\Windows\System32\DRIVERS\CisUtMonitor.sys [27600 2011-10-30] (CrystalIdea Software) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [243128 2014-04-05] (Disc Soft Ltd) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-07] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-27] (NVIDIA Corporation) S3 paeusbaudio; C:\Windows\System32\DRIVERS\paeusbaudio.sys [195448 2012-05-24] () S3 paeusbaudiodsp; C:\Windows\System32\DRIVERS\paeusbaudiodsp.sys [60280 2012-05-24] () S3 paeusbaudioks; C:\Windows\System32\DRIVERS\paeusbaudioks.sys [42872 2012-05-24] () R3 SCR3XX2K; C:\Windows\System32\DRIVERS\SCR3XX2K.sys [59776 2011-09-07] (SCM Microsystems Inc.) S3 catchme; \??\C:\Users\*******\AppData\Local\Temp\catchme.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 13:10 - 2014-07-07 13:10 - 01074688 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe 2014-07-07 13:10 - 2014-07-07 13:10 - 00000000 _____ () C:\Users\*******\Desktop\FRST.txt 2014-07-07 11:25 - 2014-07-07 11:25 - 00002075 _____ () C:\Users\*******\Desktop\mbam.txt 2014-07-07 11:15 - 2014-07-07 11:15 - 00000693 _____ () C:\Users\*******\Desktop\JRT.txt 2014-07-07 11:13 - 2014-07-07 11:13 - 00000000 ____D () C:\Windows\ERUNT 2014-07-07 10:36 - 2014-02-17 18:35 - 00000318 _____ () C:\Users\*******\Desktop\Curse Client.appref-ms 2014-07-07 10:34 - 2014-07-07 10:34 - 01016261 _____ (Thisisu) C:\Users\*******\Desktop\JRT.exe 2014-07-07 10:22 - 2014-07-07 10:23 - 01346519 _____ () C:\Users\*******\Downloads\adwcleaner_3.214.exe 2014-07-06 15:54 - 2014-07-06 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-06 15:52 - 2014-07-07 10:57 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-06 15:52 - 2014-07-07 10:31 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-06 15:52 - 2014-07-06 15:54 - 00000000 ____D () C:\Users\*******\AppData\Local\Google 2014-07-06 13:41 - 2014-07-06 13:41 - 00015594 _____ () C:\ComboFix.txt 2014-07-06 13:34 - 2014-07-06 13:41 - 00000000 ____D () C:\Qoobox 2014-07-06 13:34 - 2014-07-06 13:40 - 00000000 ____D () C:\Windows\erdnt 2014-07-06 13:34 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-07-06 13:34 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-07-06 13:34 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-07-06 13:34 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-07-06 13:34 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-07-06 13:34 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-07-06 13:34 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-07-06 13:34 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-07-06 12:35 - 2014-07-06 13:31 - 00032244 _____ () C:\Windows\system32\avgrep.txt 2014-07-06 02:23 - 2014-07-07 10:24 - 00000000 ____D () C:\AdwCleaner 2014-07-06 02:12 - 2014-07-07 13:10 - 00000000 ____D () C:\FRST 2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 _____ () C:\Users\*******\defogger_reenable 2014-07-06 02:01 - 2014-07-06 02:01 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-05 21:18 - 2014-07-06 10:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-05 21:18 - 2014-07-05 21:19 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster 2014-07-05 21:16 - 2014-07-05 21:20 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox 2014-07-01 23:54 - 2014-07-01 23:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-07-01 23:53 - 2014-07-06 17:52 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader 2.0 2014-07-01 23:52 - 2014-07-01 23:52 - 00000000 ____D () C:\Program Files\JDownloader 2014-07-01 23:33 - 2014-07-06 10:39 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader v2.0 2014-06-24 19:42 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Nero 2014-06-24 19:42 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-06-24 19:01 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2014-06-24 19:01 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Common Files\Ahead 2014-06-24 19:01 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Ahead 2014-06-24 19:01 - 2004-03-03 21:30 - 00125184 _____ (Ahead Software AG) C:\Windows\system32\Drivers\imagesrv.sys 2014-06-24 19:01 - 2004-03-03 21:30 - 00005504 _____ (Ahead Software AG) C:\Windows\system32\Drivers\imagedrv.sys 2014-06-24 19:01 - 2001-07-09 11:50 - 00155648 _____ (Ahead Software Gmbh) C:\Windows\system32\NeroCheck.exe 2014-06-24 19:01 - 2001-07-06 18:24 - 00283920 _____ (Pegasus Software, LLC) C:\Windows\system32\ImagXpr5.dll 2014-06-24 19:01 - 2001-07-06 14:41 - 00569344 _____ (Pegasus Software,LLC) C:\Windows\system32\imagr5.dll 2014-06-24 19:01 - 2001-07-06 12:44 - 00544768 _____ (Pegasus Software, LLC) C:\Windows\system32\imagx5.dll 2014-06-24 19:01 - 2001-06-26 08:15 - 00038912 _____ (Pegasus Imaging Corp.) C:\Windows\system32\picn20.dll 2014-06-24 19:01 - 2000-06-26 11:45 - 00106496 _____ (Pegasus Software) C:\Windows\system32\TwnLib20.dll 2014-06-24 18:40 - 2014-06-24 18:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nero 2014-06-24 18:35 - 2014-06-24 19:43 - 00000000 ____D () C:\ProgramData\Nero 2014-06-20 17:13 - 2014-07-01 23:13 - 00000000 ____D () C:\Users\*******\AppData\Local\Western_Digital_Technolog 2014-06-20 16:45 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-06-20 16:45 - 2014-07-01 23:13 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-06-20 16:45 - 2014-07-01 23:12 - 00000000 ____D () C:\Program Files\Western Digital 2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 ____D () C:\Users\*******\Downloads\wd_discovery_windows 2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys 2014-06-14 21:27 - 2014-07-01 23:13 - 00000000 ____D () C:\Users\*******\Downloads\mlm 2014-06-14 16:19 - 2014-06-14 16:19 - 00000000 ____D () C:\Users\*******\AppData\Local\Blizzard 2014-06-14 16:08 - 2014-07-01 23:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2014-06-13 09:28 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-13 09:28 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-06-13 09:28 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-13 09:28 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-13 09:28 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-13 09:28 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-13 09:28 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-13 09:28 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-13 09:28 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-13 09:28 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-13 09:28 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-13 09:28 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-13 09:28 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-13 09:28 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-13 09:28 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-13 09:28 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-13 09:28 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-13 09:28 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-13 09:28 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-13 09:28 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-13 09:28 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-13 09:28 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-13 09:28 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-13 09:28 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-13 09:28 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-13 09:28 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-13 09:28 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-13 09:28 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-13 09:28 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-13 09:28 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-13 09:28 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-13 09:28 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-13 09:28 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-13 09:28 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-13 09:28 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-13 09:28 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-13 09:27 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-12 12:53 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-12 12:53 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll ==================== One Month Modified Files and Folders ======= 2014-07-07 13:10 - 2014-07-07 13:10 - 01074688 _____ (Farbar) C:\Users\*******\Desktop\FRST.exe 2014-07-07 13:10 - 2014-07-07 13:10 - 00000000 _____ () C:\Users\*******\Desktop\FRST.txt 2014-07-07 13:10 - 2014-07-06 02:12 - 00000000 ____D () C:\FRST 2014-07-07 11:25 - 2014-07-07 11:25 - 00002075 _____ () C:\Users\*******\Desktop\mbam.txt 2014-07-07 11:18 - 2014-05-22 13:31 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 11:15 - 2014-07-07 11:15 - 00000693 _____ () C:\Users\*******\Desktop\JRT.txt 2014-07-07 11:13 - 2014-07-07 11:13 - 00000000 ____D () C:\Windows\ERUNT 2014-07-07 11:02 - 2014-02-16 02:26 - 01102989 _____ () C:\Windows\WindowsUpdate.log 2014-07-07 10:57 - 2014-07-06 15:52 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-07 10:38 - 2009-07-14 06:34 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-07 10:38 - 2009-07-14 06:34 - 00016624 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-07 10:36 - 2014-02-16 02:37 - 00000000 ____D () C:\Users\*******\AppData\Local\Deployment 2014-07-07 10:34 - 2014-07-07 10:34 - 01016261 _____ (Thisisu) C:\Users\*******\Desktop\JRT.exe 2014-07-07 10:33 - 2014-02-16 13:16 - 00000000 ____D () C:\ProgramData\MFAData 2014-07-07 10:31 - 2014-07-06 15:52 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 10:31 - 2014-03-18 23:52 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-07 10:31 - 2014-02-16 02:30 - 00023040 _____ () C:\Windows\PFRO.log 2014-07-07 10:31 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-07 10:31 - 2009-07-14 06:39 - 00063547 _____ () C:\Windows\setupact.log 2014-07-07 10:24 - 2014-07-06 02:23 - 00000000 ____D () C:\AdwCleaner 2014-07-07 10:23 - 2014-07-07 10:22 - 01346519 _____ () C:\Users\*******\Downloads\adwcleaner_3.214.exe 2014-07-07 10:21 - 2014-03-02 01:12 - 00000000 ____D () C:\Users\*******\AppData\Local\Battle.net 2014-07-06 17:52 - 2014-07-01 23:53 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader 2.0 2014-07-06 15:54 - 2014-07-06 15:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome 2014-07-06 15:54 - 2014-07-06 15:52 - 00000000 ____D () C:\Users\*******\AppData\Local\Google 2014-07-06 15:54 - 2014-02-16 02:37 - 00000000 ____D () C:\Program Files\Google 2014-07-06 13:43 - 2014-02-16 02:37 - 00000000 ____D () C:\Users\*******\AppData\Local\Apps\2.0 2014-07-06 13:41 - 2014-07-06 13:41 - 00015594 _____ () C:\ComboFix.txt 2014-07-06 13:41 - 2014-07-06 13:34 - 00000000 ____D () C:\Qoobox 2014-07-06 13:41 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default 2014-07-06 13:41 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public 2014-07-06 13:40 - 2014-07-06 13:34 - 00000000 ____D () C:\Windows\erdnt 2014-07-06 13:40 - 2009-07-14 04:04 - 00000215 _____ () C:\Windows\system.ini 2014-07-06 13:31 - 2014-07-06 12:35 - 00032244 _____ () C:\Windows\system32\avgrep.txt 2014-07-06 11:06 - 2014-02-16 02:32 - 00000000 ____D () C:\Users\******* 2014-07-06 10:50 - 2014-02-26 13:40 - 00000000 ____D () C:\Users\Arwen\Documents\Studio One 2014-07-06 10:40 - 2014-07-05 21:18 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-07-06 10:40 - 2014-04-06 12:52 - 00000000 ____D () C:\Users\Arwen\AppData\Roaming\vlc 2014-07-06 10:40 - 2014-02-17 19:07 - 00000000 ____D () C:\ProgramData\FLEXnet 2014-07-06 10:40 - 2014-02-16 23:37 - 00000000 ____D () C:\Users\Arwen\AppData\Roaming\Winamp 2014-07-06 10:40 - 2014-02-16 14:44 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Winamp 2014-07-06 10:40 - 2009-07-14 06:52 - 00000000 ____D () C:\Program Files\Windows Photo Viewer 2014-07-06 10:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\wfp 2014-07-06 10:40 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\registration 2014-07-06 10:39 - 2014-07-01 23:33 - 00000000 ____D () C:\Users\*******\AppData\Local\JDownloader v2.0 2014-07-06 02:10 - 2014-07-06 02:10 - 00000000 _____ () C:\Users\*******\defogger_reenable 2014-07-06 02:01 - 2014-07-06 02:01 - 00000000 ____D () C:\Program Files\VS Revo Group 2014-07-05 21:20 - 2014-07-05 21:16 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox 2014-07-05 21:19 - 2014-07-05 21:18 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster 2014-07-02 09:27 - 2014-04-01 09:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-07-01 23:54 - 2014-07-01 23:54 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader 2014-07-01 23:52 - 2014-07-01 23:52 - 00000000 ____D () C:\Program Files\JDownloader 2014-07-01 23:13 - 2014-06-24 19:42 - 00000000 ____D () C:\Program Files\Nero 2014-07-01 23:13 - 2014-06-24 19:42 - 00000000 ____D () C:\Program Files\Common Files\Nero 2014-07-01 23:13 - 2014-06-24 19:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero 2014-07-01 23:13 - 2014-06-20 17:13 - 00000000 ____D () C:\Users\*******\AppData\Local\Western_Digital_Technolog 2014-07-01 23:13 - 2014-06-20 16:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital 2014-07-01 23:13 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files\Common Files\Western Digital 2014-07-01 23:13 - 2014-06-14 21:27 - 00000000 ____D () C:\Users\*******\Downloads\mlm 2014-07-01 23:13 - 2014-06-14 16:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hearthstone 2014-07-01 23:13 - 2014-05-27 18:14 - 00000000 ____D () C:\Users\*******\Logitech 2014-07-01 23:13 - 2014-05-27 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech 2014-07-01 23:13 - 2014-05-22 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-01 23:13 - 2014-05-22 13:31 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-07-01 23:13 - 2014-05-18 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular 2014-07-01 23:13 - 2014-05-14 07:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tools&More 2014-07-01 23:13 - 2014-05-03 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-01 23:13 - 2014-04-08 16:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-07-01 23:13 - 2014-04-07 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe 2014-07-01 23:13 - 2014-04-06 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Àíãëèéñêèé ÿçûê äëÿ Finale 2012.r3 2014-07-01 23:13 - 2014-04-06 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Native Instruments 2014-07-01 23:13 - 2014-03-31 10:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PreSonus 2014-07-01 23:13 - 2014-03-02 01:12 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Battle.net 2014-07-01 23:13 - 2014-02-28 19:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks 2014-07-01 23:13 - 2014-02-24 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-07-01 23:13 - 2014-02-17 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Standard CS4 2014-07-01 23:13 - 2014-02-16 15:31 - 00000000 ____D () C:\Users\*******\AppData\Local\TeamSpeak 3 Client 2014-07-01 23:13 - 2014-02-16 15:01 - 00000000 ____D () C:\Users\*******\AppData\Roaming\vlc 2014-07-01 23:13 - 2014-02-16 14:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-07-01 23:13 - 2014-02-16 14:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp 2014-07-01 23:13 - 2014-02-16 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarMoney 8.0 2014-07-01 23:13 - 2014-02-16 13:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Tool 2014-07-01 23:13 - 2014-02-16 13:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NAVIGON 2014-07-01 23:13 - 2014-02-16 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR 2014-07-01 23:13 - 2014-02-16 13:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013 2014-07-01 23:13 - 2014-02-16 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation 2014-07-01 23:13 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-07-01 23:13 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance 2014-07-01 23:13 - 2009-07-14 04:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories 2014-07-01 23:12 - 2014-06-24 19:01 - 00000000 ____D () C:\Program Files\Common Files\Ahead 2014-07-01 23:12 - 2014-06-24 19:01 - 00000000 ____D () C:\Program Files\Ahead 2014-07-01 23:12 - 2014-06-20 16:45 - 00000000 ____D () C:\Program Files\Western Digital 2014-07-01 23:12 - 2014-05-27 18:14 - 00000000 ____D () C:\Program Files\Logitech 2014-07-01 23:12 - 2014-05-27 18:14 - 00000000 ____D () C:\Program Files\Common Files\Remote Control Software Common 2014-07-01 23:12 - 2014-05-27 18:13 - 00000000 ____D () C:\Program Files\Common Files\Remote Control USB Driver 2014-07-01 23:12 - 2014-05-22 13:31 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-01 23:12 - 2014-05-03 13:54 - 00000000 ____D () C:\Program Files\Common Files\Java 2014-07-01 23:12 - 2014-05-03 13:53 - 00000000 ____D () C:\Program Files\Java 2014-07-01 23:12 - 2014-04-05 06:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES 2014-07-01 23:12 - 2014-02-16 13:39 - 00000000 ___RD () C:\MSOCache 2014-07-01 07:39 - 2014-02-16 13:42 - 00000000 ____D () C:\Windows\PCHEALTH 2014-06-29 02:30 - 2014-02-16 15:32 - 00000000 ____D () C:\Users\*******\AppData\Roaming\TS3Client 2014-06-25 17:48 - 2014-02-16 16:31 - 00000000 ____D () C:\ProgramData\Oracle 2014-06-24 19:43 - 2014-06-24 18:35 - 00000000 ____D () C:\ProgramData\Nero 2014-06-24 18:40 - 2014-06-24 18:40 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Nero 2014-06-20 16:43 - 2014-06-20 16:43 - 00000000 ____D () C:\Users\*******\Downloads\wd_discovery_windows 2014-06-19 20:14 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF 2014-06-17 16:22 - 2014-06-17 16:22 - 00188696 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx86.sys 2014-06-17 16:21 - 2014-06-17 16:21 - 00197400 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgtdix.sys 2014-06-17 16:18 - 2014-06-17 16:18 - 00241944 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avglogx.sys 2014-06-17 16:17 - 2014-06-17 16:17 - 00147736 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidshx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00199960 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdriverx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00121624 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgdiskx.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00098584 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgmfx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00027416 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgrkx86.sys 2014-06-17 16:06 - 2014-06-17 16:06 - 00021272 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsshimx.sys 2014-06-14 22:00 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache 2014-06-14 21:01 - 2014-02-16 13:40 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-06-14 16:19 - 2014-06-14 16:19 - 00000000 ____D () C:\Users\*******\AppData\Local\Blizzard 2014-06-14 16:08 - 2014-02-16 14:44 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment 2014-06-14 15:31 - 2014-05-06 10:17 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-06-13 01:14 - 2014-02-16 03:15 - 00000000 ____D () C:\Windows\system32\MRT 2014-06-13 01:13 - 2014-02-16 03:15 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-06-08 22:42 - 2014-02-16 02:39 - 01627120 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-08 10:48 - 2014-06-13 09:28 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-06-08 10:43 - 2014-06-13 09:28 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll Some content of TEMP: ==================== C:\Users\*******\AppData\Local\Temp\proxy_vole439304483592608333.dll C:\Users\*******\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-28 10:40 ==================== End Of Log ============================ --- --- --- --- --- --- Danke für dein Bemühen, habe das System mittlerweile neu aufgesetzt, es war kaum noch irgendetwas möglich zutun. |
|
08.07.2014, 18:08
| #8 |
| /// the machine /// TB-Ausbilder | Komme nicht mehr ins Internet (pup.optional.conduit.a) ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Komme nicht mehr ins Internet (pup.optional.conduit.a) |
| appdata, avg, beim starten, bildschirm, folge, funktioniert, gmer, google, install, internet, keine rückmeldung, liefert, logfile, mbam, neustart, nicht mehr, online, preferences, programme, quarantäne, rückmeldung, starten, system, tablet, tools, updates, öffnen |
WARNUNG an die MITLESER: 
Linear-Darstellung
