|
Log-Analyse und Auswertung: Datein auf USB-Stick kopieren dauert ewigWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
12.07.2014, 11:28 | #1 |
| Datein auf USB-Stick kopieren dauert ewig Hallo zusammen, ich habe das Problem, wenn ich Daten auf meinen USB-Stick ziehen will, es sehr lange dauert, selbst wenn es nur 4MB sind dauert das 2-3 Min. Ausserdem kann ich Computer nicht mehr öffnen wenn ich mein Handy(Galaxy S4) angeschlossen habe, dann lädt er zwar ewig aber es tut sich einfach nix, sobald ich das Handy dann raus ziehe, werden mir aber sofort alle Laufwerke angezeigt. Deshalb habe ich dann Malwarebytes durch laufen lassen und es gab direkt einige Funde, die ich in Quarantäne verschoben habe. Comodo hatte auch einen Fund gemeldet, dort weiss ich aber nicht wie ich an die Logfile komme. Der GMER log und der letzte Malwarebytes log befinden sich in der Zip datei, da sie anscheinend zu lang sind um sie ihier zu posten. Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014 Ran by Instinct at 2014-07-12 11:31:10 Running from E:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.54 - Hulubulu Software) AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.) ASRock eXtreme Tuner v0.1.188 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.) ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.118.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden FIFA 12 (HKLM-x32\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.6.0.0 - Electronic Arts) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) Free AVI Video Converter version 5.0.15.706 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.15.706 - DVDVideoSoft Ltd.) Free FLV Converter V 7.4.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.4.0.0 - Koyote Soft) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free YouTube Download version 3.1.31.706 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.31.706 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{01C324B7-3744-4EC0-9C4F-40BCCDD47CFB}) (Version: 3.0.41.1571 - Intel) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Nero Burning ROM 11 (HKLM-x32\...\{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}) (Version: 11.2.00400 - Nero AG) Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation) NVIDIA Grafiktreiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9610 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) Hidden O&O SafeErase Professional (HKLM\...\{A5ECFFBA-B6FD-45A5-879D-0B0DE7FF8F4B}) (Version: 6.0.85 - O&O Software GmbH) Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com) Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.7 - Rockstar Games) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.6.1 - Shark007) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - ) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden tools-freebsd (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-linux (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-netware (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-solaris (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-windows (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis) TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden VIRTU MVP 2.1.114 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.114 - Lucidlogix Technologies LTD) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden VSO Downloader 4.0.0.19 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.0.0.19 - VSO Software) VSO EVE Network Driver version 1.0.0.26 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.26 - VSO Software) WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP) WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WinAlarm (remove only) (HKLM-x32\...\WinAlarm) (Version: - ) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) x64Components v1.6.1 (HKLM\...\Standard x64Components_is1) (Version: 1.6.1 - Shark007) ==================== Restore Points ========================= 09-07-2014 22:01:00 Windows Update 12-07-2014 07:32:26 Removed Microsoft Office Professional Plus 2010 12-07-2014 07:35:56 Removed Microsoft Visio Premium 2010 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-01-22 23:01 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.acronis.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0CBECE1D-56AC-4954-A10E-411F3E438FAB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {1BDD2D3C-A6AA-49F2-A74E-E922023B57F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {1C4A495E-8366-4F78-A88B-6D08EA3D218D} - System32\Tasks\{B45B9546-5121-42B3-BFA6-D05346FE551E} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {405DDEDE-16AC-4A79-8073-85B8154515FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {51B9B7A4-91DA-46EB-BF57-49B0EB1C7E31} - System32\Tasks\{6486AF7C-4979-4AB1-B967-B886CDC83BE5} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {6C3CA59C-5553-4B2A-8F69-D08503796BA8} - System32\Tasks\{1206AE17-6364-4BC7-86CA-1D49FF050C4E} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {70DD1E5C-B464-4949-8E96-C9C8A602A849} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {7BAD81BA-F218-4BD3-A2FB-23C7DFDA7CEA} - System32\Tasks\{3B9C443C-64CB-4B1D-81BA-D155EC595178} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {7D1FE345-AF76-4651-92F1-C326839119F9} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {82477BB1-C032-4881-B737-B342D5C085E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {855BAC41-7B8B-48E4-A9B7-08FEBBD9F6C4} - System32\Tasks\{276A0AB9-4216-4DFD-A2AD-20FF6745210A} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {A5841780-473B-4E8D-BCD5-E1A1A19D1454} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {B0D944B0-8315-4EE5-ABB8-3929A9239158} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {B5D39B76-364D-427B-A279-65E57DD0A70B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe Task: {C4ECB8F5-5EED-484B-8152-84FA0338A556} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {D775257E-73C3-4D27-84E2-4D79AC8AE23A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-16 20:36 - 2012-08-16 20:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2012-08-16 20:36 - 2012-08-16 20:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2012-05-06 20:29 - 2014-02-19 22:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-09-18 05:10 - 2012-09-18 05:10 - 00248704 _____ () D:\Programme\Synology\Assistant\UsbClientService.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2012-08-15 14:36 - 2012-08-15 14:36 - 15680000 _____ () D:\Programme\VMWare\vmware-hostd.exe 2012-05-06 17:17 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2012-05-06 17:06 - 2012-01-05 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-30 14:47 - 2012-06-17 15:40 - 03110728 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe 2013-09-30 14:47 - 2012-06-17 15:40 - 00108360 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll 2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2010-03-05 09:24 - 2010-03-05 09:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () D:\Programme\VMWare\libxml2.dll 2014-02-13 13:51 - 2014-02-13 13:51 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2012-05-06 17:08 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-05-06 17:10 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-06-18 00:09 - 2014-06-18 00:09 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-02-29 13:26 - 2012-02-29 13:26 - 00360768 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll 2012-08-23 02:12 - 2012-08-23 02:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Instinct\Cookies:yfUohBG71Rs3WtdBqq AlternateDataStreams: C:\Users\Instinct\Lokale Einstellungen:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local\Anwendungsdaten:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local\Temporary Internet Files:JUwzuTbgHjKZLzJa34kKldwJy6 AlternateDataStreams: C:\Users\Instinct\AppData\Local\Temporary Internet Files:rdlRpnBjFLbTbcHYbbV0bAHKCY3 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\Daemon Tools\DTLite.exe" -autorun MSCONFIG\startupreg: DS3 Tool => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: KiesAirMessage => D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => D:\Programme\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => D:\Programme\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "D:\Spiele\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: VIRTU_MVP_AUTORUN => %ProgramFiles%\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide MSCONFIG\startupreg: vmware-tray.exe => "D:\Programme\VMWare\vmware-tray.exe" MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2014 09:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 09:27:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11e4 Startzeit: 01cf9d9ec03d241c Endzeit: 24 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 0440dee5-0996-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:58:57 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 124c Startzeit: 01cf9d9c53e35dc3 Endzeit: 420 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: fc80b89c-0991-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:36:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:28:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1064 Startzeit: 01cf9d90ccd8d7cf Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: Error: (07/12/2014 07:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 10:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 08:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/11/2014 10:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/11/2014 10:01:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/09/2014 10:20:23 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/07/2014 11:02:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 07.07.2014 um 23:01:14 unerwartet heruntergefahren. Error: (07/07/2014 09:39:42 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.178.20 mit dem Computer mit der Netzwerkhardwareadresse 1C-5A-3E-C2-5B-B9 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (07/06/2014 02:18:22 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/23/2014 02:38:34 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} Error: (06/23/2014 01:16:54 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897} Error: (06/20/2014 11:50:16 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/20/2014 01:22:24 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Microsoft Office Sessions: ========================= Error: (07/12/2014 09:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 09:27:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.1756711e401cf9d9ec03d241c24C:\Windows\explorer.exe0440dee5-0996-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:58:57 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567124c01cf9d9c53e35dc3420C:\Windows\Explorer.EXEfc80b89c-0991-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:36:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:28:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567106401cf9d90ccd8d7cf0C:\Windows\Explorer.EXE Error: (07/12/2014 07:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 10:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 08:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-08-13 19:45:29.279 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:29.244 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:27.203 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:27.168 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:25.128 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:25.093 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:23.036 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:23.002 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:20.960 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:20.926 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 8087.63 MB Available physical RAM: 4710.09 MB Total Pagefile: 16173.43 MB Available Pagefile: 12095.2 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:44.36 GB) NTFS Drive d: () (Fixed) (Total:496.19 GB) (Free:359.14 GB) NTFS Drive e: () (Fixed) (Total:1366.82 GB) (Free:946.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6939D78D) Partition 1: (Not Active) - (Size=-198625402368) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6939D795) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-07-2014 Ran by Instinct at 2014-07-12 11:31:10 Running from E:\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F} AV: COMODO Antivirus (Enabled - Up to date) {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} AS: COMODO Antivirus (Enabled - Up to date) {0C2D2636-923D-EE52-2A83-E643204A8275} FW: COMODO Firewall (Enabled) {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} ==================== Installed Programs ====================== 3DMark 11 (HKLM-x32\...\{46EDCFA5-7EDB-46A9-B093-1C6237470CEC}) (Version: 1.0.3 - Futuremark Corporation) 64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Acrobat.com (HKLM-x32\...\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.1.377 - Adobe Systems Incorporated) Acrobat.com (x32 Version: 0.0.0 - Adobe Systems Incorporated) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 10.0.22.87 - Adobe Systems Incorporated) Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated) Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated) Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated) Advanced Renamer (HKLM-x32\...\Advanced Renamer_is1) (Version: 3.54 - Hulubulu Software) AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden AMD Accelerated Video Transcoding (Version: 12.10.100.30328 - Advanced Micro Devices, Inc.) Hidden AMD APP SDK Runtime (Version: 10.0.1084.4 - Advanced Micro Devices Inc.) Hidden AMD Catalyst Install Manager (HKLM\...\{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden AMD Media Foundation Decoders (Version: 1.0.80328.2204 - Advanced Micro Devices, Inc.) Hidden ARMA 2 (HKLM-x32\...\Steam App 33910) (Version: - Bohemia Interactive) ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive) Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.1.000 - Asmedia Technology) ASRock App Charger v1.0.6 (HKLM\...\ASRock App Charger_is1) (Version: 1.0.6 - ASRock Inc.) ASRock eXtreme Tuner v0.1.188 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - ) ASRock InstantBoot v1.29 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - ) ASRock SmartConnect v1.0.6 (HKLM\...\ASRock SmartConnect_is1) (Version: - ASRock Inc.) ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.) Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment) Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts) Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 1.118.0 - EA Digital Illusions CE AB) BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - ) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center (x32 Version: 2013.0328.2218.38225 - Ihr Firmenname) Hidden Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0328.2217.38225 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0328.2218.38225 - Advanced Micro Devices, Inc.) Hidden CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform) COMODO Internet Security Premium (HKLM\...\{901D1D88-408D-48E5-80DD-CC3145BD8456}) (Version: 6.3.39949.2976 - COMODO Security Solutions Inc.) Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.46.1.0328 - DT Soft Ltd) DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive) Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment) DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB) F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden FIFA 12 (HKLM-x32\...\{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}) (Version: 1.6.0.0 - Electronic Arts) FLV Player 2.0 (build 25) (HKLM-x32\...\FLV Player) (Version: 2.0 (build 25) - Martijn de Visser) Free AVI Video Converter version 5.0.15.706 (HKLM-x32\...\Free AVI Video Converter_is1) (Version: 5.0.15.706 - DVDVideoSoft Ltd.) Free FLV Converter V 7.4.0 (HKLM-x32\...\Free FLV Converter_is1) (Version: 7.4.0.0 - Koyote Soft) Free PDF to Word Doc Converter v1.1 (HKLM-x32\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com) Free YouTube Download version 3.1.31.706 (HKLM-x32\...\Free YouTube Download_is1) (Version: 3.1.31.706 - DVDVideoSoft Ltd.) Free YouTube to MP3 Converter version 3.12.39.604 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.39.604 - DVDVideoSoft Ltd.) Futuremark SystemInfo (HKLM-x32\...\{BEE64C14-BEF1-4610-8A68-A16EAA47B882}) (Version: 4.6.0 - Futuremark Corporation) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Grand Theft Auto IV (HKLM-x32\...\Steam App 12210) (Version: - Rockstar) Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.) Hidden Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.) Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP) HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard) HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Infestation: Survivor Stories (HKLM-x32\...\Steam App 226700) (Version: - Hammerpoint Interactive) Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation) Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36354 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation) Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2932 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation) Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{01C324B7-3744-4EC0-9C4F-40BCCDD47CFB}) (Version: 3.0.41.1571 - Intel) Intel(R) Update Manager (HKLM-x32\...\{12914061-EB9B-4AE7-AC7E-0B8A607C7DF4}) (Version: 2.3.1338 - Intel Corporation) Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.738.1 - Intel Corporation) Hidden Java 7 Update 15 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217015FF}) (Version: 7.0.150 - Oracle) Java Auto Updater (x32 Version: 2.1.9.0 - Sun Microsystems, Inc.) Hidden Java(TM) 6 Update 32 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216032FF}) (Version: 6.0.320 - Oracle) JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH) Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation) Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation) Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com) Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - ) Nero Burning ROM 11 (HKLM-x32\...\{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}) (Version: 11.2.00400 - Nero AG) Nero Burning ROM 11 (x32 Version: 11.2.10300.0.0 - Nero AG) Hidden Nero Burning ROM 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero ControlCenter 11 (x32 Version: 11.0.12700.0.27 - Nero AG) Hidden Nero ControlCenter 11 Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden Nero RescueAgent 11 (x32 Version: 4.0.10600.10.100 - Nero AG) Hidden Nero RescueAgent 11 Help (CHM) (x32 Version: 11.0.10400 - Nero AG) Hidden Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden NVIDIA 3D Vision Controller-Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 296.10 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 296.10 - NVIDIA Corporation) NVIDIA Grafiktreiber 296.10 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 296.10 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.62.312 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation) NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.9610 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 296.10 (Version: 296.10 - NVIDIA Corporation) Hidden NVIDIA Update 1.7.11 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.7.11 - NVIDIA Corporation) NVIDIA Update Components (Version: 1.7.11 - NVIDIA Corporation) Hidden O&O SafeErase Professional (HKLM\...\{A5ECFFBA-B6FD-45A5-879D-0B0DE7FF8F4B}) (Version: 6.0.85 - O&O Software GmbH) Orbit Downloader (HKLM-x32\...\Orbit_is1) (Version: - www.orbitdownloader.com) Origin (HKLM-x32\...\Origin) (Version: 8.5.2.23 - Electronic Arts, Inc.) PhotoScape (HKLM-x32\...\PhotoScape) (Version: - ) Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc) ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH) PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.) Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.0.9.7 - Rockstar Games) Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.6.1 - Shark007) Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) Six Updater (HKLM-x32\...\{2D8CED57-CCDB-4D86-9087-3BBCAE8F8F22}) (Version: 2.09.7016 - Six Projects) SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited) Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation) Synology Assistant (remove only) (HKLM-x32\...\Synology Assistant) (Version: - ) TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.10 - TeamSpeak Systems GmbH) TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer) THX TruStudio (HKLM-x32\...\{AFB907F5-C0E6-4753-8284-DE955EF86AC2}) (Version: 1.00.01 - Creative Technology Limited) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden tools-freebsd (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-linux (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-netware (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-solaris (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-windows (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden tools-winPre2k (x32 Version: 9.2.0.812388 - VMware, Inc.) Hidden TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden True Image 2013 (HKLM-x32\...\{59F3D2AC-5F1F-4A93-8F23-6FD4F029D9A9}Visible) (Version: 16.0.5551 - Acronis) True Image 2013 (x32 Version: 16.0.5551 - Acronis) Hidden True Image 2013 Plus Pack (HKLM-x32\...\{C408E706-94A7-454C-8B52-538AA6CBD0FB}) (Version: 16.0.5551 - Acronis) TuneUp Utilities 2011 (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 10.0.4600.4 - TuneUp Software) Hidden UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden VIRTU MVP 2.1.114 (HKLM\...\VIRTU MVP_is1) (Version: 2.1.114 - Lucidlogix Technologies LTD) VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN) VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 9.0.0 - VMware, Inc) VMware Workstation (Version: 9.0.0 - VMware, Inc.) Hidden VSO Downloader 4.0.0.19 (HKLM-x32\...\{A0D0BA9E-F1A6-44FF-AA14-03ED96B3D56D}_is1) (Version: 4.0.0.19 - VSO Software) VSO EVE Network Driver version 1.0.0.26 (HKLM-x32\...\{AC0AFDC9-4FB1-44FE-B3E1-82300BF3D756}_is1) (Version: 1.0.0.26 - VSO Software) WBFS Manager 3.0 (HKLM-x32\...\WBFS Manager 3.0) (Version: 3.0 - AlexDP) WD SmartWare (HKLM\...\{07179D37-D5FE-4373-90D9-A25B992EFB3E}) (Version: 1.4.5.5 - Western Digital) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden WinAlarm (remove only) (HKLM-x32\...\WinAlarm) (Version: - ) Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation) Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies) WinRAR 4.11 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: - Blizzard Entertainment) x64Components v1.6.1 (HKLM\...\Standard x64Components_is1) (Version: 1.6.1 - Shark007) ==================== Restore Points ========================= 09-07-2014 22:01:00 Windows Update 12-07-2014 07:32:26 Removed Microsoft Office Professional Plus 2010 12-07-2014 07:35:56 Removed Microsoft Visio Premium 2010 ==================== Hosts content: ========================== 2009-07-14 04:34 - 2013-01-22 23:01 - 00000860 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 activation.acronis.com ==================== Scheduled Tasks (whitelisted) ============= Task: {0CBECE1D-56AC-4954-A10E-411F3E438FAB} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS.exe Task: {1BDD2D3C-A6AA-49F2-A74E-E922023B57F3} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated) Task: {1C4A495E-8366-4F78-A88B-6D08EA3D218D} - System32\Tasks\{B45B9546-5121-42B3-BFA6-D05346FE551E} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {405DDEDE-16AC-4A79-8073-85B8154515FA} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {51B9B7A4-91DA-46EB-BF57-49B0EB1C7E31} - System32\Tasks\{6486AF7C-4979-4AB1-B967-B886CDC83BE5} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {6C3CA59C-5553-4B2A-8F69-D08503796BA8} - System32\Tasks\{1206AE17-6364-4BC7-86CA-1D49FF050C4E} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {70DD1E5C-B464-4949-8E96-C9C8A602A849} - System32\Tasks\COMODO\COMODO Update {A6D52E4F-569B-4756-B3D8-DF217313DA85} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {7BAD81BA-F218-4BD3-A2FB-23C7DFDA7CEA} - System32\Tasks\{3B9C443C-64CB-4B1D-81BA-D155EC595178} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {7D1FE345-AF76-4651-92F1-C326839119F9} - System32\Tasks\COMODO\COMODO Cache Builder {0FB77674-7905-4F34-A362-C5A9A26F8CF9} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {82477BB1-C032-4881-B737-B342D5C085E0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd) Task: {855BAC41-7B8B-48E4-A9B7-08FEBBD9F6C4} - System32\Tasks\{276A0AB9-4216-4DFD-A2AD-20FF6745210A} => D:\Spiele\Steam\SteamApps\common\Grand Theft Auto IV\GTAIV\LaunchGTAIV.exe [2013-05-10] (Sony DADC Austria AG) Task: {A5841780-473B-4E8D-BCD5-E1A1A19D1454} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03] (Sun Microsystems, Inc.) Task: {B0D944B0-8315-4EE5-ABB8-3929A9239158} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2014-02-28] () Task: {B5D39B76-364D-427B-A279-65E57DD0A70B} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files (x86)\TuneUp Utilities 2011\OneClick.exe Task: {C4ECB8F5-5EED-484B-8152-84FA0338A556} - System32\Tasks\COMODO\COMODO Scan {F140D794-60B6-4F00-9235-D6457AA25B22} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: {D775257E-73C3-4D27-84E2-4D79AC8AE23A} - System32\Tasks\COMODO\COMODO Signature Update {B9D5C6F9-17D2-4917-8BD0-614BAA1C6A59} => C:\Program Files\COMODO\COMODO Internet Security\cfpconfg.exe [2014-04-16] (COMODO) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2012-08-16 20:36 - 2012-08-16 20:36 - 00149032 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe 2012-08-16 20:36 - 2012-08-16 20:36 - 00058920 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll 2012-05-06 20:29 - 2014-02-19 22:34 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2012-09-18 05:10 - 2012-09-18 05:10 - 00248704 _____ () D:\Programme\Synology\Assistant\UsbClientService.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 01066896 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe 2011-03-09 11:41 - 2011-03-09 11:41 - 00491920 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe 2013-04-15 18:39 - 2013-04-15 18:39 - 00073424 _____ () C:\Program Files\COMODO\COMODO Internet Security\scanners\smart.cav 2012-08-15 14:36 - 2012-08-15 14:36 - 15680000 _____ () D:\Programme\VMWare\vmware-hostd.exe 2012-05-06 17:17 - 2012-02-17 20:55 - 00193536 _____ () C:\Program Files\WinRAR\rarext.dll 2012-05-06 17:06 - 2012-01-05 11:24 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2013-09-30 14:47 - 2012-06-17 15:40 - 03110728 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe 2013-09-30 14:47 - 2012-06-17 15:40 - 00108360 _____ () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\GuiCommon.dll 2012-08-23 01:42 - 2012-08-23 01:42 - 00435584 _____ () C:\Program Files (x86)\Common Files\Acronis\Home\ulxmlrpcpp.dll 2010-03-05 09:24 - 2010-03-05 09:24 - 00886272 _____ () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\System.Data.SQLite.dll 2012-08-15 14:11 - 2012-08-15 14:11 - 01222656 _____ () D:\Programme\VMWare\libxml2.dll 2014-02-13 13:51 - 2014-02-13 13:51 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\b162055347700182d96325676dd591c4\IsdiInterop.ni.dll 2012-05-06 17:08 - 2011-11-29 20:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2012-05-06 17:10 - 2012-07-18 06:55 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2014-06-18 00:09 - 2014-06-18 00:09 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2012-02-29 13:26 - 2012-02-29 13:26 - 00360768 _____ () C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll 2012-08-23 02:12 - 2012-08-23 02:12 - 00019840 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Instinct\Cookies:yfUohBG71Rs3WtdBqq AlternateDataStreams: C:\Users\Instinct\Lokale Einstellungen:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local\Anwendungsdaten:IyRA4web1xYmanZ8qL5obV0e AlternateDataStreams: C:\Users\Instinct\AppData\Local\Temporary Internet Files:JUwzuTbgHjKZLzJa34kKldwJy6 AlternateDataStreams: C:\Users\Instinct\AppData\Local\Temporary Internet Files:rdlRpnBjFLbTbcHYbbV0bAHKCY3 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WDDMStatus.lnk => C:\Windows\pss\WDDMStatus.lnk.CommonStartup MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" MSCONFIG\startupreg: AcronisTibMounterMonitor => C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS6ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices MSCONFIG\startupreg: DAEMON Tools Lite => "D:\Programme\Daemon Tools\DTLite.exe" -autorun MSCONFIG\startupreg: DS3 Tool => C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe MSCONFIG\startupreg: KiesAirMessage => D:\Programme\Samsung\Kies\KiesAirMessage.exe -startup MSCONFIG\startupreg: KiesPreload => D:\Programme\Samsung\Kies\Kies.exe /preload MSCONFIG\startupreg: KiesTrayAgent => D:\Programme\Samsung\Kies\KiesTrayAgent.exe MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background MSCONFIG\startupreg: Steam => "D:\Spiele\Steam\Steam.exe" -silent MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe MSCONFIG\startupreg: THX TruStudio NB Settings => "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r MSCONFIG\startupreg: THXCfg64 => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" MSCONFIG\startupreg: VIRTU_MVP_AUTORUN => %ProgramFiles%\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe /hide MSCONFIG\startupreg: vmware-tray.exe => "D:\Programme\VMWare\vmware-tray.exe" MSCONFIG\startupreg: XFast LAN => C:\Program Files\ASRock\XFast LAN\cFosSpeed.exe MSCONFIG\startupreg: XFastUSB => "C:\Program Files (x86)\XFastUSB\XFastUsb.exe" ==================== Faulty Device Manager Devices ============= Name: VMware Virtual Ethernet Adapter for VMnet1 Description: VMware Virtual Ethernet Adapter for VMnet1 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: VMware Virtual Ethernet Adapter for VMnet8 Description: VMware Virtual Ethernet Adapter for VMnet8 Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: VMware, Inc. Service: VMnetAdapter Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (07/12/2014 09:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 09:27:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 11e4 Startzeit: 01cf9d9ec03d241c Endzeit: 24 Anwendungspfad: C:\Windows\explorer.exe Berichts-ID: 0440dee5-0996-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:58:57 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 124c Startzeit: 01cf9d9c53e35dc3 Endzeit: 420 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: fc80b89c-0991-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:36:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:28:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1064 Startzeit: 01cf9d90ccd8d7cf Endzeit: 0 Anwendungspfad: C:\Windows\Explorer.EXE Berichts-ID: Error: (07/12/2014 07:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 10:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 08:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (07/11/2014 10:01:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/11/2014 10:01:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (07/09/2014 10:20:23 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (07/07/2014 11:02:15 PM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 07.07.2014 um 23:01:14 unerwartet heruntergefahren. Error: (07/07/2014 09:39:42 PM) (Source: Tcpip) (EventID: 4199) (User: ) Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.178.20 mit dem Computer mit der Netzwerkhardwareadresse 1C-5A-3E-C2-5B-B9 ermittelt. Netzwerkvorgänge könnten daher auf diesem System unterbrochen werden. Error: (07/06/2014 02:18:22 AM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/23/2014 02:38:34 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {AD3EDBCA-0901-415B-82E9-C16D3B65E38C} Error: (06/23/2014 01:16:54 AM) (Source: DCOM) (EventID: 10010) (User: ) Description: {1EF75F33-893B-4E8F-9655-C3D602BA4897} Error: (06/20/2014 11:50:16 PM) (Source: volsnap) (EventID: 36) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (06/20/2014 01:22:24 PM) (Source: volmgr) (EventID: 46) (User: ) Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen. Microsoft Office Sessions: ========================= Error: (07/12/2014 09:44:26 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 09:27:47 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: explorer.exe6.1.7601.1756711e401cf9d9ec03d241c24C:\Windows\explorer.exe0440dee5-0996-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:58:57 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567124c01cf9d9c53e35dc3420C:\Windows\Explorer.EXEfc80b89c-0991-11e4-aa72-bc5ff435825b Error: (07/12/2014 08:41:32 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:36:57 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/12/2014 07:28:28 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Explorer.EXE6.1.7601.17567106401cf9d90ccd8d7cf0C:\Windows\Explorer.EXE Error: (07/12/2014 07:17:11 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 10:41:36 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/11/2014 08:46:53 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/10/2014 08:16:54 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2013-08-13 19:45:29.279 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:29.244 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:27.203 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:27.168 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:25.128 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:25.093 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:23.036 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:23.002 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:20.960 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2013-08-13 19:45:20.926 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Percentage of memory in use: 41% Total physical RAM: 8087.63 MB Available physical RAM: 4710.09 MB Total Pagefile: 16173.43 MB Available Pagefile: 12095.2 MB Total Virtual: 8192 MB Available Virtual: 8191.81 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:119.14 GB) (Free:44.36 GB) NTFS Drive d: () (Fixed) (Total:496.19 GB) (Free:359.14 GB) NTFS Drive e: () (Fixed) (Total:1366.82 GB) (Free:946.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6939D78D) Partition 1: (Not Active) - (Size=-198625402368) - (Type=42) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119 GB) (Disk ID: 6939D795) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=119 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.07.2014 Suchlauf-Zeit: 14:34:46 Logdatei: MBAM_04.07.2014.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.04.03 Rootkit Datenbank: v2014.07.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Instinct Suchlauf-Art: Hyper-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 263763 Verstrichene Zeit: 1 Min, 26 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Deaktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 3 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [96ed019aaad140f62744c61151b12bd5], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [dfa43d5eaecdcd691b6266877390f20e], PUP.Optional.Softonic.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [c0c39ffc126973c3f73b1fa78c7614ec], Registrierungswerte: 1 PUP.Optional.InstallCore.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 1V2X1Q1R1M1F, In Quarantäne, [dfa43d5eaecdcd691b6266877390f20e] Registrierungsdaten: 23 PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[a5de55461d5e64d221b29fe91be98b75] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[8cf7f1aa4c2f0a2c21b55632679de21e] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[790a900b86f5a3938936e0b26e96e719] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt),Ersetzt,[c9ba3e5d2c4f44f29c3b2e5ac53fb64a] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt),Ersetzt,[abd84f4c3c3f0036c9f7f49ef410847c] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[1e658d0ef18a63d3b1241177e420e917] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[91f29407285388ae912dccc6c93bac54] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[2261beddc7b4f83e2bad3a4ea361bb45] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[562d2a7198e3043219a8464c9b69a55b] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[2b58dfbcc5b6023407d2a4e48282e719] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[a5deb3e8b9c285b142808012679d6e92] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[d3b0bbe015662f0709cb7a0e11f308f8] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[344f217a3c3fb086dafc2563dc2846ba] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[453e1487a2d9df57556a137f729238c8] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt),Ersetzt,[9de60b90d3a855e19b3c6424ef1538c8] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=hp&babsrc=lnkry_nt),Ersetzt,[3b4813881a6171c5358bccc6b84cd32d] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[e99a47546b10e254be17acdcfe068080] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[3b487724cbb03cfac2fc236f8e769d63] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[aed523785625112572661a6eed1711ef] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[f88b9b00d7a4db5b6859eba72dd71be5] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[ff84a5f685f66fc7edec632593711be5] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[91f25e3d55265cdaf7cba5ed58ac45bb] PUP.Optional.HelperBar.A, HKU\S-1-5-21-3529576110-3757331771-2211045743-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q={searchTerms}),Ersetzt,[acd71883552651e5ffd59bed8c7843bd] Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], Dateien: 8 PUP.Optional.Speedial.A, C:\Users\Instinct\AppData\Local\Temp\SpeeDial.exe, In Quarantäne, [e2a15d3e94e7191d5030bb058f735ca4], PUP.Optional.WebSearch.A, C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\searchplugins\Web Search.xml, In Quarantäne, [245f27744635d3633b4c3c917d85a15f], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C\2787.ico, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C\EBB77268-338F-4C6A-8590-AD88FED26F4A, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C\LinkuryInstaller.msi, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C\LinkuryInstaller_p1v15.exe, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.OpenCandy, C:\Users\Instinct\AppData\Roaming\OpenCandy\B2666879274242348275FB0EEEF5AA3C\OCBrowserHelper_1.0.3.85.dll, In Quarantäne, [493abdde88f3f44293797c1cd62c0bf5], PUP.Optional.HelperBar.A, C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q=");), Ersetzt,[067d0a91c3b88caab853715058ac639d] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 04.07.2014 Suchlauf-Zeit: 14:39:19 Logdatei: MBAM_04.07.2014(2).txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.04.03 Rootkit Datenbank: v2014.07.03.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Instinct Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 327474 Verstrichene Zeit: 6 Min, 28 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.HelperBar.A, C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=DE&userid=e1381483-0f77-4d55-8c55-7ec2f147f90b&affid=110774&searchtype=ds&babsrc=lnkry&q=");), Ersetzt,[e1a2603b344753e321eaab16be46e917] Physische Sektoren: 0 (No malicious items detected) (end) |
12.07.2014, 11:57 | #2 |
/// the machine /// TB-Ausbilder | Datein auf USB-Stick kopieren dauert ewig hi,
__________________FRST.txt fehlt noch.
__________________ |
12.07.2014, 19:09 | #3 |
| Datein auf USB-Stick kopieren dauert ewig FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-07-2014 Ran by Instinct (administrator) on DIABLO on 12-07-2014 11:30:47 Running from E:\Downloads Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (AMD) C:\Windows\System32\atiesrxx.exe (AMD) C:\Windows\System32\atieclxx.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (DATA BECKER GmbH & Co KG) C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe () D:\Programme\Synology\Assistant\UsbClientService.exe (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (VMware, Inc.) D:\Programme\VMWare\vmware-authd.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe (Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe () D:\Programme\VMWare\vmware-hostd.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.exe (Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Samsung) D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) D:\Programme\Samsung\Kies\Kies.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (Software Security System) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\Ekag20nt.exe (LucidLogix) C:\Program Files\Lucidlogix Technologies\VIRTU MVP\LucidServices.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor) HKLM\...\Run: [VIRTU MVP] => C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe [3110728 2012-06-17] () HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation) HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1275608 2014-03-25] (COMODO) HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-27] (Intel Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM Group Policy restriction on software: C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot% <====== ATTENTION HKLM Group Policy restriction on software: %HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ProgramFilesDir% <====== ATTENTION Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\Run: [] => D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\Run: [KiesPreload] => D:\Programme\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung) HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\MountPoints2: {244db982-f7ee-11e1-b1f4-bc5ff435825b} - I:\AutoRun.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\MountPoints2: {25941997-978c-11e1-aaf0-806e6f6e6963} - F:\ASRSetup.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1000\...\MountPoints2: {688b58a3-5b09-11e2-a1d5-bc5ff435825b} - I:\Startme.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.) HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\Run: [] => D:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\Run: [KiesPreload] => D:\Programme\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung) HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\MountPoints2: G - G:\SETUP.EXE HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\MountPoints2: {244db982-f7ee-11e1-b1f4-bc5ff435825b} - I:\AutoRun.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\MountPoints2: {25941997-978c-11e1-aaf0-806e6f6e6963} - F:\ASRSetup.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\MountPoints2: {688b58a3-5b09-11e2-a1d5-bc5ff435825b} - I:\Startme.exe HKU\S-1-5-21-3529576110-3757331771-2211045743-1003\...\MountPoints2: {9ffd0eaf-62f4-11e2-a9e2-005056c00008} - G:\Setup.EXE AppInit_DLLs: C:\Windows\system32\appinit_dll.dll => C:\Windows\system32\appinit_dll.dll [464200 2012-06-17] (Lucidlogix Inc.) AppInit_DLLs-x32: C:\Windows\SysWOW64\appinit_dll.dll => C:\Windows\SysWOW64\appinit_dll.dll [419144 2012-06-17] (Lucidlogix Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation) ShellIconOverlayIdentifiers: AcronisSyncError -> {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncInProgress -> {00F848DC-B1D4-4892-9C25-CAADC86A215D} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ShellIconOverlayIdentifiers: AcronisSyncOk -> {71573297-552E-46fc-BE3D-3DFAF88D47B7} => C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll (Acronis) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4C899F670D44CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM-x32 - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll () Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File Hosts: 127.0.0.1 activation.acronis.com Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default FF Homepage: www.google.de FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.15.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper - C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\user.js FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Yahoo! Toolbar - C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-17] FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012-11-20] FF Extension: Fast Video Download - C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [2012-07-23] FF Extension: Adblock Plus - C:\Users\Instinct\AppData\Roaming\Mozilla\Firefox\Profiles\morvz8xw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-05-07] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-07-11] FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-09-30] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff [2014-06-19] ==================== Services (Whitelisted) ================= R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [6817544 2014-04-16] (COMODO) S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2264280 2014-03-25] (COMODO) R2 DBService; C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe [187456 2014-06-24] (DATA BECKER GmbH & Co KG) [File not signed] R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [149032 2012-08-16] () S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [174368 2014-02-28] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed] R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-02-19] () R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) R2 UsbClientService; D:\Programme\Synology\Assistant\UsbClientService.exe [248704 2012-09-18] () [File not signed] R2 VMAuthdService; D:\Programme\VMWare\vmware-authd.exe [79872 2012-08-15] (VMware, Inc.) [File not signed] R2 VMwareHostd; D:\Programme\VMWare\vmware-hostd.exe [15680000 2012-08-15] () [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288768 2011-03-09] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1066896 2011-03-09] () R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [491920 2011-03-09] () S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE" [X] ==================== Drivers (Whitelisted) ==================== R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology) R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.) R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [23168 2014-04-16] (COMODO) R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [738472 2014-04-16] (COMODO) R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [48360 2014-04-16] (COMODO) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-01-20] (DT Soft Ltd) R1 Eve; C:\Windows\System32\DRIVERS\eve.sys [41304 2014-01-23] () S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed] R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-08-16] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-08-16] () R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [105552 2014-04-16] (COMODO) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46016 2012-08-16] () S3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech) S3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech) R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-25] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.) R0 tib_mounter; C:\Windows\System32\DRIVERS\tib_mounter.sys [1093256 2013-01-22] (Acronis) S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation) R0 vidsflt; C:\Windows\System32\DRIVERS\vidsflt.sys [166024 2013-01-22] (Acronis) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70256 2012-07-06] (VMware, Inc.) R3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-07-12] () S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S3 massfilter; system32\drivers\massfilter.sys [X] S3 massfilter_hs; system32\drivers\massfilter_hs.sys [X] S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [X] S3 VGPU; System32\drivers\rdvgkmd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-12 11:30 - 2014-07-12 11:30 - 00000000 ____D () C:\FRST 2014-07-12 11:29 - 2014-07-12 11:29 - 00000000 _____ () C:\Users\Instinct\defogger_reenable 2014-07-12 09:44 - 2014-07-12 09:44 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-07-09 20:19 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 20:19 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 20:19 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 20:19 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 20:19 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 20:19 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 20:19 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 20:19 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 20:19 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 20:19 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 20:19 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 20:19 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 20:19 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 20:19 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 20:19 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 20:19 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 20:19 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 20:19 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 20:19 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 20:19 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 20:19 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 20:19 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 20:19 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 20:19 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 20:19 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 20:19 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 20:19 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 20:19 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 20:19 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 20:19 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 20:19 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 20:19 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 20:19 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 20:19 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 20:19 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 20:19 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 20:19 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 20:19 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 20:19 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 20:19 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 20:19 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 20:19 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 20:19 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 20:19 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 20:19 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 20:19 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 20:19 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 20:19 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 20:19 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 20:19 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 20:19 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 20:19 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 20:19 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 20:19 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 20:19 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 20:19 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 20:19 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 20:19 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 20:19 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 20:19 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 20:19 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 20:19 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 20:19 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 20:19 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 20:17 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 20:17 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 20:17 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-07 22:52 - 2014-07-07 22:52 - 00000216 _____ () C:\Users\Instinct\Desktop\DiskStation.URL 2014-07-07 21:07 - 2014-07-07 21:07 - 00000096 _____ () C:\Windows\ZTECDMAInstallInfo.log 2014-07-04 14:34 - 2014-07-12 09:44 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-04 14:33 - 2014-07-04 14:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-04 14:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-07-04 14:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-07-04 14:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-25 14:54 - 2014-06-25 15:32 - 00000000 ____D () C:\Users\Instinct\Desktop\Bewerbung AKTUELL!!!!!!!! 2014-06-24 17:30 - 2014-06-29 18:17 - 00000000 ____D () C:\Users\Instinct\Documents\VSO Downloader 2014-06-24 17:30 - 2014-06-24 18:32 - 00000000 ____D () C:\ProgramData\VSO 2014-06-24 17:30 - 2014-06-24 17:30 - 00000893 _____ () C:\Users\Instinct\Desktop\VSO Downloader 4.lnk 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\Program Files\WinPcap 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\Program Files (x86)\VSO 2014-06-24 17:30 - 2014-01-23 11:19 - 00041304 _____ () C:\Windows\system32\Drivers\eve.sys 2014-06-24 17:28 - 2014-06-24 17:28 - 00000000 ____D () C:\Users\Instinct\Documents\Stream Catcher 2014-06-24 17:23 - 2014-07-07 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER 2014-06-24 17:23 - 2014-06-24 17:23 - 00335288 _____ (Protect Software GmbH) C:\Windows\system32\Drivers\acedrv11.sys 2014-06-24 17:23 - 2014-06-24 17:23 - 00000000 ____D () C:\Program Files (x86)\ProtectDisc 2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\KastorStreamRecorder 2014-06-19 09:10 - 2014-06-19 09:10 - 00001186 _____ () C:\Users\Instinct\Desktop\Free YouTube to MP3 Converter Installation fortsetzen.lnk 2014-06-18 13:59 - 2014-06-18 14:00 - 00000338 _____ () C:\Windows\SysWOW64\winpdf.ini 2014-06-18 13:56 - 2014-06-25 15:19 - 00000000 ___HD () C:\Users\Instinct\Desktop\Neuer Ordner (4) 2014-06-18 00:09 - 2014-06-24 17:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-17 23:39 - 2014-06-18 00:17 - 00000000 ____D () C:\Users\Instinct\Desktop\YGOPro DevPro 2014-06-17 23:32 - 2014-06-17 23:38 - 504767822 _____ () C:\Users\Instinct\Desktop\YGOPro DevPro.zip 2014-06-17 11:08 - 2014-07-02 23:17 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-06-17 11:08 - 2014-06-17 11:08 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2014-06-17 11:07 - 2014-06-17 11:07 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager 2014-06-16 20:36 - 2014-05-08 11:32 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-06-16 20:36 - 2014-05-08 11:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll 2014-06-16 20:36 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll 2014-06-16 20:36 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll 2014-06-16 20:36 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2014-06-16 20:36 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS 2014-06-16 20:36 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll 2014-06-16 20:36 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-06-16 20:36 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll 2014-06-16 20:36 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-06-16 20:36 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2014-06-16 20:36 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-06-16 20:36 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll 2014-06-16 20:36 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-06-16 20:36 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-06-16 20:36 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-06-16 20:35 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-06-16 20:35 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2014-06-16 20:35 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2014-06-16 20:35 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2014-06-16 20:35 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2014-06-16 20:35 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2014-06-16 20:35 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2014-06-16 20:35 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll 2014-06-16 20:35 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2014-06-16 20:35 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll 2014-06-16 20:35 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-06-16 20:35 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll 2014-06-16 20:35 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll 2014-06-16 20:35 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll 2014-06-16 20:35 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll 2014-06-16 20:35 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll 2014-06-16 20:35 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2014-06-16 20:35 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2014-06-16 20:35 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll 2014-06-16 20:35 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll 2014-06-16 20:35 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll ==================== One Month Modified Files and Folders ======= 2014-07-12 11:30 - 2014-07-12 11:30 - 00000000 ____D () C:\FRST 2014-07-12 11:29 - 2014-07-12 11:29 - 00000000 _____ () C:\Users\Instinct\defogger_reenable 2014-07-12 11:29 - 2012-05-06 17:03 - 00000000 ____D () C:\Users\Instinct 2014-07-12 11:26 - 2014-03-02 20:37 - 00000000 ____D () C:\Users\Instinct\AppData\Local\Battle.net 2014-07-12 11:26 - 2014-03-02 20:37 - 00000000 ____D () C:\Program Files (x86)\Battle.net 2014-07-12 11:24 - 2014-02-25 19:20 - 01474832 _____ () C:\Windows\system32\Drivers\sfi.dat 2014-07-12 11:10 - 2012-08-12 21:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-07-12 09:52 - 2010-11-21 08:50 - 00705702 _____ () C:\Windows\system32\perfh007.dat 2014-07-12 09:52 - 2010-11-21 08:50 - 00151868 _____ () C:\Windows\system32\perfc007.dat 2014-07-12 09:52 - 2009-07-14 07:13 - 01637786 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-07-12 09:51 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-07-12 09:51 - 2009-07-14 06:45 - 00021280 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-07-12 09:47 - 2012-05-06 17:04 - 01610500 _____ () C:\Windows\WindowsUpdate.log 2014-07-12 09:44 - 2014-07-12 09:44 - 00094656 _____ (CACE Technologies) C:\Windows\system32\WPRO_41_2001woem.tmp 2014-07-12 09:44 - 2014-07-04 14:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-07-12 09:44 - 2014-03-13 21:57 - 00046080 _____ () C:\Windows\PFRO.log 2014-07-12 09:44 - 2014-03-13 21:57 - 00013393 _____ () C:\Windows\setupact.log 2014-07-12 09:44 - 2013-09-30 13:21 - 00034752 _____ () C:\Windows\system32\Drivers\WPRO_41_2001.sys 2014-07-12 09:44 - 2013-01-19 17:34 - 00000000 ____D () C:\ProgramData\VMware 2014-07-12 09:44 - 2012-05-06 17:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-07-12 09:44 - 2012-05-06 17:09 - 00108032 _____ () C:\Users\Instinct\AppData\Local\GDIPFONTCACHEV1.DAT 2014-07-12 09:44 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-07-12 09:44 - 2009-07-14 06:45 - 05032928 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-12 09:43 - 2014-04-15 21:41 - 00000000 ____D () C:\Program Files (x86)\Thief 2014-07-12 09:38 - 2012-05-07 20:51 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-07-12 09:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-07-12 09:36 - 2012-05-13 17:36 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office 2014-07-12 09:33 - 2010-11-21 09:00 - 00000000 ____D () C:\Windows\ShellNew 2014-07-12 09:33 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild 2014-07-12 09:32 - 2009-07-14 04:34 - 00000422 _____ () C:\Windows\win.ini 2014-07-11 20:56 - 2012-05-07 19:25 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2014-07-10 17:35 - 2013-01-19 17:37 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\VMware 2014-07-10 17:35 - 2013-01-19 17:37 - 00000000 ____D () C:\Users\Instinct\AppData\Local\VMware 2014-07-10 11:07 - 2010-11-21 09:00 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-10 11:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-10 11:07 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-10 00:03 - 2013-08-15 10:44 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-10 00:02 - 2012-05-06 17:54 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-08 22:10 - 2012-08-12 21:45 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-08 22:10 - 2012-05-06 17:46 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-08 22:10 - 2012-05-06 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-07 22:52 - 2014-07-07 22:52 - 00000216 _____ () C:\Users\Instinct\Desktop\DiskStation.URL 2014-07-07 21:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-07-07 21:09 - 2013-01-19 17:34 - 01657260 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-07-07 21:09 - 2012-05-06 18:10 - 00000000 ____D () C:\Users\Instinct\AppData\Local\CrashDumps 2014-07-07 21:09 - 2012-05-06 17:07 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-07 21:08 - 2013-02-26 19:21 - 00000000 ____D () C:\ProgramData\Sony Ericsson 2014-07-07 21:08 - 2013-02-26 19:21 - 00000000 ____D () C:\Program Files (x86)\Sony Ericsson 2014-07-07 21:07 - 2014-07-07 21:07 - 00000096 _____ () C:\Windows\ZTECDMAInstallInfo.log 2014-07-07 21:06 - 2012-06-02 11:13 - 00000000 ____D () C:\Users\Instinct\Documents\onlineTV 6 2014-07-07 21:06 - 2012-06-02 11:13 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\concept design 2014-07-07 21:05 - 2014-06-24 17:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DATA BECKER 2014-07-07 21:04 - 2014-02-25 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo 2014-07-07 21:04 - 2012-05-06 17:14 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\Adobe 2014-07-07 21:04 - 2012-05-06 17:14 - 00000000 ____D () C:\ProgramData\Adobe 2014-07-07 21:04 - 2012-05-06 17:14 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-07-06 02:00 - 2012-05-13 14:36 - 00000000 ____D () C:\Users\Instinct\AppData\Local\Adobe 2014-07-05 20:46 - 2014-05-17 16:11 - 00000472 _____ () C:\Windows\LkmdfCoInst.log 2014-07-05 20:46 - 2013-09-29 19:36 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys 2014-07-04 14:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Speech 2014-07-04 14:33 - 2014-07-04 14:33 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-04 14:33 - 2014-07-04 14:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-02 23:17 - 2014-06-17 11:08 - 00003718 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 2014-06-29 18:17 - 2014-06-24 17:30 - 00000000 ____D () C:\Users\Instinct\Documents\VSO Downloader 2014-06-29 13:26 - 2012-06-06 19:14 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\Orbit 2014-06-25 15:32 - 2014-06-25 14:54 - 00000000 ____D () C:\Users\Instinct\Desktop\Bewerbung AKTUELL!!!!!!!! 2014-06-25 15:25 - 2013-09-04 14:43 - 00000000 ___HD () C:\Users\Instinct\Desktop\Neuer Ordner (3) 2014-06-25 15:19 - 2014-06-18 13:56 - 00000000 ___HD () C:\Users\Instinct\Desktop\Neuer Ordner (4) 2014-06-25 13:46 - 2014-04-16 14:07 - 00000000 ___HD () C:\Users\Instinct\Desktop\Neuer Ordner (2) 2014-06-25 13:40 - 2013-08-18 16:22 - 00000000 ____D () C:\Users\Instinct\Desktop\Bewerbung 2014-06-24 18:32 - 2014-06-24 17:30 - 00000000 ____D () C:\ProgramData\VSO 2014-06-24 17:30 - 2014-06-24 17:30 - 00000893 _____ () C:\Users\Instinct\Desktop\VSO Downloader 4.lnk 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\Program Files\WinPcap 2014-06-24 17:30 - 2014-06-24 17:30 - 00000000 ____D () C:\Program Files (x86)\VSO 2014-06-24 17:28 - 2014-06-24 17:28 - 00000000 ____D () C:\Users\Instinct\Documents\Stream Catcher 2014-06-24 17:23 - 2014-06-24 17:23 - 00335288 _____ (Protect Software GmbH) C:\Windows\system32\Drivers\acedrv11.sys 2014-06-24 17:23 - 2014-06-24 17:23 - 00000000 ____D () C:\Program Files (x86)\ProtectDisc 2014-06-24 17:23 - 2014-06-18 00:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-24 17:19 - 2014-06-24 17:19 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\KastorStreamRecorder 2014-06-20 22:14 - 2014-07-09 20:19 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-06-20 21:39 - 2014-07-09 20:19 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-06-19 09:10 - 2014-06-19 09:10 - 00001186 _____ () C:\Users\Instinct\Desktop\Free YouTube to MP3 Converter Installation fortsetzen.lnk 2014-06-19 09:03 - 2012-07-23 10:08 - 00000000 ____D () C:\Users\Instinct\AppData\Roaming\DVDVideoSoft 2014-06-19 09:03 - 2012-07-23 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-06-19 09:03 - 2012-07-23 10:08 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft 2014-06-19 03:39 - 2014-07-09 20:19 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-06-19 03:06 - 2014-07-09 20:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-06-19 03:06 - 2014-07-09 20:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-06-19 02:48 - 2014-07-09 20:19 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-06-19 02:42 - 2014-07-09 20:19 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-06-19 02:42 - 2014-07-09 20:19 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-06-19 02:41 - 2014-07-09 20:19 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-06-19 02:41 - 2014-07-09 20:19 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-06-19 02:32 - 2014-07-09 20:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-06-19 02:31 - 2014-07-09 20:19 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-06-19 02:26 - 2014-07-09 20:19 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-06-19 02:24 - 2014-07-09 20:19 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-06-19 02:24 - 2014-07-09 20:19 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-06-19 02:23 - 2014-07-09 20:19 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-06-19 02:16 - 2014-07-09 20:19 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-06-19 02:14 - 2014-07-09 20:19 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-06-19 02:09 - 2014-07-09 20:19 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-06-19 01:59 - 2014-07-09 20:19 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-06-19 01:56 - 2014-07-09 20:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-06-19 01:53 - 2014-07-09 20:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-06-19 01:51 - 2014-07-09 20:19 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-06-19 01:50 - 2014-07-09 20:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-06-19 01:48 - 2014-07-09 20:19 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-06-19 01:39 - 2014-07-09 20:19 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-06-19 01:38 - 2014-07-09 20:19 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-06-19 01:37 - 2014-07-09 20:19 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-06-19 01:36 - 2014-07-09 20:19 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-06-19 01:35 - 2014-07-09 20:19 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-06-19 01:33 - 2014-07-09 20:19 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-06-19 01:32 - 2014-07-09 20:19 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-06-19 01:28 - 2014-07-09 20:19 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-06-19 01:28 - 2014-07-09 20:19 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-06-19 01:27 - 2014-07-09 20:19 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-06-19 01:27 - 2014-07-09 20:19 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-06-19 01:25 - 2014-07-09 20:19 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-06-19 01:23 - 2014-07-09 20:19 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-06-19 01:22 - 2014-07-09 20:19 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-06-19 01:12 - 2014-07-09 20:19 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-06-19 01:06 - 2014-07-09 20:19 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-06-19 01:01 - 2014-07-09 20:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-06-19 00:59 - 2014-07-09 20:19 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-06-19 00:58 - 2014-07-09 20:19 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-06-19 00:58 - 2014-07-09 20:19 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-06-19 00:52 - 2014-07-09 20:19 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-06-19 00:51 - 2014-07-09 20:19 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-06-19 00:49 - 2014-07-09 20:19 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-06-19 00:46 - 2014-07-09 20:19 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-06-19 00:45 - 2014-07-09 20:19 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-06-19 00:35 - 2014-07-09 20:19 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-06-19 00:34 - 2014-07-09 20:19 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-06-19 00:15 - 2014-07-09 20:19 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-06-19 00:13 - 2014-07-09 20:19 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-06-19 00:09 - 2014-07-09 20:19 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-06-19 00:07 - 2014-07-09 20:19 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-06-18 18:27 - 2012-06-07 19:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-18 14:00 - 2014-06-18 13:59 - 00000338 _____ () C:\Windows\SysWOW64\winpdf.ini 2014-06-18 04:18 - 2014-07-09 20:19 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-06-18 03:51 - 2014-07-09 20:19 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-06-18 03:10 - 2014-07-09 20:19 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-06-18 00:17 - 2014-06-17 23:39 - 00000000 ____D () C:\Users\Instinct\Desktop\YGOPro DevPro 2014-06-17 23:38 - 2014-06-17 23:32 - 504767822 _____ () C:\Users\Instinct\Desktop\YGOPro DevPro.zip 2014-06-17 20:53 - 2012-05-06 17:10 - 00000000 ____D () C:\ProgramData\Intel 2014-06-17 20:50 - 2012-10-17 16:55 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-06-17 19:59 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-06-17 11:08 - 2014-06-17 11:08 - 00003476 _____ () C:\Windows\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon 2014-06-17 11:08 - 2012-05-06 17:08 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel 2014-06-17 11:07 - 2014-06-17 11:07 - 00000000 ____D () C:\ProgramData\Intel(R) Update Manager 2014-06-17 11:07 - 2012-05-06 17:05 - 00000000 ____D () C:\Program Files (x86)\Intel 2014-06-17 11:05 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions Some content of TEMP: ==================== C:\Users\Instinct\AppData\Local\Temp\ICReinstall_FreeYouTubeToMP3Converter.exe C:\Users\Instinct\AppData\Local\Temp\ICSharpCode.SharpZipLib.dll C:\Users\Instinct\AppData\Local\Temp\YgoUpdater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-08 17:37 ==================== End Of Log ============================ --- --- --- |
13.07.2014, 14:59 | #4 | |
/// the machine /// TB-Ausbilder | Datein auf USB-Stick kopieren dauert ewigZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
13.07.2014, 15:04 | #5 |
| Datein auf USB-Stick kopieren dauert ewig Also Acronis ist eigentlich schon lange nicht mehr drauf, hatte das mal für die Ausbildung installiert, unter programme deinstallieren oder ändern ist es auch nicht mehr drinnen, hab zwar noch unter c: nen acronis ordner aber wenn ich die uninstall.exe ausführen will sagt er: "Keine True Image-Komponenten gefunden" Den Ordner hab ich jetzt auch gelöscht bzw alles bis auf eine datei, die kriege ich nicht gelöscht, die wird irgentwie noch vom explorer verwendet Geändert von Instinct84 (13.07.2014 um 15:12 Uhr) |
14.07.2014, 13:41 | #6 |
/// the machine /// TB-Ausbilder | Datein auf USB-Stick kopieren dauert ewig Panda USB Vaccine - Download - Filepony Das laufen lassen zum Absichern des Sticks. Scan mit Combofix
__________________ --> Datein auf USB-Stick kopieren dauert ewig |
14.07.2014, 14:32 | #7 |
| Datein auf USB-Stick kopieren dauert ewig Also Panda USB Vaccine habe ich nicht durch laufen lassen, da der USB Stick frisch formatiert war und ich das selbe problem bei unseren handys hatte (Galaxy S2&4). Das Problem tritt auch nicht mehr auf. Die Fehlermeldung mit dem Registrierschlüssel kam nicht, dafür kamen ca. 7 Fehlermeldungen am ende, als das Programm fertig war, vor dem neustart. Diese habe ich abfotografiert, falls sie benötigt werden. So sahen die Fehlermeldungen aus: Error saving file. "Programm Pfad" Continue with the next file? Unter C:\ gab es keine Combofix.txt, nur unter C:\Combofix\Combofix.txt Code:
ATTFilter ComboFix 14-07-14.01 - Instinct 14.07.2014 14:53:23.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8088.5189 [GMT 2:00] Running from: E:\Downloads\ComboFix.exe AV: COMODO Antivirus *Enabled/Outdated* {B74CC7D2-B407-E1DC-1033-DD315BCDC8C8} AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} FW: COMODO Firewall *Enabled* {8F7746F7-FE68-E084-3B6C-7404A51E8FB3} SP: COMODO Antivirus *Enabled/Updated* {0C2D2636-923D-EE52-2A83-E643204A8275} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} |
14.07.2014, 18:07 | #8 |
/// the machine /// TB-Ausbilder | Datein auf USB-Stick kopieren dauert ewig Poste mal bitte ein frisches FRST log.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Datein auf USB-Stick kopieren dauert ewig |
.com, 4d36e972-e325-11ce-bfc1-08002be10318, antivirus, autokms, branding, computer, converter, defender, dvdvideosoft ltd., einstellungen, firefox, firewall, flash player, help, internet, koyote, opera, problem, pup.optional.helperbar.a, pup.optional.installcore.a, pup.optional.opencandy, pup.optional.softonic.a, pup.optional.speedial.a, pup.optional.websearch.a, rundll, safer networking, software, windows |