| |
| |||||||
Log-Analyse und Auswertung: Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.07.2014, 12:55
| #1 |
| |  Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite. Hallo liebes Forum, wir haben seit gestern einen Virus namens TR/Trash.Gen auf unserem Notebook. Avira hat ihn entdeckt. C:\Program Files (x86)\Adanak\bin\utilAdanak.exe ist TR/Trash.Gen Dazu kommt, dass sich automatisch bei Öffnen von Google Chrome istartwebsearch öffnet, obwohl nur http:\\www.google.de als Startseite hinterlegt ist. Ich habe bereits mit Malwarebytes gescannt und alles was er gefunden hat, gelöscht (über "Delete all"), jedoch keine Logdatei gespeichert.  Wir hatten bereits vor ein paar Wochen oder 2-3 Monaten, bin mir da nicht mehr ganz sicher, schon einmal genau das gleiche Problem, da hieß der Virusfund nur anders. Habe mir nach einiger Recherche damals Malwarebytes runtergeladen und das mit dem Löschen so durchgeführt wie jetzt auch. Allerdings war dann Ruhe. Damals hatte sich ein angebliches Java-Update-Popup geöffnet, das täuschend echt aussah. Auf welcher Seite ich war, weiß ich nicht mehr.  Natürlich habe ich es einfach ausgeführt. Als der Download fertig war, habe ich auf "Ausführen" geklickt und zack: Trojaner.  Diesesmal war aber alles anders. Ich habe diesesmal keinen blassen Schimmer woher das kommen könnte. Zudem haben wir seit kurzem sogar (genau aus solchen Gründen) AdBlock Plus installiert. So Schluss mit lustig: Ich hoffe ihr könnt uns schnell helfen.  Mit freundlichen Grüßen David u. Kristina Hier die Logs: Reihenfolge lt. Anleitung Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:49 on 31/07/2014 (Kristina)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Kristina (administrator) on DULLI on 31-07-2014 12:52:35
Running from C:\Users\Kristina\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
() C:\Users\Kristina\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-12-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1001-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1002\...\MountPoints2: {842bb539-4fdf-11e3-be73-806e6f6e6963} - "E:\Autorun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1406736912&from=exp&uid=HGSTXHTS541010A9E680_JA100610266V3V266V3VX&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1406736912&from=exp&uid=HGSTXHTS541010A9E680_JA100610266V3V266V3VX&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira Savings Advisor BHO -> {A18A516C-AA41-46A9-92DB-60208917E442} -> C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\bulyorza.default
FF DefaultSearchEngine: webssearches
FF SelectedSearchEngine: webssearches
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF user.js: detected! => C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\bulyorza.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2014-07-30]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-12-18]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-29]
CHR Extension: (Avira Sparberater) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-02-24]
CHR Extension: (Google-Suche) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Dark Vibe) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
CHR Extension: (Google Mail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\Kristina\AppData\Local\Temp\7zS1929\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-26] (Intel Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-07-29] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-17] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140209.002\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-26] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140211.003\ENG64.SYS [126040 2014-01-20] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140211.003\EX64.SYS [2099288 2014-01-20] (Symantec Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-06] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-20] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-27] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 12:52 - 2014-07-31 12:53 - 00027388 _____ () C:\Users\Kristina\Desktop\FRST.txt
2014-07-31 12:52 - 2014-07-31 12:52 - 00000000 ____D () C:\FRST
2014-07-31 12:50 - 2014-07-31 12:50 - 02094080 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe
2014-07-31 12:49 - 2014-07-31 12:49 - 00000478 _____ () C:\Users\Kristina\Desktop\defogger_disable.log
2014-07-31 12:49 - 2014-07-31 12:49 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2014-07-31 12:48 - 2014-07-31 12:48 - 00050477 _____ () C:\Users\Kristina\Desktop\Defogger.exe
2014-07-30 18:46 - 2014-07-30 19:58 - 00000000 ___RD () C:\Users\Kristina\Desktop\Games
2014-07-30 18:23 - 2014-07-30 18:23 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-30 18:20 - 2014-07-30 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-30 18:16 - 2014-07-31 09:45 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-30 18:16 - 2014-07-30 18:16 - 00000145 _____ () C:\WINDOWS\setupact.log
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-30 18:14 - 2014-07-30 18:14 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Kristina\Downloads\Die.Sims.3-.Einfach.tierisch_downloader.exe
2014-07-30 18:14 - 2014-07-30 18:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\YourFileDownloader
2014-07-30 18:14 - 2014-07-30 18:14 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater
2014-07-29 15:01 - 2014-07-30 21:34 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-07-29 15:00 - 2014-07-29 15:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\PunkBuster
2014-07-29 12:28 - 2014-07-29 15:49 - 00000000 ____D () C:\Users\Kristina\Documents\Battlefield Heroes
2014-07-29 12:27 - 2014-07-30 21:34 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-07-29 12:27 - 2014-07-30 21:29 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-07-29 12:27 - 2014-07-29 15:06 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-29 12:27 - 2014-07-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-07-29 11:36 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-07-29 11:15 - 2014-07-30 18:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-29 11:06 - 2014-07-29 11:15 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Origin
2014-07-29 11:06 - 2014-07-29 11:15 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Origin
2014-07-29 11:03 - 2014-07-29 17:02 - 00000000 ____D () C:\ProgramData\Origin
2014-07-29 11:03 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-29 11:02 - 2014-07-29 11:02 - 17088128 _____ (Electronic Arts, Inc.) C:\Users\Kristina\Downloads\OriginThinSetup.exe
2014-07-15 19:57 - 2014-07-15 19:57 - 00000000 ____D () C:\Users\Kristina\Desktop\CenterBot
2014-07-15 19:53 - 2014-07-15 19:53 - 00000000 ____D () C:\Users\Kristina\DAVID
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\edxLabs
2014-07-13 12:51 - 2014-07-13 12:51 - 01283622 _____ () C:\Users\Kristina\Documents\[ISRO] CenterBot v1.23.rar
2014-07-12 10:49 - 2014-07-30 19:56 - 00039372 _____ () C:\WINDOWS\PFRO.log
2014-07-09 16:47 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 16:44 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 16:44 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 16:44 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 16:44 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 16:43 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 16:43 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 16:43 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 16:43 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 16:43 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 16:43 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 16:43 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 16:43 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 16:43 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 16:43 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 16:43 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 16:43 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 16:43 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 16:43 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 16:43 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 16:43 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 16:43 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 16:43 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 16:43 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 16:43 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 16:43 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 16:43 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 16:43 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 16:43 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 16:43 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 16:43 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 16:43 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 16:43 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 16:43 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 16:43 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 16:43 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 16:43 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 16:43 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 16:42 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 16:42 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 16:42 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 16:42 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 16:42 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 16:42 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 16:42 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:42 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 16:42 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 16:42 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:42 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 16:42 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 16:42 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 16:42 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 16:42 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 16:42 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 16:42 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 16:37 - 2014-07-09 16:37 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:56 - 2014-07-16 01:17 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 10:03 - 2014-07-08 10:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-07-08 09:22 - 2014-07-21 08:14 - 00000000 ____D () C:\Program Files (x86)\Silkroad
2014-07-07 17:48 - 2014-07-31 12:08 - 01226412 _____ () C:\WINDOWS\WindowsUpdate.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 12:53 - 2014-07-31 12:52 - 00027388 _____ () C:\Users\Kristina\Desktop\FRST.txt
2014-07-31 12:52 - 2014-07-31 12:52 - 00000000 ____D () C:\FRST
2014-07-31 12:50 - 2014-07-31 12:50 - 02094080 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe
2014-07-31 12:49 - 2014-07-31 12:49 - 00000478 _____ () C:\Users\Kristina\Desktop\defogger_disable.log
2014-07-31 12:49 - 2014-07-31 12:49 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2014-07-31 12:49 - 2014-05-02 08:07 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF1733D9-EAC2-4D7F-ABB4-1183DCDB8974}
2014-07-31 12:49 - 2013-12-22 15:11 - 00000000 ____D () C:\Users\Kristina
2014-07-31 12:48 - 2014-07-31 12:48 - 00050477 _____ () C:\Users\Kristina\Desktop\Defogger.exe
2014-07-31 12:15 - 2013-12-17 20:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 12:11 - 2013-12-23 08:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 12:08 - 2014-07-07 17:48 - 01226412 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-31 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 10:54 - 2014-02-21 20:46 - 00000000 ____D () C:\Users\Kristina\AppData\Local\CrashDumps
2014-07-31 10:52 - 2014-05-01 15:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 10:40 - 2013-12-17 20:30 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1651834102-2589068299-2385328783-1002
2014-07-31 10:02 - 2014-06-13 23:10 - 00005134 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DULLI-Kristina Dulli
2014-07-31 09:45 - 2014-07-30 18:16 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-31 09:41 - 2014-05-04 08:34 - 00000000 ____D () C:\Users\Kristina\Documents\Youcam
2014-07-31 09:41 - 2013-12-17 20:45 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 09:40 - 2013-12-22 17:54 - 00000000 __RDO () C:\Users\Kristina\SkyDrive
2014-07-31 09:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 21:34 - 2014-07-29 15:01 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-07-30 21:34 - 2014-07-29 12:27 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-07-30 21:29 - 2014-07-29 12:27 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-07-30 20:15 - 2013-08-22 15:25 - 00000229 _____ () C:\WINDOWS\win.ini
2014-07-30 20:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-30 19:58 - 2014-07-30 18:46 - 00000000 ___RD () C:\Users\Kristina\Desktop\Games
2014-07-30 19:57 - 2014-03-06 19:03 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKristina.job
2014-07-30 19:57 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-30 19:56 - 2014-07-12 10:49 - 00039372 _____ () C:\WINDOWS\PFRO.log
2014-07-30 19:56 - 2014-05-22 16:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 19:56 - 2014-05-22 16:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 19:56 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-30 19:11 - 2013-12-17 20:20 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Packages
2014-07-30 19:01 - 2014-05-01 14:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-30 18:55 - 2013-12-19 18:21 - 00000000 ____D () C:\Users\Kristina\Documents\DAVID
2014-07-30 18:23 - 2014-07-30 18:23 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-30 18:23 - 2014-05-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-30 18:23 - 2014-05-01 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-30 18:20 - 2014-07-30 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-30 18:20 - 2014-07-29 11:15 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-30 18:20 - 2013-07-22 11:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-30 18:16 - 2014-07-30 18:16 - 00000145 _____ () C:\WINDOWS\setupact.log
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-30 18:14 - 2014-07-30 18:14 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Kristina\Downloads\Die.Sims.3-.Einfach.tierisch_downloader.exe
2014-07-30 18:14 - 2014-07-30 18:14 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\YourFileDownloader
2014-07-30 18:14 - 2014-07-30 18:14 - 00000000 ____D () C:\Program Files (x86)\YourFileDownloader Updater
2014-07-29 17:02 - 2014-07-29 11:03 - 00000000 ____D () C:\ProgramData\Origin
2014-07-29 15:49 - 2014-07-29 12:28 - 00000000 ____D () C:\Users\Kristina\Documents\Battlefield Heroes
2014-07-29 15:06 - 2014-07-29 12:27 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-29 15:00 - 2014-07-29 15:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\PunkBuster
2014-07-29 12:27 - 2014-07-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-07-29 11:36 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-07-29 11:15 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Origin
2014-07-29 11:15 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Origin
2014-07-29 11:06 - 2014-07-29 11:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-29 11:03 - 2014-01-01 23:55 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-29 11:03 - 2013-12-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-29 11:02 - 2014-07-29 11:02 - 17088128 _____ (Electronic Arts, Inc.) C:\Users\Kristina\Downloads\OriginThinSetup.exe
2014-07-28 20:19 - 2014-03-06 19:03 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKristina
2014-07-27 18:07 - 2013-12-18 20:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-24 21:01 - 2013-12-29 22:53 - 00501760 ___SH () C:\Users\Kristina\Downloads\Thumbs.db
2014-07-24 20:28 - 2013-11-14 09:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-24 20:28 - 2013-11-14 09:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-24 20:28 - 2013-11-14 09:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-24 11:08 - 2014-05-22 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:30 - 2013-12-19 18:20 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-24 10:30 - 2013-12-19 18:20 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-21 08:14 - 2014-07-08 09:22 - 00000000 ____D () C:\Program Files (x86)\Silkroad
2014-07-16 01:17 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype
2014-07-15 19:57 - 2014-07-15 19:57 - 00000000 ____D () C:\Users\Kristina\Desktop\CenterBot
2014-07-15 19:53 - 2014-07-15 19:53 - 00000000 ____D () C:\Users\Kristina\DAVID
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\edxLabs
2014-07-13 12:51 - 2014-07-13 12:51 - 01283622 _____ () C:\Users\Kristina\Documents\[ISRO] CenterBot v1.23.rar
2014-07-12 11:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 10:50 - 2013-08-22 16:44 - 00511224 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 10:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:46 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 10:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 10:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 12:58 - 2014-02-24 14:24 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 16:49 - 2013-12-22 13:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 16:49 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 16:48 - 2013-12-22 13:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 16:37 - 2014-07-09 16:37 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:56 - 2014-07-09 10:56 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-09 10:32 - 2012-08-04 02:02 - 00000000 ____D () C:\SWSetup
2014-07-09 10:28 - 2014-06-13 22:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-08 19:11 - 2013-12-23 08:37 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 10:03 - 2014-07-08 10:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-07-08 07:41 - 2014-02-02 23:09 - 00126976 ___SH () C:\Users\Kristina\Desktop\Thumbs.db
2014-07-07 13:14 - 2013-12-17 21:55 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-07 13:14 - 2013-12-17 21:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-03 12:11 - 2013-12-23 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-01 14:53 - 2014-02-24 08:19 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 08:55 - 2013-12-19 18:22 - 00000000 ____D () C:\Users\Kristina\Documents\HAUSHALT
Some content of TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\avgnt.exe
C:\Users\Kristina\AppData\Local\Temp\htmlayout.dll
C:\Users\Kristina\AppData\Local\Temp\sdanircmdc.exe
C:\Users\Kristina\AppData\Local\Temp\sdapskill.exe
C:\Users\Kristina\AppData\Local\Temp\sdaspwn.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578988204.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578988600.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578991084.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579265584.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579266898.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579266992.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579267148.exe
C:\Users\Kristina\AppData\Local\Temp\UninstallEADM.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-24 11:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Kristina at 2014-07-31 12:54:50
Running from C:\Users\Kristina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Avira Savings Advisor (HKLM-x32\...\{A18A516C-AA41-46A9-92DB-60208917E442}) (Version: 1.5.14 - Avira) <==== ATTENTION
B109a-m (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Feature Update Service (YFD) (HKCU\...\YourFileDownloaderUpdater) (Version: 2.14.31 - ) <==== ATTENTION
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotosizer 2.08 (HKLM-x32\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{5AEA9B93-6C6A-4A0F-B2FA-BD8AA4C59B80}) (Version: 14.0 - HP)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lemonade Inc. für Windows (HKLM-x32\...\Lemonade Inc. für Windows) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silkroad (HKLM-x32\...\Silkroad) (Version: - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1651834102-2589068299-2385328783-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
24-07-2014 09:05:34 Windows Update
29-07-2014 09:56:56 Installiert The Sims 3 Pets Create A Pet Demo
30-07-2014 16:17:18 Revo Uninstaller's restore point - 337 GAMES
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0544B624-8437-4A69-9477-9018B0169EF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {068BB787-D748-4F7A-B98F-E6D33468F2B3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0A9553EB-EE16-450D-869C-184CC085D588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FB75FAF-88E2-4491-9755-78D800DF2E4A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {156FF334-82E5-4676-82B0-4832C4356798} - System32\Tasks\HPCeeScheduleForKristina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {194B5541-820F-48E5-AA8B-A5728B5624B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {1A1E3B34-AA46-4429-A69C-640BE792154E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28896FF3-9298-408B-B329-7F1E5825E61A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37189418-64E2-45E7-A8E8-3B40A769493F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D0B7C59-1AFD-463E-B8B2-E9A4A9979D36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {49430173-85AF-48AA-A88E-0C5F5EECA228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A8BCCD5-D110-4025-BEED-1A3BBCFA925C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {4D9A0153-2601-4607-BE36-5F4D5D0C0A04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {55526BD5-72EA-447F-A5F3-6D23F704F0EA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {5994E08E-9A69-4083-A8C3-995FE59AB7CE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {60C508B2-A95F-4658-81D1-E3980A923021} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-4 No Task File <==== ATTENTION
Task: {686B043E-6033-47E7-948C-42EDE864FF39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1651834102-2589068299-2385328783-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744EE101-6990-4DE7-8622-B0CD2328A63E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {84246348-A22D-4E2A-B6F2-BB9C673DC630} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {93E469B5-D831-467C-91D2-A843DF13AA2E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {9DD5AE44-172F-432C-AC9D-D9A2A425D5B1} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0441E42-A93B-44A7-B979-1F3A5B71BC5F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DULLI-Kristina Dulli => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {A04CCF35-1211-41EE-81EE-CDDDE7A67995} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-5 No Task File <==== ATTENTION
Task: {AC3F791C-3E18-402D-812D-7FB4F8EF65CF} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {BB22206A-4AC4-4A54-9699-8FDEE73C0068} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-3 No Task File <==== ATTENTION
Task: {BC85E33E-9165-4C38-B954-54216A01FD21} - \YourFile DownloaderUpdate No Task File <==== ATTENTION
Task: {C58C1273-816C-4717-8D2D-F3613C20F0EE} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {C885B3FC-3583-49FA-A790-E02F678EB734} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CB45D076-5DBB-4D26-B8F3-20DEB77FCAF3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D063E6AF-3FD7-4273-BEC2-C467218514A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E966DE08-81ED-4710-A726-2ED65F6F671A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {F997D6CB-D00C-4DE6-B352-BA61615B10CC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKristina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2014-05-18 13:39 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-06-13 22:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-29 12:27 - 2014-07-29 15:06 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-22 15:07 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-23 08:24 - 2014-05-23 08:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-07-31 12:48 - 2014-07-31 12:48 - 00050477 _____ () C:\Users\Kristina\Desktop\Defogger.exe
2013-12-26 11:23 - 2013-12-26 11:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-01 22:52 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
2014-06-26 09:09 - 2014-06-26 09:09 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Kristina\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (07/31/2014 10:54:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x25e8
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (07/31/2014 10:40:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: svchost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfe3
Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.17031, Zeitstempel: 0x53087867
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000005fc4
ID des fehlerhaften Prozesses: 0x890
Startzeit der fehlerhaften Anwendung: 0xsvchost.exe0
Pfad der fehlerhaften Anwendung: svchost.exe1
Pfad des fehlerhaften Moduls: svchost.exe2
Berichtskennung: svchost.exe3
Vollständiger Name des fehlerhaften Pakets: svchost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: svchost.exe5
Error: (07/31/2014 10:01:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17031, Zeitstempel: 0x5308893d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001f0a3
ID des fehlerhaften Prozesses: 0xb94
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (07/31/2014 09:50:00 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (07/30/2014 09:10:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (07/30/2014 08:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.0.0.532, Zeitstempel: 0x53518532
Name des fehlerhaften Moduls: mbamcore.dll, Version: 1.0.11.0, Zeitstempel: 0x536d8027
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0003bcc7
ID des fehlerhaften Prozesses: 0xdf0
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3
Vollständiger Name des fehlerhaften Pakets: mbam.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: mbam.exe5
Error: (07/30/2014 08:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x1790
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (07/30/2014 08:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: SkyDrive.exe, Version: 17.3.1165.612, Zeitstempel: 0x539a47b7
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.3.9600.17055, Zeitstempel: 0x532943a3
Ausnahmecode: 0x80000003
Fehleroffset: 0x000b3425
ID des fehlerhaften Prozesses: 0x750
Startzeit der fehlerhaften Anwendung: 0xSkyDrive.exe0
Pfad der fehlerhaften Anwendung: SkyDrive.exe1
Pfad des fehlerhaften Moduls: SkyDrive.exe2
Berichtskennung: SkyDrive.exe3
Vollständiger Name des fehlerhaften Pakets: SkyDrive.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: SkyDrive.exe5
Error: (07/30/2014 07:02:44 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
Error: (07/30/2014 06:15:55 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
System errors:
=============
Error: (07/31/2014 09:45:06 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Update Adanak" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/31/2014 09:45:05 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IePlugin Services" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/31/2014 00:22:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (07/30/2014 08:00:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (07/30/2014 08:00:08 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1326
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (07/30/2014 07:12:57 PM) (Source: DCOM) (EventID: 10016) (User: DULLI)
Description: ComputerstandardLokalAktivierung{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DulliKristinaS-1-5-21-1651834102-2589068299-2385328783-1002LocalHost (unter Verwendung von LRPC)Microsoft.BingFinance_3.0.2.258_x64__8wekyb3d8bbweS-1-15-2-3492598633-4112760462-2134878185-2430567730-3345539238-3072415288-217264472
Error: (07/30/2014 00:15:03 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 27 Mal passiert.
Error: (07/30/2014 09:45:53 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (07/30/2014 09:45:23 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst HPWMISVC erreicht.
Error: (07/29/2014 05:02:27 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "CyberLink PowerDVD 12 Media Server Service" wurde unerwartet beendet. Dies ist bereits 26 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (07/31/2014 10:54:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342525e801cfac9d14d6aafaC:\Users\Kristina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll56198d7b-1890-11e4-be97-a0d3c159196b
Error: (07/31/2014 10:40:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe6.3.9600.163845215dfe3combase.dll6.3.9600.1703153087867c00000050000000000005fc489001cfac1fc2302f73C:\WINDOWS\system32\svchost.exeC:\WINDOWS\SYSTEM32\combase.dll5a1dc68c-188e-11e4-be97-a0d3c159196b
Error: (07/31/2014 10:01:31 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532ntdll.dll6.3.9600.170315308893dc00000050001f0a3b9401cfac9342fbec7aC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\WINDOWS\SYSTEM32\ntdll.dlle16d352c-1888-11e4-be97-a0d3c159196b
Error: (07/31/2014 09:50:00 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161
Error: (07/30/2014 09:10:45 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (07/30/2014 08:16:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532mbamcore.dll1.0.11.0536d8027c00000050003bcc7df001cfac2005eae732C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamcore.dll8f3b60f9-1815-11e4-be97-a0d3c159196b
Error: (07/30/2014 08:05:02 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b3425179001cfac20c38c2994C:\Users\Kristina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dll06714c89-1814-11e4-be97-a0d3c159196b
Error: (07/30/2014 08:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SkyDrive.exe17.3.1165.612539a47b7KERNELBASE.dll6.3.9600.17055532943a380000003000b342575001cfac208a29ea75C:\Users\Kristina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\WINDOWS\SYSTEM32\KERNELBASE.dllf95eada1-1813-11e4-be97-a0d3c159196b
Error: (07/30/2014 07:02:44 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
Error: (07/30/2014 06:15:55 PM) (Source: WindowsMangerProtect) (EventID: 102) (User: )
Description: WindowsMangerProtect
==================== Memory info ===========================
Percentage of memory in use: 21%
Total physical RAM: 12058.15 MB
Available physical RAM: 9491.07 MB
Total Pagefile: 13914.15 MB
Available Pagefile: 11173.87 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:909.79 GB) (Free:800.23 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 298DD091)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-31 13:39:04
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002c HGST_HTS541010A9E680 rev.JA0OA590 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Kristina\AppData\Local\Temp\pgldapod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000cc600 15 bytes [00, F8, 09, 02, 80, 32, 72, ...]
.text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 16 fffff960000cc610 11 bytes [00, BC, FB, FF, 00, 77, B2, ...]
---- User code sections - GMER 2.1 ----
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleInformation 00007fffca2928c0 7 bytes JMP 00008000c85b02d0
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!RegQueryValueExW 00007fffca2943d8 7 bytes JMP 00008000c85b0308
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExA 00007fffca341f20 7 bytes JMP 00008000c85b0378
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!RegSetValueExW 00007fffca3440b4 7 bytes JMP 00008000c85b03b0
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!RegDeleteValueW 00007fffca344510 7 bytes JMP 00008000c85b0340
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!K32GetModuleFileNameExW 00007fffca344af0 7 bytes JMP 00008000c85b0260
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!K32EnumProcessModulesEx 00007fffca36cea0 7 bytes JMP 00008000c85b0228
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNEL32.DLL!K32GetMappedFileNameW 00007fffca36cf10 7 bytes JMP 00008000c85b0298
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleW 00007fffc85c2300 7 bytes JMP 00008000c85b00d8
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!FreeLibrary 00007fffc85c5770 5 bytes JMP 00008000c85b0180
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!LoadLibraryExW 00007fffc85c5860 5 bytes JMP 00008000c85b0148
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\KERNELBASE.dll!GetModuleHandleExW 00007fffc85c5a30 5 bytes JMP 00008000c85b0110
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\USER32.dll!CreateWindowExW 00007fffcadcb6f4 10 bytes JMP 00008000c85b0490
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesW 00007fffcadd45d8 5 bytes JMP 00008000c85b0458
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\USER32.dll!DisplayConfigGetDeviceInfo 00007fffcadd4750 9 bytes JMP 00008000c85b03e8
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\USER32.dll!EnumDisplayDevicesA 00007fffcade4fc0 5 bytes JMP 00008000c85b0420
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\GDI32.dll!D3DKMTGetDisplayModeList 00007fffcac71500 8 bytes JMP 00008000c85b01b8
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\system32\GDI32.dll!D3DKMTQueryAdapterInfo 00007fffcac71750 8 bytes JMP 00008000c85b01f0
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory1 00007fffc62f7c28 5 bytes JMP 00008000c6140110
.text C:\WINDOWS\System32\dwm.exe[2492] C:\WINDOWS\System32\dxgi.dll!CreateDXGIFactory 00007fffc6304b84 5 bytes JMP 00008000c61400d8
.text C:\WINDOWS\system32\nvvsvc.exe[4980] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffca6b169a 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[4980] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffca6b16a2 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[4980] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffca6b181a 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\system32\nvvsvc.exe[4980] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffca6b1832 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[5008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffca6b169a 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[5008] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffca6b16a2 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[5008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffca6b181a 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\Explorer.EXE[5008] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffca6b1832 4 bytes [6B, CA, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffca6b169a 4 bytes [6B, CA, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6032] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffca6b16a2 4 bytes [6B, CA, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffca6b181a 4 bytes [6B, CA, FF, 7F]
.text C:\Program Files\Synaptics\SynTP\SynTPEnh.exe[6032] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffca6b1832 4 bytes [6B, CA, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4304] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007fffca6b169a 4 bytes [6B, CA, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4304] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007fffca6b16a2 4 bytes [6B, CA, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4304] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007fffca6b181a 4 bytes [6B, CA, FF, 7F]
.text C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE[4304] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007fffca6b1832 4 bytes [6B, CA, FF, 7F]
.text C:\WINDOWS\System32\svchost.exe[6204] c:\windows\system32\WSOCK32.dll!setsockopt + 194 00007fffbe991f6a 4 bytes [99, BE, FF, 7F]
.text C:\WINDOWS\System32\svchost.exe[6204] c:\windows\system32\WSOCK32.dll!setsockopt + 218 00007fffbe991f82 4 bytes [99, BE, FF, 7F]
---- Threads - GMER 2.1 ----
Thread C:\WINDOWS\system32\csrss.exe [844:3736] fffff960008a0b90
---- Processes - GMER 2.1 ----
Library c:\users\kristina\appdata\local\temp\7zs1929\hpslpsvc64.dll (*** suspicious ***) @ C:\WINDOWS\system32\svchost.exe [13036] (HP Network Devices Support/Hewlett-Packard Co.)(2014-01-28 16:01:52) 0000000180000000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
31.07.2014, 14:10
| #2 |
| /// the machine /// TB-Ausbilder    |  Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite. hi,
__________________Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
31.07.2014, 15:11
| #3 |
| | Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite. Vielen Dank für die superschnelle Antwort. Ich denke das Problem ist behoben. Ich arbeite bestimmt seit 3 oder 4 Jahren schon mit Revo und habe die 2 Dateien übersehen, deswegen kam es wohl immer wieder. Danke für deine Hilfe. Hier nochmal zur Sicherheit die Logs zum Check:
__________________Code:
ATTFilter # AdwCleaner v3.302 - Bericht erstellt am 31/07/2014 um 15:29:11
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Kristina - DULLI
# Gestartet von : C:\Users\Kristina\Desktop\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Kristina\AppData\Roaming\YourFileDownloader
Datei Gelöscht : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\bulyorza.default\user.js
***** [ Tasks ] *****
Task Gelöscht : APSnotifierPP1
Task Gelöscht : YourFile DownloaderUpdate
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Kristina\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\bulyorza.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "webssearches");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "webssearches");
-\\ Google Chrome v36.0.1985.125
[ Datei : C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : amfclgbdpgndipgoegfpkkgobahigbcl
*************************
AdwCleaner[R0].txt - [7302 octets] - [01/05/2014 15:16:24]
AdwCleaner[R1].txt - [1284 octets] - [01/05/2014 15:30:35]
AdwCleaner[R2].txt - [4715 octets] - [31/07/2014 15:24:47]
AdwCleaner[R3].txt - [4499 octets] - [31/07/2014 15:28:23]
AdwCleaner[S0].txt - [5783 octets] - [01/05/2014 15:22:06]
AdwCleaner[S1].txt - [3680 octets] - [31/07/2014 15:29:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3740 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Kristina on 31.07.2014 at 15:59:34,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{995F4BA9-CC4A-41A0-B361-FA996141DF9F}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{995F4BA9-CC4A-41A0-B361-FA996141DF9F}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Kristina\AppData\Roaming\mozilla\firefox\profiles\bulyorza.default\minidumps [7 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.07.2014 at 16:04:41,57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 01
Ran by Kristina (administrator) on DULLI on 31-07-2014 16:05:53
Running from C:\Users\Kristina\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Akamai Technologies, Inc.) C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccsvchst.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7202520 2013-12-27] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2771184 2013-12-27] (Synaptics Incorporated)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [267224 2013-05-22] (CyberLink Corp.)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [77088 2013-07-24] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [1045304 2013-12-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1002\...\Run: [Akamai NetSession Interface] => C:\Users\Kristina\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-1651834102-2589068299-2385328783-1002\...\MountPoints2: {842bb539-4fdf-11e3-be73-806e6f6e6963} - "E:\Autorun.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.uk.msn.com/HPNOT13/4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {995F4BA9-CC4A-41A0-B361-FA996141DF9F} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-154345-12128-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\bulyorza.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\coFFPlgn [2014-07-31]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\IPSFF [2013-12-18]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR StartupUrls: "https://www.google.de/"
CHR Extension: (Google Docs) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-17]
CHR Extension: (Google Drive) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-20]
CHR Extension: (YouTube) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-20]
CHR Extension: (Battlefield Heroes) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\cehdakiococlfmjcbebbkjkfjhbieknh [2014-07-29]
CHR Extension: (Google-Suche) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-20]
CHR Extension: (Dark Vibe) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj [2014-07-26]
CHR Extension: (AdBlock) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-07-26]
CHR Extension: (Google Wallet) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-17]
CHR Extension: (Google Mail) - C:\Users\Kristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-20]
CHR HKLM-x32\...\Chrome\Extension: [bejnhdlplbjhffionohbdnpcbobfejcc] - C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\Exts\Chrome.crx [2014-05-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-05] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-05] (CyberLink)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-06-07] (Hewlett-Packard Company) [File not signed]
R2 HPSLPSVC; C:\Users\Kristina\AppData\Local\Temp\7zS1929\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [46904 2013-12-17] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [1039160 2013-12-25] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-26] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-26] (Intel Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2014-07-29] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [245832 2013-05-17] (Realtek Semiconductor)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-12-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2014-02-14] (Avira Operations GmbH & Co. KG)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows (R) Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows (R) Win 7 DDK provider)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-17] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-17] (Symantec Corporation) [File not signed]
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\IPSDefs\20140209.002\IDSvia64.sys [521944 2014-01-21] (Symantec Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-12-26] (Intel Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140211.003\ENG64.SYS [126040 2014-01-20] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.3.0.36\Definitions\VirusDefs\20140211.003\EX64.SYS [2099288 2014-01-20] (Symantec Corporation)
S3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [429272 2014-02-06] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3068120 2014-03-20] (Realtek Semiconductor Corporation )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-12-27] (Synaptics Incorporated)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1405000.01C\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1405000.01C\SRTSPX64.SYS [36952 2013-03-05] (Symantec Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1405000.01C\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1405000.01C\SymELAM.sys [23448 2012-11-15] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-18] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1405000.01C\Ironx64.SYS [224416 2013-03-05] (Symantec Corporation)
R3 SymNetS; C:\Windows\System32\Drivers\NISx64\1405000.01C\SYMNETS.SYS [433752 2013-04-25] (Symantec Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 16:05 - 2014-07-31 16:06 - 00025004 _____ () C:\Users\Kristina\Desktop\FRST.txt
2014-07-31 16:04 - 2014-07-31 16:05 - 00001044 _____ () C:\Users\Kristina\Desktop\JRT.txt
2014-07-31 15:59 - 2014-07-31 15:59 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-31 15:32 - 2014-07-31 15:32 - 00003832 _____ () C:\Users\Kristina\Desktop\AdwCleaner[S1].txt
2014-07-31 15:30 - 2014-07-31 15:30 - 00001378 _____ () C:\WINDOWS\PFRO.log
2014-07-31 15:26 - 2014-07-31 15:26 - 01016261 _____ (Thisisu) C:\Users\Kristina\Desktop\JRT.exe
2014-07-31 15:24 - 2014-07-31 15:24 - 01361309 _____ () C:\Users\Kristina\Desktop\adwcleaner_3.302.exe
2014-07-31 13:39 - 2014-07-31 13:39 - 00011113 _____ () C:\Users\Kristina\Desktop\gmer.log
2014-07-31 13:30 - 2014-07-31 13:30 - 00380416 _____ () C:\Users\Kristina\Desktop\Gmer-19357.exe
2014-07-31 13:23 - 2014-07-31 13:53 - 00001383 _____ () C:\Users\Kristina\Desktop\Neues Textdokument.txt
2014-07-31 13:05 - 2014-07-31 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 12:54 - 2014-07-31 12:56 - 00040241 _____ () C:\Users\Kristina\Desktop\Addition.txt
2014-07-31 12:52 - 2014-07-31 16:05 - 00000000 ____D () C:\FRST
2014-07-31 12:50 - 2014-07-31 12:50 - 02094080 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe
2014-07-31 12:49 - 2014-07-31 12:49 - 00000478 _____ () C:\Users\Kristina\Desktop\defogger_disable.log
2014-07-31 12:49 - 2014-07-31 12:49 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2014-07-31 12:48 - 2014-07-31 12:48 - 00050477 _____ () C:\Users\Kristina\Desktop\Defogger.exe
2014-07-30 18:46 - 2014-07-30 19:58 - 00000000 ___RD () C:\Users\Kristina\Desktop\Games
2014-07-30 18:23 - 2014-07-30 18:23 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-30 18:20 - 2014-07-30 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-30 18:16 - 2014-07-31 09:45 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:14 - 2014-07-30 18:14 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Kristina\Downloads\Die.Sims.3-.Einfach.tierisch_downloader.exe
2014-07-29 15:01 - 2014-07-30 21:34 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-07-29 15:00 - 2014-07-29 15:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\PunkBuster
2014-07-29 12:28 - 2014-07-29 15:49 - 00000000 ____D () C:\Users\Kristina\Documents\Battlefield Heroes
2014-07-29 12:27 - 2014-07-30 21:34 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-07-29 12:27 - 2014-07-30 21:29 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-07-29 12:27 - 2014-07-29 15:06 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-29 12:27 - 2014-07-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-07-29 11:36 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-07-29 11:15 - 2014-07-30 18:20 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-29 11:06 - 2014-07-29 11:15 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Origin
2014-07-29 11:06 - 2014-07-29 11:15 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Origin
2014-07-29 11:03 - 2014-07-29 17:02 - 00000000 ____D () C:\ProgramData\Origin
2014-07-29 11:03 - 2014-07-29 11:06 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-29 11:02 - 2014-07-29 11:02 - 17088128 _____ (Electronic Arts, Inc.) C:\Users\Kristina\Downloads\OriginThinSetup.exe
2014-07-15 19:57 - 2014-07-15 19:57 - 00000000 ____D () C:\Users\Kristina\Desktop\CenterBot
2014-07-15 19:53 - 2014-07-15 19:53 - 00000000 ____D () C:\Users\Kristina\DAVID
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\edxLabs
2014-07-13 12:51 - 2014-07-13 12:51 - 01283622 _____ () C:\Users\Kristina\Documents\[ISRO] CenterBot v1.23.rar
2014-07-09 16:47 - 2014-04-14 05:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-07-09 16:44 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 16:44 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 16:44 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 16:44 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 16:43 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 16:43 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 16:43 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 16:43 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 16:43 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 16:43 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 16:43 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 16:43 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 16:43 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 16:43 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 16:43 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 16:43 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 16:43 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 16:43 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 16:43 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 16:43 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 16:43 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 16:43 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 16:43 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 16:43 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 16:43 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 16:43 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 16:43 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 16:43 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 16:43 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 16:43 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 16:43 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 16:43 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 16:43 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 16:43 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 16:43 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 16:43 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 16:43 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 16:42 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 16:42 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 16:42 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 16:42 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 16:42 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 16:42 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 16:42 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:42 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 16:42 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 16:42 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 16:42 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 16:42 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 16:42 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 16:42 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 16:42 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 16:42 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 16:42 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 16:37 - 2014-07-09 16:37 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:56 - 2014-07-16 01:17 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-08 10:03 - 2014-07-08 10:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-07-08 09:22 - 2014-07-21 08:14 - 00000000 ____D () C:\Program Files (x86)\Silkroad
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-07-31 16:06 - 2014-07-31 16:05 - 00025004 _____ () C:\Users\Kristina\Desktop\FRST.txt
2014-07-31 16:05 - 2014-07-31 16:04 - 00001044 _____ () C:\Users\Kristina\Desktop\JRT.txt
2014-07-31 16:05 - 2014-07-31 12:52 - 00000000 ____D () C:\FRST
2014-07-31 16:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-31 15:59 - 2014-07-31 15:59 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-31 15:53 - 2014-06-13 23:10 - 00005134 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for DULLI-Kristina Dulli
2014-07-31 15:50 - 2013-12-17 20:30 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1651834102-2589068299-2385328783-1002
2014-07-31 15:37 - 2014-05-01 15:16 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-31 15:34 - 2014-05-02 08:07 - 00003930 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{EF1733D9-EAC2-4D7F-ABB4-1183DCDB8974}
2014-07-31 15:32 - 2014-07-31 15:32 - 00003832 _____ () C:\Users\Kristina\Desktop\AdwCleaner[S1].txt
2014-07-31 15:32 - 2014-05-04 08:34 - 00000000 ____D () C:\Users\Kristina\Documents\Youcam
2014-07-31 15:31 - 2013-12-22 17:54 - 00000000 __RDO () C:\Users\Kristina\SkyDrive
2014-07-31 15:31 - 2013-12-17 20:45 - 00001122 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-31 15:30 - 2014-07-31 15:30 - 00001378 _____ () C:\WINDOWS\PFRO.log
2014-07-31 15:30 - 2013-12-23 08:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-31 15:30 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-31 15:29 - 2014-05-01 15:16 - 00000000 ____D () C:\AdwCleaner
2014-07-31 15:29 - 2013-12-17 20:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-31 15:29 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-31 15:28 - 2013-12-18 20:16 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-31 15:27 - 2014-02-21 20:46 - 00000000 ____D () C:\Users\Kristina\AppData\Local\CrashDumps
2014-07-31 15:26 - 2014-07-31 15:26 - 01016261 _____ (Thisisu) C:\Users\Kristina\Desktop\JRT.exe
2014-07-31 15:24 - 2014-07-31 15:24 - 01361309 _____ () C:\Users\Kristina\Desktop\adwcleaner_3.302.exe
2014-07-31 15:20 - 2014-02-24 08:19 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-07-31 15:15 - 2013-12-17 20:45 - 00001126 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-31 15:11 - 2013-12-23 08:37 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-31 13:53 - 2014-07-31 13:23 - 00001383 _____ () C:\Users\Kristina\Desktop\Neues Textdokument.txt
2014-07-31 13:47 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-31 13:39 - 2014-07-31 13:39 - 00011113 _____ () C:\Users\Kristina\Desktop\gmer.log
2014-07-31 13:30 - 2014-07-31 13:30 - 00380416 _____ () C:\Users\Kristina\Desktop\Gmer-19357.exe
2014-07-31 13:05 - 2014-07-31 13:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-31 12:56 - 2014-07-31 12:54 - 00040241 _____ () C:\Users\Kristina\Desktop\Addition.txt
2014-07-31 12:50 - 2014-07-31 12:50 - 02094080 _____ (Farbar) C:\Users\Kristina\Desktop\FRST64.exe
2014-07-31 12:49 - 2014-07-31 12:49 - 00000478 _____ () C:\Users\Kristina\Desktop\defogger_disable.log
2014-07-31 12:49 - 2014-07-31 12:49 - 00000000 _____ () C:\Users\Kristina\defogger_reenable
2014-07-31 12:49 - 2013-12-22 15:11 - 00000000 ____D () C:\Users\Kristina
2014-07-31 12:48 - 2014-07-31 12:48 - 00050477 _____ () C:\Users\Kristina\Desktop\Defogger.exe
2014-07-31 09:45 - 2014-07-30 18:16 - 00000000 ____D () C:\Program Files (x86)\Adanak
2014-07-31 09:40 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-30 21:34 - 2014-07-29 15:01 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.xtr
2014-07-30 21:34 - 2014-07-29 12:27 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.exe
2014-07-30 21:29 - 2014-07-29 12:27 - 00282296 _____ () C:\WINDOWS\SysWOW64\PnkBstrB.ex0
2014-07-30 20:15 - 2013-08-22 15:25 - 00000229 _____ () C:\WINDOWS\win.ini
2014-07-30 20:00 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-30 19:58 - 2014-07-30 18:46 - 00000000 ___RD () C:\Users\Kristina\Desktop\Games
2014-07-30 19:57 - 2014-03-06 19:03 - 00000356 _____ () C:\WINDOWS\Tasks\HPCeeScheduleForKristina.job
2014-07-30 19:56 - 2014-05-22 16:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-30 19:56 - 2014-05-22 16:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-30 19:11 - 2013-12-17 20:20 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Packages
2014-07-30 19:01 - 2014-05-01 14:21 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-30 18:55 - 2013-12-19 18:21 - 00000000 ____D () C:\Users\Kristina\Documents\DAVID
2014-07-30 18:23 - 2014-07-30 18:23 - 00001125 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-07-30 18:23 - 2014-05-01 15:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-30 18:23 - 2014-05-01 15:16 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-30 18:20 - 2014-07-30 18:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-07-30 18:20 - 2014-07-29 11:15 - 00000000 ____D () C:\Program Files (x86)\Origin Games
2014-07-30 18:20 - 2013-07-22 11:16 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-30 18:16 - 2014-07-30 18:16 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-07-30 18:14 - 2014-07-30 18:14 - 06985200 _____ (hxxp://yourfiledownloader.net) C:\Users\Kristina\Downloads\Die.Sims.3-.Einfach.tierisch_downloader.exe
2014-07-29 17:02 - 2014-07-29 11:03 - 00000000 ____D () C:\ProgramData\Origin
2014-07-29 15:49 - 2014-07-29 12:28 - 00000000 ____D () C:\Users\Kristina\Documents\Battlefield Heroes
2014-07-29 15:06 - 2014-07-29 12:27 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-07-29 15:00 - 2014-07-29 15:00 - 00000000 ____D () C:\Users\Kristina\AppData\Local\PunkBuster
2014-07-29 12:27 - 2014-07-29 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Games
2014-07-29 11:36 - 2014-07-29 11:36 - 00000000 ____D () C:\Program Files (x86)\EA Games
2014-07-29 11:15 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Origin
2014-07-29 11:15 - 2014-07-29 11:06 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Origin
2014-07-29 11:06 - 2014-07-29 11:03 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-29 11:03 - 2014-01-01 23:55 - 00000000 ____D () C:\ProgramData\Electronic Arts
2014-07-29 11:03 - 2013-12-18 21:07 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-07-29 11:02 - 2014-07-29 11:02 - 17088128 _____ (Electronic Arts, Inc.) C:\Users\Kristina\Downloads\OriginThinSetup.exe
2014-07-28 20:19 - 2014-03-06 19:03 - 00003176 _____ () C:\WINDOWS\System32\Tasks\HPCeeScheduleForKristina
2014-07-24 21:01 - 2013-12-29 22:53 - 00501760 ___SH () C:\Users\Kristina\Downloads\Thumbs.db
2014-07-24 20:28 - 2013-11-14 09:27 - 01984420 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-24 20:28 - 2013-11-14 09:11 - 00843606 _____ () C:\WINDOWS\system32\perfh007.dat
2014-07-24 20:28 - 2013-11-14 09:11 - 00192300 _____ () C:\WINDOWS\system32\perfc007.dat
2014-07-24 11:08 - 2014-05-22 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 10:30 - 2013-12-19 18:20 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-07-24 10:30 - 2013-12-19 18:20 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-07-21 08:14 - 2014-07-08 09:22 - 00000000 ____D () C:\Program Files (x86)\Silkroad
2014-07-16 01:17 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Skype
2014-07-15 19:57 - 2014-07-15 19:57 - 00000000 ____D () C:\Users\Kristina\Desktop\CenterBot
2014-07-15 19:53 - 2014-07-15 19:53 - 00000000 ____D () C:\Users\Kristina\DAVID
2014-07-15 10:24 - 2014-07-15 10:24 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\edxLabs
2014-07-13 12:51 - 2014-07-13 12:51 - 01283622 _____ () C:\Users\Kristina\Documents\[ISRO] CenterBot v1.23.rar
2014-07-12 11:05 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-12 10:50 - 2013-08-22 16:44 - 00511224 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-12 10:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:47 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-12 10:46 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-12 10:46 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-12 10:46 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-10 12:58 - 2014-02-24 14:24 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-09 16:49 - 2013-12-22 13:09 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 16:49 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 16:48 - 2013-12-22 13:09 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 16:37 - 2014-07-09 16:37 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-07-09 10:56 - 2014-07-09 10:56 - 00002533 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\Users\Kristina\AppData\Local\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Skype
2014-07-09 10:56 - 2014-07-09 10:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-07-09 10:32 - 2012-08-04 02:02 - 00000000 ____D () C:\SWSetup
2014-07-09 10:28 - 2014-06-13 22:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-08 19:11 - 2013-12-23 08:37 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 10:03 - 2014-07-08 10:03 - 00000000 ____D () C:\Users\Kristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Joymax
2014-07-08 07:41 - 2014-02-02 23:09 - 00126976 ___SH () C:\Users\Kristina\Desktop\Thumbs.db
2014-07-07 13:14 - 2013-12-17 21:55 - 00000841 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-07-07 13:14 - 2013-12-17 21:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-01 14:53 - 2014-02-24 08:19 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-07-01 08:55 - 2013-12-19 18:22 - 00000000 ____D () C:\Users\Kristina\Documents\HAUSHALT
Some content of TEMP:
====================
C:\Users\Kristina\AppData\Local\Temp\avgnt.exe
C:\Users\Kristina\AppData\Local\Temp\htmlayout.dll
C:\Users\Kristina\AppData\Local\Temp\Quarantine.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578988204.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578988600.exe
C:\Users\Kristina\AppData\Local\Temp\toolbar1578991084.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall-updater6119175.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579265584.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579266898.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579266992.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall1579267148.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall6127334.exe
C:\Users\Kristina\AppData\Local\Temp\uninstall6127366.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-24 11:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-07-2014 01
Ran by Kristina at 2014-07-31 16:06:20
Running from C:\Users\Kristina\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Disabled - Out of date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Disabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version: - Akamai Technologies, Inc)
ANNO 2070 (HKLM-x32\...\{B48E264C-C8CD-4617-B0BE-46E977BAD694}) (Version: 1.0.0.0 - Ubisoft)
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
B109a-m (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
Battlefield Heroes (HKLM-x32\...\{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}) (Version: - EA Digital illusions)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - CutePDF.com)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.5.6902 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.2.4128 - CyberLink Corp.)
Cyberlink PhotoDirector (x32 Version: 3.0.2.4128 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.4.3021 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.4.3021 - CyberLink Corp.) Hidden
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3305 - CyberLink Corp.)
CyberLink PowerDVD 12 (x32 Version: 12.0.2.3305 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.1.2922 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 5.0.1.2922 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Fotosizer 2.08 (HKLM-x32\...\Fotosizer) (Version: 2.08.0.545 - Fotosizer.com)
Free YouTube to MP3 Converter version 3.12.19.1219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.19.1219 - DVDVideoSoft Ltd.)
Goat Simulator (HKLM-x32\...\Steam App 265930) (Version: - Coffee Stain Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 36.0.1985.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{07F6DC37-0857-4B68-A675-4E35989E85E3}) (Version: 6.0.15.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKCU\...\HPConnectedMusic) (Version: 1.1 (build 112) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{394B14EA-B072-4440-9510-87797CB12371}) (Version: 2.20.21 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{61245005-66F1-4001-AEE8-2E2D36F65C28}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart B109a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{5AEA9B93-6C6A-4A0F-B2FA-BD8AA4C59B80}) (Version: 14.0 - HP)
HP Postscript Converter (Version: 4.0.4100 - Hewlett-Packard) Hidden
HP Quick Start (HKLM-x32\...\{BB27C290-AB30-4D9E-A5D1-88745AAE42E9}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Recovery Manager (x32 Version: 11.00 - Hewlett-Packard) Hidden
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6838.4521 - Hewlett-Packard)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{C88F84E5-AE23-44BD-922C-2ABEACACAF7A}) (Version: 7.2.23.56 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{23CCE784-A812-4647-AEFF-1DCCD4E57478}) (Version: 11.50.0000 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{F35EE4BC-95E1-4417-BA36-7C32FF24A59A}) (Version: 1.0.11 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
HP Utility Center (HKLM\...\{A48BD764-CFDF-40A5-A07A-710908044F5D}) (Version: 2.2.2 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{941DE69D-6CEE-4171-8F1F-3D7E352AA498}) (Version: 1.0.6.1 - Hewlett-Packard Company)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Icy Tower v1.5 (HKLM-x32\...\Icy Tower v1.5_is1) (Version: - Free Lunch Design)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.8.1.1000 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.66956 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.28.487.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 55 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417055FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Lemonade Inc. für Windows (HKLM-x32\...\Lemonade Inc. für Windows) (Version: - )
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1165.0612 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.5.0.28 - Symantec Corporation)
NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA Optimus 1.11.3 (Version: 1.11.3 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.65 (Version: 331.65 - NVIDIA Corporation) Hidden
NVIDIA Update 1.11.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.11.3 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.11.3 - NVIDIA Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.12.2807 - Electronic Arts, Inc.)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PS_AIO_06_B109a-m_SW_Min (x32 Version: 140.0.863.000 - Hewlett-Packard) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.990 - Even Balance, Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 1.1.9200.23 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7016 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RollerCoaster Tycoon 3 (HKLM-x32\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Silkroad (HKLM-x32\...\Silkroad) (Version: - )
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
South Park™: The Stick of Truth™ (HKLM-x32\...\Steam App 213670) (Version: - Obsidian Entertainment)
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.6.2 - Synaptics Incorporated)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1651834102-2589068299-2385328783-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Kristina\AppData\Local\Microsoft\SkyDrive\17.3.1165.0612\amd64\FileSyncApi64.dll (Microsoft Corporation)
==================== Restore Points =========================
31-07-2014 12:02:25 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2013-08-22 15:25 - 2013-08-22 15:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0544B624-8437-4A69-9477-9018B0169EF8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {068BB787-D748-4F7A-B98F-E6D33468F2B3} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {0A9553EB-EE16-450D-869C-184CC085D588} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {0FB75FAF-88E2-4491-9755-78D800DF2E4A} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-06-10] (Microsoft Corporation)
Task: {156FF334-82E5-4676-82B0-4832C4356798} - System32\Tasks\HPCeeScheduleForKristina => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {194B5541-820F-48E5-AA8B-A5728B5624B7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)
Task: {1A1E3B34-AA46-4429-A69C-640BE792154E} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {28896FF3-9298-408B-B329-7F1E5825E61A} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {37189418-64E2-45E7-A8E8-3B40A769493F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3D0B7C59-1AFD-463E-B8B2-E9A4A9979D36} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-03-21] (Hewlett-Packard)
Task: {49430173-85AF-48AA-A88E-0C5F5EECA228} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-17] (Google Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4A8BCCD5-D110-4025-BEED-1A3BBCFA925C} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\SymErr.exe [2013-06-04] (Symantec Corporation)
Task: {4D9A0153-2601-4607-BE36-5F4D5D0C0A04} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {55526BD5-72EA-447F-A5F3-6D23F704F0EA} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {55C38727-054F-4525-8F9A-C357ECBC8F13} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-07-09] (Microsoft Corporation)
Task: {5994E08E-9A69-4083-A8C3-995FE59AB7CE} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-09-10] (Hewlett-Packard Development Company, L.P.)
Task: {60C508B2-A95F-4658-81D1-E3980A923021} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-4 No Task File <==== ATTENTION
Task: {686B043E-6033-47E7-948C-42EDE864FF39} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1651834102-2589068299-2385328783-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {744EE101-6990-4DE7-8622-B0CD2328A63E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-08] (Adobe Systems Incorporated)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {84246348-A22D-4E2A-B6F2-BB9C673DC630} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis Install => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-06-07] (Hewlett-Packard Company)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9DD5AE44-172F-432C-AC9D-D9A2A425D5B1} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A0441E42-A93B-44A7-B979-1F3A5B71BC5F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DULLI-Kristina Dulli => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-06-03] (Microsoft Corporation)
Task: {A04CCF35-1211-41EE-81EE-CDDDE7A67995} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-5 No Task File <==== ATTENTION
Task: {BB22206A-4AC4-4A54-9699-8FDEE73C0068} - \16c2b2c8-5829-4bfa-af7d-a1070feef6a4-3 No Task File <==== ATTENTION
Task: {C885B3FC-3583-49FA-A790-E02F678EB734} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {CB45D076-5DBB-4D26-B8F3-20DEB77FCAF3} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.5.0.28\WSCStub.exe [2014-04-29] (Symantec Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D063E6AF-3FD7-4273-BEC2-C467218514A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {E966DE08-81ED-4710-A726-2ED65F6F671A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {F997D6CB-D00C-4DE6-B352-BA61615B10CC} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForKristina.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-10-27 10:03 - 2013-10-27 10:03 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2013-12-22 15:07 - 2013-10-23 10:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-05-18 13:39 - 2012-10-04 19:49 - 00087152 _____ () C:\WINDOWS\System32\cpwmon64.dll
2014-06-13 22:48 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-07-29 12:27 - 2014-07-29 15:06 - 00076888 _____ () C:\WINDOWS\SysWOW64\PnkBstrA.exe
2014-05-23 08:24 - 2014-05-23 08:25 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\ErrorReporting.dll
2013-12-26 11:23 - 2013-12-26 11:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-01 22:52 - 2012-05-30 08:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.5.0.28\wincfi39.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Kristina\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-07-31 13:18:47.044
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exe that did not meet the Store signing level requirements.
==================== Memory info ===========================
Percentage of memory in use: 14%
Total physical RAM: 12058.15 MB
Available physical RAM: 10266.46 MB
Total Pagefile: 13914.15 MB
Available Pagefile: 12161.18 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:909.79 GB) (Free:812.3 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:20.61 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (Sims3) (CDROM) (Total:5.56 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 932 GB) (Disk ID: 298DD091)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
01.08.2014, 11:43
| #4 |
| /// the machine /// TB-Ausbilder | Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite.ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Win 8: TR/Trash.Gen kommt immer wieder und "istart.websearch" als Google Chrome Startseite. |
| adware, akamai, antivir, antivirus, avira savings advisor, bonjour, browser, converter, device driver, dvdvideosoft ltd., failed, firefox, flash player, google, home, homepage, iexplore.exe, istart.webssearch, kommt immer wieder, mozilla, mp3, office 365, onedrive, problem, realtek, registry, security, sich automatisch, software, symantec, system, tower, trash.gen, trojaner, updates, virus, windows, windowsapps, windowsmangerprotect |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
