| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: DHL fake MailWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.08.2014, 22:44
| #1 |
| |  DHL fake Mail Hallo, ich habe kürzlich eine Mail welche vermeindlich von DHL kommt erhalten, wie sich herausstellte tut sie das wohl nicht. Da ich wirklich auf eine Sendung gewartet habe habe ich den Link zur Sendungsverfolgung angeklickt, den Anhang aber nicht geöffnet. Könnte ich mir trotzdem etwas eingefangen haben? gruß kla zur Kontrolle die Mail: Sehr geehrte Kundin, sehr geehrter Kunde, die für Sie bestimmte Sendung 00340434138422696188 wurde an DHL übergeben und wird voraussichtlich am 30.07.2014 zwischen 12:00 - 15:00 Uhr zugestellt. Weitere Informationen über den Sendungsstatus stehen Ihnen durch die direkte Statusabfrage über den folgenden Link zur Verfügung: Sendungsverfolgung Mit freundlichen Grüßen, Ihr DHL Team Diese Mail dient lediglich der Information und garantiert nicht die Zustellung der Sendung. Auf diese Mail kann nicht geantwortet werden. Ihre E-Mailadresse wird ausschließlich für die Paketankündigung der oben genannten Sendung genutzt und nicht zu werblichen Zwecken gespeichert. Sollten Sie die Paketankündigung nicht mehr beziehen wollen, klicken Sie bitte hier: DHL Benachrichtigungsservice Impressum Deutsche Post AG Vertreten durch den Vorstand Dr. Frank Appel, Vorsitz, Ken Allen, Roger Crook, Jürgen Gerdes, John Gilbert , Lawrence A. Rosen Handelsregister-Nr.: Registergericht Bonn HRB 6792, USt-IdNr.: DE 169838187 Charles-de-Gaulle-Straße 20, 53113 Bonn Website Kontakt Impressum © 2014 DHL FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014
Ran by Blau (administrator) on BLAU-PC on 02-08-2014 23:17:58
Running from C:\Users\Blau\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Windows\vsnpstd3.exe
(Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
(FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe
() C:\Gaming Mouse\Gaming Mouse.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Windows\FixCamera.exe
() C:\Windows\tsnpstd3.exe
() C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
(TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-04] (Realtek Semiconductor)
HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-03-25] (FNet Co., Ltd.)
HKLM-x32\...\Run: [Gaming Mouse] => C:\Gaming Mouse\Gaming Mouse.exe [1175552 2009-07-16] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH)
HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.)
HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] ()
HKLM-x32\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [835584 2007-05-10] ()
HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] ()
HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [zASRockInstantBoot] => [X]
HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2259568 2010-12-23] (Gainward Co.)
HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk
ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe ()
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:splashtopconnect
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD3A0CC1006ECCB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,en-US;q=0.5
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
URLSearchHook: HKCU - Splashtop Connect SearchHook - {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
SearchScopes: HKCU - DefaultScope {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/audiograbber/{BE2014C3-4E20-447E-A231-FAF7DF393287}?q={searchTerms}
SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH
SearchScopes: HKCU - {0AD09770-680D-4bb8-BD39-F5C46E775C5C} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms}
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} URL = hxxp://www.bigseekpro.com/search/browser/audiograbber/{BE2014C3-4E20-447E-A231-FAF7DF393287}?q={searchTerms}
SearchScopes: HKCU - {A1EBA153-6AF6-42a8-93DB-36F51772300A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Splashtop Connect VisualBookmark -> {0E5680D1-BF44-4929-94AF-FD30D784AD1D} -> C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
Tcpip\Parameters: [DhcpNameServer] 83.169.184.225 83.169.184.161
FireFox:
========
FF ProfilePath: C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096
FF DefaultSearchEngine: Google
FF Homepage: https://www.google.de
FF NetworkProxy: "http", "23.89.198.161"
FF NetworkProxy: "http_port", 8089
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blau\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27]
FF Extension: GlassMyFox - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2013-10-04]
FF Extension: NoScript - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-04]
FF Extension: Adblock Plus - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04]
FF Extension: DownThemAll! - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-11] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.)
R2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)
S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-03-26] (FNet Co., Ltd.)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-03-25] (FNet Co., Ltd.)
S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed]
S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed]
R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.)
S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (Sonix Co. Ltd.)
S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (Sonix Co. Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-26] (Duplex Secure Ltd.)
S1 SSHDRV59; C:\Windows\SysWOW64\drivers\SSHDRV59.sys [35840 2013-01-25] () [File not signed]
S3 TBPanel; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-02 23:17 - 2014-08-02 23:20 - 00019567 _____ () C:\Users\Blau\Desktop\FRST.txt
2014-08-02 23:17 - 2014-08-02 23:18 - 00000000 ____D () C:\FRST
2014-08-02 23:17 - 2014-08-02 11:06 - 02094080 _____ (Farbar) C:\Users\Blau\Desktop\FRST64.exe
2014-07-30 19:55 - 2014-07-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 16:26 - 2014-07-26 16:26 - 00000000 ____D () C:\Users\Blau\Desktop\New folder
2014-07-24 23:11 - 2014-07-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Webcam AC-150
2014-07-24 23:11 - 2007-10-16 10:36 - 10693120 _____ (Sonix Co. Ltd.) C:\Windows\system32\Drivers\snpstd3.sys
2014-07-24 23:11 - 2007-10-16 10:35 - 10376576 _____ (Sonix Co. Ltd.) C:\Windows\SysWOW64\Drivers\snpstd3.sys
2014-07-24 23:11 - 2007-07-23 18:04 - 00155648 _____ ( ) C:\Windows\SysWOW64\rsnpstd3.dll
2014-07-24 23:11 - 2007-07-23 17:54 - 00980480 _____ ( ) C:\Windows\system32\vsnpstd3.dll
2014-07-24 23:11 - 2007-07-23 17:52 - 00057344 _____ ( ) C:\Windows\SysWOW64\vsnpstd3.dll
2014-07-24 23:11 - 2007-07-11 16:09 - 00020480 _____ () C:\Windows\FixCamera.exe
2014-07-24 23:11 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnpstd3.exe
2014-07-24 23:11 - 2007-04-21 09:37 - 00270336 _____ () C:\Windows\tsnpstd3.exe
2014-07-24 23:11 - 2006-07-03 10:31 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe
2014-07-24 23:11 - 2005-11-23 13:55 - 00053248 _____ ( ) C:\Windows\csnpstd3.dll
2014-07-24 23:11 - 2005-11-22 20:40 - 00018944 _____ ( ) C:\Windows\system32\csnpstd3.dll
2014-07-24 23:11 - 2004-02-27 17:36 - 00015498 _____ () C:\Windows\snpstd3.ini
2014-07-24 23:11 - 2004-02-27 17:36 - 00013023 _____ () C:\Windows\snpstd3.src
2014-07-20 05:34 - 2014-07-20 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 05:34 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-20 05:34 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-20 05:34 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-20 05:34 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-20 05:33 - 2014-07-20 05:34 - 00004460 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-09 20:13 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-07-09 20:13 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-07-09 20:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-07-09 20:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-09 20:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-07-09 20:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-07-09 20:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-07-09 20:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-07-09 20:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-07-09 20:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-07-09 20:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-07-09 20:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-07-09 20:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-07-09 20:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-07-09 20:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-07-09 20:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-07-09 20:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-07-09 20:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-07-09 20:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-09 20:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-07-09 20:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-07-09 20:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-07-09 20:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-09 20:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-07-09 20:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-07-09 20:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-07-09 20:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-07-09 20:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-07-09 20:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-07-09 20:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-09 20:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-07-09 20:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-07-09 20:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-07-09 20:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-09 20:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-09 20:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-09 20:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-07-09 20:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-07-09 20:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-09 20:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-07-09 20:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-07-09 20:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-09 20:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-07-09 20:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-09 20:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-09 20:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-07-09 20:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-09 20:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-09 20:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-07-09 20:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-09 20:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-07-09 20:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-09 20:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-09 20:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-07-09 20:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-07-09 20:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-09 20:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-09 20:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-07-09 20:13 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-07-09 20:13 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-09 20:13 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-07-09 20:13 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-07-09 20:13 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-07-09 20:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-09 20:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-07-09 20:13 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-07-09 20:11 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-07-09 20:11 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-09 20:11 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-07 22:54 - 2014-07-07 22:54 - 00000011 _____ () C:\Users\Blau\Music.txt
2014-07-07 21:03 - 2014-07-07 21:03 - 00000000 ____D () C:\Users\Blau\Desktop\Andrea
2014-07-03 18:43 - 2014-07-03 18:43 - 00000000 __SHD () C:\Users\Blau\AppData\Local\EmieUserList
2014-07-03 18:43 - 2014-07-03 18:43 - 00000000 __SHD () C:\Users\Blau\AppData\Local\EmieSiteList
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-02 23:20 - 2014-08-02 23:17 - 00019567 _____ () C:\Users\Blau\Desktop\FRST.txt
2014-08-02 23:18 - 2014-08-02 23:17 - 00000000 ____D () C:\FRST
2014-08-02 23:14 - 2011-06-19 01:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1463A79-40B5-4CC6-A08A-2235CA442864}
2014-08-02 23:13 - 2014-03-14 15:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-02 19:43 - 2013-07-23 02:29 - 00000090 _____ () C:\Users\Blau\Kino.txt
2014-08-02 19:23 - 2009-07-14 06:45 - 00028064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-02 19:23 - 2009-07-14 06:45 - 00028064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-02 19:19 - 2011-03-26 13:07 - 01190330 _____ () C:\Windows\WindowsUpdate.log
2014-08-02 19:15 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-02 19:15 - 2009-07-14 06:51 - 00150752 _____ () C:\Windows\setupact.log
2014-08-02 11:06 - 2014-08-02 23:17 - 02094080 _____ (Farbar) C:\Users\Blau\Desktop\FRST64.exe
2014-08-01 16:25 - 2009-07-14 07:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-01 15:46 - 2014-02-01 18:03 - 00000771 _____ () C:\Users\Blau\Wohnungssuche.txt
2014-07-31 18:04 - 2012-04-27 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-30 22:12 - 2011-03-27 06:50 - 00000000 ____D () C:\Users\Blau\AppData\Roaming\Skype
2014-07-30 19:55 - 2014-07-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 17:49 - 2011-12-31 01:51 - 00000759 _____ () C:\Users\Blau\Filme to do.txt
2014-07-26 16:26 - 2014-07-26 16:26 - 00000000 ____D () C:\Users\Blau\Desktop\New folder
2014-07-25 00:14 - 2011-10-26 15:28 - 00000000 ____D () C:\ProgramData\Origin
2014-07-24 23:25 - 2011-06-17 03:53 - 00671744 ___SH () C:\Users\Blau\Desktop\Thumbs.db
2014-07-24 23:12 - 2011-07-30 01:43 - 00000000 ____D () C:\ProgramData\InstallShield
2014-07-24 23:11 - 2014-07-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Webcam AC-150
2014-07-24 23:11 - 2011-03-25 13:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-07-24 23:11 - 2009-07-14 04:34 - 00000461 _____ () C:\Windows\win.ini
2014-07-24 22:16 - 2012-05-19 01:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 22:16 - 2011-06-07 08:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-07-24 19:37 - 2013-03-14 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-07-24 18:45 - 2012-11-21 00:17 - 00000000 ____D () C:\Users\Blau\Arena_3
2014-07-22 19:07 - 2011-10-10 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-20 05:34 - 2014-07-20 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-07-20 05:34 - 2014-07-20 05:33 - 00004460 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log
2014-07-20 05:34 - 2013-10-19 20:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-07-20 05:34 - 2013-08-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Java
2014-07-19 21:24 - 2011-03-25 14:08 - 00000000 ____D () C:\Users\Blau\AppData\Local\CrashDumps
2014-07-19 16:09 - 2011-10-27 01:11 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-07-19 16:09 - 2011-06-05 08:37 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-19 16:08 - 2011-06-05 08:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-07-19 15:59 - 2011-10-26 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin
2014-07-17 00:16 - 2012-12-02 00:37 - 00002478 _____ () C:\Users\Blau\Filme Liste.txt
2014-07-15 20:57 - 2013-02-03 22:21 - 00000000 ____D () C:\Users\Blau\AppData\Roaming\TS3Client
2014-07-15 13:08 - 2013-08-05 17:22 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-11 16:03 - 2011-06-05 08:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-07-11 03:02 - 2014-07-20 05:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-07-11 02:56 - 2014-07-20 05:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-07-11 02:56 - 2014-07-20 05:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-07-11 02:55 - 2014-07-20 05:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-07-10 22:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-07-10 19:40 - 2011-03-25 13:19 - 00000000 ____D () C:\Users\Blau
2014-07-10 17:54 - 2011-03-25 13:31 - 00491202 _____ () C:\Windows\PFRO.log
2014-07-10 17:54 - 2009-07-14 06:45 - 00468616 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-07-09 23:40 - 2014-05-06 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-07-09 23:40 - 2009-07-14 09:47 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-07-09 22:43 - 2014-07-02 21:18 - 00000180 _____ () C:\Users\Blau\Camping.txt
2014-07-09 21:44 - 2013-08-11 15:58 - 00000000 ____D () C:\Windows\system32\MRT
2014-07-09 21:43 - 2011-03-27 00:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-09 20:44 - 2013-04-20 17:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-07-09 00:13 - 2014-03-14 15:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-07-09 00:13 - 2012-11-30 17:46 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-09 00:13 - 2012-11-30 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-08 19:51 - 2011-03-28 07:36 - 00000000 ___RD () C:\Users\Blau\Desktop\musik
2014-07-07 22:54 - 2014-07-07 22:54 - 00000011 _____ () C:\Users\Blau\Music.txt
2014-07-07 21:52 - 2011-05-13 02:01 - 00000000 ____D () C:\Users\Blau\Documents\Dokumente
2014-07-07 21:03 - 2014-07-07 21:03 - 00000000 ____D () C:\Users\Blau\Desktop\Andrea
2014-07-03 18:43 - 2014-07-03 18:43 - 00000000 __SHD () C:\Users\Blau\AppData\Local\EmieUserList
2014-07-03 18:43 - 2014-07-03 18:43 - 00000000 __SHD () C:\Users\Blau\AppData\Local\EmieSiteList
2014-07-03 18:13 - 2013-08-05 17:19 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Blau\AppData\Local\Temp\53e83dd5315bfb1f928441c9b4618b68.exe
C:\Users\Blau\AppData\Local\Temp\AskSLib.dll
C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe
C:\Users\Blau\AppData\Local\Temp\Audiograbber.exe
C:\Users\Blau\AppData\Local\Temp\avgnt.exe
C:\Users\Blau\AppData\Local\Temp\FFSetupSoftonic260.exe
C:\Users\Blau\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Blau\AppData\Local\Temp\installerdll1141677.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1142535.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1148728.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1154578.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1156731.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1339549.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1340578.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1346226.dll
C:\Users\Blau\AppData\Local\Temp\installerdll1370265.dll
C:\Users\Blau\AppData\Local\Temp\installerdll16960631.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19145924.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19154317.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19242816.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19252660.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19362235.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19363187.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19369973.dll
C:\Users\Blau\AppData\Local\Temp\installerdll19597251.dll
C:\Users\Blau\AppData\Local\Temp\installerdll2714214.dll
C:\Users\Blau\AppData\Local\Temp\installerdll2715384.dll
C:\Users\Blau\AppData\Local\Temp\installerdll271925.dll
C:\Users\Blau\AppData\Local\Temp\installerdll2723184.dll
C:\Users\Blau\AppData\Local\Temp\installerdll638933.dll
C:\Users\Blau\AppData\Local\Temp\installerdll666810.dll
C:\Users\Blau\AppData\Local\Temp\installerdll7955536.dll
C:\Users\Blau\AppData\Local\Temp\installerdll7956643.dll
C:\Users\Blau\AppData\Local\Temp\installerdll7962353.dll
C:\Users\Blau\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Blau\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Blau\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Blau\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Blau\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe
C:\Users\Blau\AppData\Local\Temp\nv3DVStreaming.dll
C:\Users\Blau\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Blau\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Blau\AppData\Local\Temp\nvStereoApiI.dll
C:\Users\Blau\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Blau\AppData\Local\Temp\nvStInst.exe
C:\Users\Blau\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Blau\AppData\Local\Temp\OriginLauncher1141677.exe
C:\Users\Blau\AppData\Local\Temp\OriginLauncher1339549.exe
C:\Users\Blau\AppData\Local\Temp\OriginLauncher19362235.exe
C:\Users\Blau\AppData\Local\Temp\OriginLauncher2714214.exe
C:\Users\Blau\AppData\Local\Temp\OriginLauncher7955536.exe
C:\Users\Blau\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Blau\AppData\Local\Temp\rootsupd.exe
C:\Users\Blau\AppData\Local\Temp\Setup.exe
C:\Users\Blau\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Blau\AppData\Local\Temp\sonarinst.exe
C:\Users\Blau\AppData\Local\Temp\ubi6475.tmp.exe
C:\Users\Blau\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Blau\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Blau\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Blau\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Blau\AppData\Local\Temp\ydetect.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-28 19:09
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-08-2014
Ran by Blau at 2014-08-02 23:20:26
Running from C:\Users\Blau\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.3.133 - Adobe Systems, Inc.)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Allgemeine Runtime Files (x86) (HKLM\...\{1F6D1DB5-82B5-41A4-85A2-0A382C142A35}_is1) (Version: 1.0.3.2 - Sereby Corporation)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
ASRock App Charger v1.0.4 (HKLM\...\ASRock App Charger_is1) (Version: - ASRock Inc.)
ASRock eXtreme Tuner v0.1.54 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock InstantBoot v1.26 (HKLM-x32\...\ASRock InstantBoot_is1) (Version: - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.5.464 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - )
Crysis®3 (HKLM-x32\...\{4198AE83-A3C6-4C41-85C8-EC63E990696E}) (Version: 1.0.0.0 - Electronic Arts)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
DirectX 9.0c Extra Files (x86, x64) (HKLM\...\{8729E65B-8C12-4A42-B1FE-E4DA7ED52855}_is1) (Version: 1.10.06.0 - Sereby Corporation)
DirectX for Managed Code (HKLM\...\{FDF7187F-3960-4BEC-916D-98C9A83E3A68}_is1) (Version: 1.0.0.0 - Sereby Corporation)
DolbyFiles (x32 Version: 0.1 - Nero AG) Hidden
EasySetPackage (HKLM-x32\...\{266725C1-716F-43AC-BBFB-4201131ED656}) (Version: 2.4 - LG Soft India)
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.96 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.96 - Etron Technology) Hidden
EXPERTool 7.16 (HKLM-x32\...\MySSID_is1) (Version: - Gainward Co., Ltd)
FormatFactory 2.60 (HKLM-x32\...\FormatFactory) (Version: 2.60 - Free Time)
Fresco Logic USB3.0 Host Controller (HKLM\...\{EA2EFBF6-7CFD-47A0-BECE-AFCB98428CFE}) (Version: 3.0.108.16 - Fresco Logic Inc.)
Gaming Mouse (HKLM-x32\...\Gaming Mouse 3) (Version: - )
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
GIMP 2.6.8 (HKLM\...\WinGimp-2.0_is1) (Version: - )
GPL Ghostscript (HKLM\...\GPL Ghostscript 9.10) (Version: 9.10 - Artifex Software Inc.)
Hama Webcam AC-150 (HKLM-x32\...\{ECD03DA7-5952-406A-8156-5F0C93618D1F}) (Version: Hama Webcam AC-150 - Sonix)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.650 - Oracle)
Java Auto Updater (x32 Version: 2.1.65.20 - Oracle, Inc.) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.3.188.0 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 - de-de (HKLM\...\ProPlusRetail - de-de) (Version: 15.0.4631.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM-x32\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (x32 Version: 2.0.50727 - Microsoft Corporation) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.4 - F.J. Wechselberger)
Nero 9 Essentials (HKLM-x32\...\{139e07ef-ac8c-4bb6-bee2-5176f0e43b41}) (Version: - Nero AG)
Nero BurnRights (x32 Version: 3.4.13.100 - Nero AG) Hidden
Nero BurnRights Help (x32 Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 9.0.0.1 - Nero AG) Hidden
Nero CoverDesigner (x32 Version: 4.4.15.100 - Nero AG) Hidden
Nero CoverDesigner Help (x32 Version: 4.4.9.100 - Nero AG) Hidden
Nero Disc Copy Gadget (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero Disc Copy Gadget Help (x32 Version: 2.4.34.0 - Nero AG) Hidden
Nero DiscSpeed (x32 Version: 5.4.13.100 - Nero AG) Hidden
Nero DiscSpeed Help (x32 Version: 5.4.4.100 - Nero AG) Hidden
Nero DriveSpeed (x32 Version: 4.4.12.100 - Nero AG) Hidden
Nero DriveSpeed Help (x32 Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (x32 Version: 9.4.27.100 - Nero AG) Hidden
Nero InfoTool (x32 Version: 6.4.12.100 - Nero AG) Hidden
Nero InfoTool Help (x32 Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (x32 Version: 4.4.9.0 - Nero AG) Hidden
Nero Online Upgrade (x32 Version: 1.3.0.0 - Nero AG) Hidden
Nero PhotoSnap (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero PhotoSnap Help (x32 Version: 2.4.28.0 - Nero AG) Hidden
Nero Recode (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero Recode Help (x32 Version: 4.4.38.1 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.0.100 - Nero AG) Hidden
Nero ShowTime (x32 Version: 5.4.24.100 - Nero AG) Hidden
Nero StartSmart (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart Help (x32 Version: 9.4.19.100 - Nero AG) Hidden
Nero StartSmart OEM (x32 Version: 9.4.10.100 - Nero AG) Hidden
Nero Vision (x32 Version: 6.4.16.100 - Nero AG) Hidden
Nero Vision Help (x32 Version: 6.4.15.100 - Nero AG) Hidden
NeroExpress (x32 Version: 9.4.27.100 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
No23 Recorder (HKLM-x32\...\{22B0E143-2B0B-435B-9F56-136A3D16065F}) (Version: 2.1.0.3 - No23)
NVIDIA Control Panel 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4631.1002 - Microsoft Corporation) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 8.5.0.4550 - Electronic Arts, Inc.)
PDF24 Creator 6.1.0 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Peggle (HKLM-x32\...\{715AD72D-887A-459E-988B-D4F3E87FA24B}) (Version: 1.04.0.0 - PopCap Games)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version: - )
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.23.623.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6363 - Realtek Semiconductor Corp.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Splashtop Connect IE (HKLM-x32\...\{F9F5EF72-18CF-4DCF-A721-EC86B94DAC46}) (Version: 1.1.12.1 - Splashtop Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Total War: SHOGUN 2 (HKLM-x32\...\Steam App 34330) (Version: - The Creative Assembly)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (01/19/2011 1.0.0009.0) (HKLM\...\4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20) (Version: 01/19/2011 1.0.0009.0 - Western Digital Technologies)
WinPcap 4.1.1 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.1753 - CACE Technologies)
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Worms 4 Mayhem (HKLM-x32\...\{45E7C481-3EF4-4FCB-AF0B-19F70D618F0C}) (Version: 1.00.0000 - Codemasters)
XFastUsb (HKLM-x32\...\XFastUsb) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
15-07-2014 11:07:42 Windows Update
18-07-2014 17:11:02 Windows Update
20-07-2014 03:32:57 Installed Java 7 Update 65
22-07-2014 15:57:06 Windows Update
24-07-2014 17:35:50 Windows Update
24-07-2014 21:11:06 Installiert Hama Webcam AC-150
24-07-2014 21:11:37 Device Driver Package Install: Sonix Imaging devices
29-07-2014 16:09:26 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {008D9126-0C3C-41A1-898F-7F2B461C045C} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {18EC1A91-1DE7-468C-925B-0195338581A5} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {1AE49BCA-4321-4E65-8F78-231888989F28} - System32\Tasks\{A9A59C7B-2873-4F4B-B3D0-D2772FD43480} => C:\Program Files (x86)\Skype\\Phone\Skype.exe [2014-05-08] (Skype Technologies S.A.)
Task: {71375DAB-2341-493A-99C4-00D49F044CAC} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {83320B8E-07C0-44CA-AA73-E936840AE057} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8A30994C-8238-4BFE-BAE1-D7C4F0D84AC4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-09] (Adobe Systems Incorporated)
Task: {988069E0-998B-430F-B4C0-8F170DD415E0} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2014-05-20] (Microsoft Corporation)
Task: {BBC55892-D323-431D-8446-282AE921845E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {BBF78439-F104-4942-A132-AF17F2DA4EB6} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CC2840A9-7F5F-471B-829D-7D262669FED1} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {D967F727-94F7-4210-9BA5-201FBE9FA704} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-06-19] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-02-11 22:07 - 2013-12-19 20:53 - 00117536 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-03-20 20:30 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2011-06-05 08:37 - 2014-07-11 16:03 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2011-07-30 01:43 - 2009-12-05 02:15 - 00062976 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK64.dll
2014-07-24 23:11 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnpstd3.exe
2011-07-30 01:43 - 2009-12-22 21:30 - 00159744 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe
2009-07-16 05:07 - 2009-07-16 05:07 - 01175552 _____ () C:\Gaming Mouse\Gaming Mouse.exe
2014-07-24 23:11 - 2007-07-11 16:09 - 00020480 _____ () C:\Windows\FixCamera.exe
2014-07-24 23:11 - 2007-04-21 09:37 - 00270336 _____ () C:\Windows\tsnpstd3.exe
2011-07-30 01:43 - 2009-12-22 21:31 - 00024576 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe
2011-03-25 14:00 - 1998-10-31 19:55 - 00005120 _____ () C:\Program Files (x86)\EXPERTool\TBManage.dll
2011-07-30 01:43 - 2009-12-22 21:30 - 00057344 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\HOOK.dll
2011-07-30 01:43 - 2009-12-22 21:30 - 00012288 _____ () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\GerRes.dll
2014-07-30 19:55 - 2014-07-30 19:55 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Blau^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: AmazonMP3DownloaderHelper => C:\Users\Blau\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: SmartViewAgent => "C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe"
MSCONFIG\startupreg: STCAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"
MSCONFIG\startupreg: ZyngaGamesAgent => "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/01/2014 05:55:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/31/2014 07:23:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/30/2014 07:28:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/29/2014 07:03:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/28/2014 07:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/28/2014 06:23:39 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: The backup did not complete because of an error writing to the backup location B:\. The error is: The last backup was not successful because the backup location has a corrupted file system. (0x81000008).
Error: (07/25/2014 05:01:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/24/2014 11:25:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/24/2014 11:25:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (07/21/2014 07:22:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (08/02/2014 07:15:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (08/01/2014 03:30:57 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/31/2014 06:03:59 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/30/2014 06:49:51 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/29/2014 06:04:37 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/28/2014 06:13:33 PM) (Source: Ntfs) (EventID: 55) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume F:.
Error: (07/28/2014 06:13:25 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/27/2014 10:03:12 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/26/2014 03:16:14 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Error: (07/25/2014 10:38:11 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\SSHDRV59.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
Microsoft Office Sessions:
=========================
Error: (08/01/2014 05:55:11 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/31/2014 07:23:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/30/2014 07:28:24 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/29/2014 07:03:48 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/28/2014 07:12:25 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/28/2014 06:23:39 PM) (Source: Windows Backup) (EventID: 4103) (User: )
Description: B:\The last backup was not successful because the backup location has a corrupted file system. (0x81000008)
Error: (07/25/2014 05:01:54 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/24/2014 11:25:30 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/24/2014 11:25:29 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
Error: (07/21/2014 07:22:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest
CodeIntegrity Errors:
===================================
Date: 2011-03-28 07:35:27.131
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Blau\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-03-28 07:35:27.131
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Users\Blau\AppData\Local\Temp\EverestDriver.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-03-28 07:35:26.600
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
Date: 2011-03-28 07:35:26.585
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64 because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
==================== Memory info ===========================
Percentage of memory in use: 29%
Total physical RAM: 8174.7 MB
Available physical RAM: 5790.39 MB
Total Pagefile: 16347.59 MB
Available Pagefile: 13910.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive b: (System Backup) (Fixed) (Total:300 GB) (Free:94.15 GB) NTFS
Drive c: () (Fixed) (Total:297.99 GB) (Free:106.44 GB) NTFS
Drive f: (Extern Disk) (Fixed) (Total:165.73 GB) (Free:130.95 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8117CEAC)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 00038A56)
Partition 1: (Active) - (Size=166 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=300 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-03 00:04:55
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 WDC_WD3200AAKS-22L6A0 rev.01.03E01 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Blau\AppData\Local\Temp\kxldqpog.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 662 fffff800033b2086 11 bytes [EC, 10, 50, 9C, 6A, 10, 48, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 674 fffff800033b2092 5 bytes [00, 50, B8, 76, 01]
---- User code sections - GMER 2.1 ----
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000072071a22 2 bytes [07, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000072071ad0 2 bytes [07, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000072071b08 2 bytes [07, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000072071bba 2 bytes [07, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000072071bda 2 bytes [07, 72]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1876] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
.text C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000759b1465 2 bytes [9B, 75]
.text C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe[3016] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000759b14bb 2 bytes [9B, 75]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\atapi \Device\Ide\IdePort0 fffffa80072ff2c0
Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-5 fffffa80072ff2c0
Device \Driver\atapi \Device\Ide\IdePort1 fffffa80072ff2c0
Device \Driver\atapi \Device\Ide\IdePort2 fffffa80072ff2c0
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa80072ff2c0
Device \Driver\atapi \Device\Ide\IdePort3 fffffa80072ff2c0
Device \FileSystem\Ntfs \Ntfs fffffa80073032c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{73C12C07-CDAF-4EE4-9AE5-5ED81B28261A} fffffa8007eeb2c0
Device \Driver\USBSTOR \Device\00000078 fffffa8008b032c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa80081332c0
Device \Driver\cdrom \Device\CdRom0 fffffa8007b802c0
Device \Driver\USBSTOR \Device\00000079 fffffa8008b032c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa80081332c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa80081332c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8007eeb2c0
Device \Driver\USBSTOR \Device\00000077 fffffa8008b032c0
Device \Driver\atapi \Device\ScsiPort0 fffffa80072ff2c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa80081332c0
Device \Driver\atapi \Device\ScsiPort1 fffffa80072ff2c0
Device \Driver\atapi \Device\ScsiPort2 fffffa80072ff2c0
Device \Driver\atapi \Device\ScsiPort3 fffffa80072ff2c0
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80072ff2c0]<< sptd.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys fffffa80072ff2c0
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab6060] fffffa8007ab6060
Trace 3 CLASSPNP.SYS[fffff880013cf43f] -> nt!IofCallDriver -> [0xfffffa80077f0d10] fffffa80077f0d10
Trace 5 ACPI.sys[fffff88000c0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-1[0xfffffa8007805060] fffffa8007805060
Trace \Driver\atapi[0xfffffa800744bb20] -> IRP_MJ_CREATE -> 0xfffffa80072ff2c0 fffffa80072ff2c0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xA5 0x4E 0x0E ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDA 0x18 0x71 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x5A 0x5C 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0xA5 0x4E 0x0E ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xDA 0x18 0x71 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x55 0x5A 0x5C 0x52 ...
---- EOF - GMER 2.1 ----
Geändert von kla (02.08.2014 um 23:17 Uhr) |
|
03.08.2014, 01:50
| #2 |
| /// TB-Ausbilder   | DHL fake Mail Hallo kla
__________________ Mein Name ist Timo und ich werde Dir bei deinem Problem behilflich sein.
 Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist immer der sicherste Weg. Wir "arbeiten" hier alle freiwillig und in unserer Freizeit *hust*. Daher kann es bei Antworten zu Verzögerungen kommen. Solltest du innerhalb 48 Std keine Antwort von mir erhalten, dann schreib mit eine PM Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis ich oder jemand vom Team sagt, dass Du clean bist. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Schritt 3 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 4 Starte noch einmal FRST.
|
|
03.08.2014, 20:17
| #3 |
| | DHL fake Mail Danke das du dich dem Problem annimmst.
__________________Code:
ATTFilter # AdwCleaner v3.302 - Report created 03/08/2014 at 20:13:25
# Updated 30/07/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Blau - BLAU-PC
# Running from : C:\Users\Blau\Desktop\adwcleaner_3.302.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : SCBackService
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\DeviceVM
Folder Deleted : C:\ProgramData\ICQ\ICQToolbar
Folder Deleted : C:\Users\Blau\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Blau\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\Blau\AppData\Roaming\DeviceVM
***** [ Scheduled Tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Key Deleted : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink
Key Deleted : HKLM\SOFTWARE\Classes\STC.FBServiceAPPEventsSink.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu
Key Deleted : HKLM\SOFTWARE\Classes\STC.OptionMenu.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STC.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark
Key Deleted : HKLM\SOFTWARE\Classes\STC.VisualBookmark.1
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject
Key Deleted : HKLM\SOFTWARE\Classes\STC.WebObject.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.BHOHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.FBServiceAPP.1
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol
Key Deleted : HKLM\SOFTWARE\Classes\STCHelper.Protocol.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_origin_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_origin_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\Myfree Codec
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\powerpack
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\ICQ\ICQToolbar
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17207
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v31.0 (x86 de)
[ File : C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\prefs.js ]
*************************
AdwCleaner[R0].txt - [9579 octets] - [03/08/2014 20:12:38]
AdwCleaner[S0].txt - [9119 octets] - [03/08/2014 20:13:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9179 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Blau on 03.08.2014 at 20:19:42,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully stopped: [Service] wcuservice_stc_ie
Successfully deleted: [Service] wcuservice_stc_ie
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2220639255-1590196800-3861590088-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Emptied folder: C:\Users\Blau\AppData\Roaming\mozilla\firefox\profiles\dj06k8mh.default-1380897872096\minidumps [47 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.08.2014 at 20:24:15,87
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 03.08.2014 Scan Time: 20:42:39 Logfile: Mbam.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.03.06 Rootkit Database: v2014.08.01.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Blau Scan Type: Threat Scan Result: Completed Objects Scanned: 299326 Time Elapsed: 8 min, 23 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.OpenCandy, C:\Users\Blau\AppData\Local\Temp\53e83dd5315bfb1f928441c9b4618b68.exe, Quarantined, [072b2b976318c6700bc4c122996b0df3], Physical Sectors: 0 (No malicious items detected) (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-08-2014 Ran by Blau (administrator) on BLAU-PC on 03-08-2014 21:08:40 Running from C:\Users\Blau\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe () C:\Windows\vsnpstd3.exe (Gainward Co.) C:\Program Files (x86)\EXPERTool\TBPANEL.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe (FNet Co., Ltd.) C:\Program Files (x86)\XFastUsb\XFastUsb.exe () C:\Gaming Mouse\Gaming Mouse.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe () C:\Windows\FixCamera.exe () C:\Windows\tsnpstd3.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe () C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\TestDDCCI.exe (TODO: <Company name>) C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\ESP64Proxy.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\ipmgui.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RunDLLEntry] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\AmbRunE.dll,RunDLLEntry HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11842152 2011-05-04] (Realtek Semiconductor) HKLM\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [835584 2007-05-10] () HKLM-x32\...\Run: [XFastUsb] => C:\Program Files (x86)\XFastUsb\XFastUsb.exe [4942336 2011-03-25] (FNet Co., Ltd.) HKLM-x32\...\Run: [Gaming Mouse] => C:\Gaming Mouse\Gaming Mouse.exe [1175552 2009-07-16] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [186408 2013-12-06] (Geek Software GmbH) HKLM-x32\...\Run: [STCAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe [776064 2011-01-21] (Splashtop Inc.) HKLM-x32\...\Run: [ZyngaGamesAgent] => C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe [841544 2010-11-15] (Splashtop Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [FixCamera] => C:\Windows\FixCamera.exe [20480 2007-07-11] () HKLM-x32\...\Run: [snpstd3] => C:\Windows\vsnpstd3.exe [835584 2007-05-10] () HKLM-x32\...\Run: [tsnpstd3] => C:\Windows\tsnpstd3.exe [270336 2007-04-21] () HKU\.DEFAULT\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000 HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [ASRockXTU] => [X] HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [zASRockInstantBoot] => [X] HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [GAINWARD] => C:\Program Files (x86)\EXPERTool\TBPanel.exe [2259568 2010-12-23] (Gainward Co.) HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-2220639255-1590196800-3861590088-1000\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\EasySetPackage.lnk ShortcutTarget: EasySetPackage.lnk -> C:\Program Files (x86)\LG Soft India\EasySetPackage\bin\EasySetPackage.exe () ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xD3A0CC1006ECCB01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,en-US;q=0.5 SearchScopes: HKCU - ToolbarSearchProviderProgress {96bd48dd-741b-41ae-ac4a-aff96ba00f7e} SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SPLEP1&pc=SPLH SearchScopes: HKCU - {0AD09770-680D-4bb8-BD39-F5C46E775C5C} URL = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A6976579318&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A6976579318&q={searchTerms} SearchScopes: HKCU - {A1EBA153-6AF6-42a8-93DB-36F51772300A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=ASRK BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File Tcpip\Parameters: [DhcpNameServer] 83.169.184.225 83.169.184.161 FireFox: ======== FF ProfilePath: C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096 FF DefaultSearchEngine: Google FF Homepage: https://www.google.de FF NetworkProxy: "http", "23.89.198.161" FF NetworkProxy: "http_port", 8089 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn/esnlaunch,version=1.102.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.102.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.110.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.118.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll No File FF Plugin-x32: @esn/npbattlelog,version=2.4.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Blau\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFFICE.DLL (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: WOT - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-27] FF Extension: GlassMyFox - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\GlassMyFox@ArisT2_Noia4dev.xpi [2013-10-04] FF Extension: NoScript - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-10-04] FF Extension: Adblock Plus - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-04] FF Extension: DownThemAll! - C:\Users\Blau\AppData\Roaming\Mozilla\Firefox\Profiles\dj06k8mh.default-1380897872096\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-10-04] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-03] (Avira Operations GmbH & Co. KG) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2356408 2014-06-19] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76152 2014-07-11] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2009-10-20] (CACE Technologies, Inc.) S2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-06-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider) R3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [31808 2011-03-26] (FNet Co., Ltd.) R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [15936 2011-03-25] (FNet Co., Ltd.) S3 LGDDCDevice; C:\Windows\SysWOW64\LGI2CDriver.sys [16384 2009-12-22] (LG Soft India) [File not signed] S3 LGII2CDevice; C:\Windows\SysWOW64\LGPII2CDriver.sys [19456 2009-12-22] (LG Soft India) [File not signed] R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-03] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [47632 2009-10-20] (CACE Technologies, Inc.) S3 SNPSTD3; C:\Windows\System32\DRIVERS\snpstd3.sys [10693120 2007-10-16] (Sonix Co. Ltd.) S3 SNPSTD3; C:\Windows\SysWOW64\DRIVERS\snpstd3.sys [10376576 2007-10-16] (Sonix Co. Ltd.) R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-26] (Duplex Secure Ltd.) S1 SSHDRV59; C:\Windows\SysWOW64\drivers\SSHDRV59.sys [35840 2013-01-25] () [File not signed] S3 TBPanel; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 21:08 - 2014-08-03 21:08 - 00018884 _____ () C:\Users\Blau\Desktop\FRST.txt 2014-08-03 21:08 - 2014-08-03 21:08 - 00001168 _____ () C:\Users\Blau\Desktop\Mbam.txt 2014-08-03 20:41 - 2014-08-03 21:04 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 20:40 - 2014-08-03 20:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-03 20:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-03 20:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-03 20:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-03 20:24 - 2014-08-03 20:24 - 00001658 _____ () C:\Users\Blau\Desktop\JRT.txt 2014-08-03 20:19 - 2014-08-03 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 20:18 - 2014-08-03 20:13 - 00009303 _____ () C:\Users\Blau\Desktop\AdwCleaner[S0].txt 2014-08-03 20:12 - 2014-08-03 20:13 - 00000000 ____D () C:\AdwCleaner 2014-08-03 20:11 - 2014-08-03 20:11 - 00003549 _____ () C:\Users\Blau\Desktop\1.txt 2014-08-03 20:06 - 2014-08-03 20:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Blau\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-03 20:06 - 2014-08-03 20:06 - 01361309 _____ () C:\Users\Blau\Desktop\adwcleaner_3.302.exe 2014-08-03 20:06 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\Blau\Desktop\JRT.exe 2014-08-03 20:00 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll 2014-08-03 20:00 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe 2014-08-03 20:00 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll 2014-08-03 20:00 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll 2014-08-03 19:59 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll 2014-08-03 19:59 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll 2014-08-03 19:59 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll 2014-08-03 19:59 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll 2014-08-03 19:59 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll 2014-08-03 19:59 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll 2014-08-03 19:59 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll 2014-08-03 19:59 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll 2014-08-03 19:59 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe 2014-08-03 19:59 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe 2014-08-02 23:55 - 2014-08-02 23:55 - 00380416 _____ () C:\Users\Blau\Desktop\Gmer-19357.exe 2014-08-02 23:17 - 2014-08-03 21:08 - 00000000 ____D () C:\FRST 2014-08-02 23:17 - 2014-08-02 11:06 - 02094080 _____ (Farbar) C:\Users\Blau\Desktop\FRST64.exe 2014-07-30 19:55 - 2014-07-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-26 16:26 - 2014-07-26 16:26 - 00000000 ____D () C:\Users\Blau\Desktop\New folder 2014-07-24 23:11 - 2014-07-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Webcam AC-150 2014-07-24 23:11 - 2007-10-16 10:36 - 10693120 _____ (Sonix Co. Ltd.) C:\Windows\system32\Drivers\snpstd3.sys 2014-07-24 23:11 - 2007-10-16 10:35 - 10376576 _____ (Sonix Co. Ltd.) C:\Windows\SysWOW64\Drivers\snpstd3.sys 2014-07-24 23:11 - 2007-07-23 18:04 - 00155648 _____ ( ) C:\Windows\SysWOW64\rsnpstd3.dll 2014-07-24 23:11 - 2007-07-23 17:54 - 00980480 _____ ( ) C:\Windows\system32\vsnpstd3.dll 2014-07-24 23:11 - 2007-07-23 17:52 - 00057344 _____ ( ) C:\Windows\SysWOW64\vsnpstd3.dll 2014-07-24 23:11 - 2007-07-11 16:09 - 00020480 _____ () C:\Windows\FixCamera.exe 2014-07-24 23:11 - 2007-05-10 13:18 - 00835584 _____ () C:\Windows\vsnpstd3.exe 2014-07-24 23:11 - 2007-04-21 09:37 - 00270336 _____ () C:\Windows\tsnpstd3.exe 2014-07-24 23:11 - 2006-07-03 10:31 - 00094208 _____ (Microsoft Corporation) C:\Windows\amcap.exe 2014-07-24 23:11 - 2005-11-23 13:55 - 00053248 _____ ( ) C:\Windows\csnpstd3.dll 2014-07-24 23:11 - 2005-11-22 20:40 - 00018944 _____ ( ) C:\Windows\system32\csnpstd3.dll 2014-07-24 23:11 - 2004-02-27 17:36 - 00015498 _____ () C:\Windows\snpstd3.ini 2014-07-24 23:11 - 2004-02-27 17:36 - 00013023 _____ () C:\Windows\snpstd3.src 2014-07-20 05:34 - 2014-07-20 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-20 05:34 - 2014-07-11 03:02 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-20 05:34 - 2014-07-11 02:56 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-20 05:34 - 2014-07-11 02:56 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-20 05:34 - 2014-07-11 02:55 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-20 05:33 - 2014-07-20 05:34 - 00004460 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-09 20:13 - 2014-06-30 04:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-07-09 20:13 - 2014-06-30 04:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-07-09 20:13 - 2014-06-20 22:14 - 00266424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-07-09 20:13 - 2014-06-20 21:39 - 00240824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-07-09 20:13 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-07-09 20:13 - 2014-06-19 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-07-09 20:13 - 2014-06-19 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-07-09 20:13 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-07-09 20:13 - 2014-06-19 02:42 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-07-09 20:13 - 2014-06-19 02:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-07-09 20:13 - 2014-06-19 02:41 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-07-09 20:13 - 2014-06-19 02:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-07-09 20:13 - 2014-06-19 02:32 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-07-09 20:13 - 2014-06-19 02:31 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-07-09 20:13 - 2014-06-19 02:26 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-07-09 20:13 - 2014-06-19 02:24 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-07-09 20:13 - 2014-06-19 02:24 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-07-09 20:13 - 2014-06-19 02:23 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-07-09 20:13 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-07-09 20:13 - 2014-06-19 02:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-07-09 20:13 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-07-09 20:13 - 2014-06-19 01:59 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-07-09 20:13 - 2014-06-19 01:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-07-09 20:13 - 2014-06-19 01:53 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-07-09 20:13 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-07-09 20:13 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-07-09 20:13 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-07-09 20:13 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-07-09 20:13 - 2014-06-19 01:38 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-07-09 20:13 - 2014-06-19 01:37 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-07-09 20:13 - 2014-06-19 01:36 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-07-09 20:13 - 2014-06-19 01:35 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-07-09 20:13 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-07-09 20:13 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-07-09 20:13 - 2014-06-19 01:28 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-07-09 20:13 - 2014-06-19 01:28 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-07-09 20:13 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-07-09 20:13 - 2014-06-19 01:27 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-07-09 20:13 - 2014-06-19 01:25 - 00442368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-07-09 20:13 - 2014-06-19 01:23 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-07-09 20:13 - 2014-06-19 01:22 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-07-09 20:13 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-07-09 20:13 - 2014-06-19 01:06 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-07-09 20:13 - 2014-06-19 01:01 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-07-09 20:13 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-07-09 20:13 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-07-09 20:13 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-07-09 20:13 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-07-09 20:13 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-07-09 20:13 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-07-09 20:13 - 2014-06-19 00:46 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-07-09 20:13 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-07-09 20:13 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-07-09 20:13 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-07-09 20:13 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-07-09 20:13 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-07-09 20:13 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-07-09 20:13 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-07-09 20:13 - 2014-06-18 04:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-07-09 20:13 - 2014-06-18 03:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-07-09 20:13 - 2014-06-18 03:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-07-09 20:13 - 2014-06-06 12:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-07-09 20:13 - 2014-06-06 11:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-07-09 20:13 - 2014-05-30 10:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-07-09 20:13 - 2014-05-30 09:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-07-09 20:13 - 2014-05-30 08:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-07-09 20:11 - 2014-06-05 16:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-07-09 20:11 - 2014-06-05 16:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-07-09 20:11 - 2014-06-05 16:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-07-07 22:54 - 2014-07-07 22:54 - 00000011 _____ () C:\Users\Blau\Music.txt 2014-07-07 21:03 - 2014-07-07 21:03 - 00000000 ____D () C:\Users\Blau\Desktop\Andrea ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-03 21:09 - 2014-08-03 21:08 - 00018884 _____ () C:\Users\Blau\Desktop\FRST.txt 2014-08-03 21:08 - 2014-08-03 21:08 - 00001168 _____ () C:\Users\Blau\Desktop\Mbam.txt 2014-08-03 21:08 - 2014-08-02 23:17 - 00000000 ____D () C:\FRST 2014-08-03 21:06 - 2009-07-14 06:45 - 00028064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-03 21:06 - 2009-07-14 06:45 - 00028064 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-03 21:04 - 2014-08-03 20:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-03 20:58 - 2011-03-25 13:31 - 00491894 _____ () C:\Windows\PFRO.log 2014-08-03 20:58 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-03 20:58 - 2009-07-14 06:51 - 00150976 _____ () C:\Windows\setupact.log 2014-08-03 20:57 - 2011-03-26 13:07 - 01242710 _____ () C:\Windows\WindowsUpdate.log 2014-08-03 20:40 - 2014-08-03 20:40 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-03 20:40 - 2014-08-03 20:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-08-03 20:24 - 2014-08-03 20:24 - 00001658 _____ () C:\Users\Blau\Desktop\JRT.txt 2014-08-03 20:19 - 2014-08-03 20:19 - 00000000 ____D () C:\Windows\ERUNT 2014-08-03 20:13 - 2014-08-03 20:18 - 00009303 _____ () C:\Users\Blau\Desktop\AdwCleaner[S0].txt 2014-08-03 20:13 - 2014-08-03 20:12 - 00000000 ____D () C:\AdwCleaner 2014-08-03 20:13 - 2014-03-14 15:14 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-03 20:13 - 2011-03-27 00:56 - 00000000 ____D () C:\ProgramData\ICQ 2014-08-03 20:11 - 2014-08-03 20:11 - 00003549 _____ () C:\Users\Blau\Desktop\1.txt 2014-08-03 20:06 - 2014-08-03 20:06 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Blau\Desktop\mbam-setup-2.0.2.1012.exe 2014-08-03 20:06 - 2014-08-03 20:06 - 01361309 _____ () C:\Users\Blau\Desktop\adwcleaner_3.302.exe 2014-08-02 23:55 - 2014-08-02 23:55 - 00380416 _____ () C:\Users\Blau\Desktop\Gmer-19357.exe 2014-08-02 23:14 - 2011-06-19 01:53 - 00003918 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B1463A79-40B5-4CC6-A08A-2235CA442864} 2014-08-02 19:43 - 2013-07-23 02:29 - 00000090 _____ () C:\Users\Blau\Kino.txt 2014-08-02 11:06 - 2014-08-02 23:17 - 02094080 _____ (Farbar) C:\Users\Blau\Desktop\FRST64.exe 2014-08-01 16:25 - 2009-07-14 07:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-01 15:46 - 2014-02-01 18:03 - 00000771 _____ () C:\Users\Blau\Wohnungssuche.txt 2014-07-31 18:04 - 2012-04-27 16:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-07-30 22:12 - 2011-03-27 06:50 - 00000000 ____D () C:\Users\Blau\AppData\Roaming\Skype 2014-07-30 19:55 - 2014-07-30 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-07-26 17:49 - 2011-12-31 01:51 - 00000759 _____ () C:\Users\Blau\Filme to do.txt 2014-07-26 16:26 - 2014-07-26 16:26 - 00000000 ____D () C:\Users\Blau\Desktop\New folder 2014-07-25 00:14 - 2011-10-26 15:28 - 00000000 ____D () C:\ProgramData\Origin 2014-07-24 23:25 - 2011-06-17 03:53 - 00671744 ___SH () C:\Users\Blau\Desktop\Thumbs.db 2014-07-24 23:12 - 2011-07-30 01:43 - 00000000 ____D () C:\ProgramData\InstallShield 2014-07-24 23:11 - 2014-07-24 23:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hama Webcam AC-150 2014-07-24 23:11 - 2011-03-25 13:25 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-07-24 23:11 - 2009-07-14 04:34 - 00000461 _____ () C:\Windows\win.ini 2014-07-24 22:16 - 2012-05-19 01:46 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-07-24 22:16 - 2011-06-07 08:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-07-24 19:37 - 2013-03-14 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 2014-07-24 18:45 - 2012-11-21 00:17 - 00000000 ____D () C:\Users\Blau\Arena_3 2014-07-22 19:07 - 2011-10-10 17:47 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-07-20 05:34 - 2014-07-20 05:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-07-20 05:34 - 2014-07-20 05:33 - 00004460 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_65-b20.log 2014-07-20 05:34 - 2013-10-19 20:42 - 00000000 ____D () C:\ProgramData\Oracle 2014-07-20 05:34 - 2013-08-05 17:31 - 00000000 ____D () C:\Program Files (x86)\Java 2014-07-19 21:24 - 2011-03-25 14:08 - 00000000 ____D () C:\Users\Blau\AppData\Local\CrashDumps 2014-07-19 16:09 - 2011-10-27 01:11 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr 2014-07-19 16:09 - 2011-06-05 08:37 - 00297088 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-07-19 16:08 - 2011-06-05 08:37 - 00280904 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-07-19 15:59 - 2011-10-26 15:49 - 00000000 ____D () C:\Program Files (x86)\Origin 2014-07-17 00:16 - 2012-12-02 00:37 - 00002478 _____ () C:\Users\Blau\Filme Liste.txt 2014-07-15 20:57 - 2013-02-03 22:21 - 00000000 ____D () C:\Users\Blau\AppData\Roaming\TS3Client 2014-07-15 13:08 - 2013-08-05 17:22 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2014-07-11 16:03 - 2011-06-05 08:37 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe 2014-07-11 03:02 - 2014-07-20 05:34 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-07-11 02:56 - 2014-07-20 05:34 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-07-11 02:56 - 2014-07-20 05:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-07-11 02:55 - 2014-07-20 05:34 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-07-10 22:23 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-07-10 19:40 - 2011-03-25 13:19 - 00000000 ____D () C:\Users\Blau 2014-07-10 17:54 - 2009-07-14 06:45 - 00468616 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-07-09 23:40 - 2014-05-06 17:50 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-07-09 23:40 - 2009-07-14 09:47 - 00000000 ____D () C:\Program Files\Windows Journal 2014-07-09 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-07-09 23:40 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-07-09 22:43 - 2014-07-02 21:18 - 00000180 _____ () C:\Users\Blau\Camping.txt 2014-07-09 21:44 - 2013-08-11 15:58 - 00000000 ____D () C:\Windows\system32\MRT 2014-07-09 21:43 - 2011-03-27 00:55 - 96441528 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-07-09 20:44 - 2013-04-20 17:02 - 00000000 ____D () C:\Program Files\Microsoft Office 15 2014-07-09 00:13 - 2014-03-14 15:14 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-07-09 00:13 - 2012-11-30 17:46 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-07-09 00:13 - 2012-11-30 17:46 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-07-08 19:51 - 2011-03-28 07:36 - 00000000 ___RD () C:\Users\Blau\Desktop\musik 2014-07-07 22:54 - 2014-07-07 22:54 - 00000011 _____ () C:\Users\Blau\Music.txt 2014-07-07 21:52 - 2011-05-13 02:01 - 00000000 ____D () C:\Users\Blau\Documents\Dokumente 2014-07-07 21:03 - 2014-07-07 21:03 - 00000000 ____D () C:\Users\Blau\Desktop\Andrea Some content of TEMP: ==================== C:\Users\Blau\AppData\Local\Temp\AskSLib.dll C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe C:\Users\Blau\AppData\Local\Temp\Audiograbber.exe C:\Users\Blau\AppData\Local\Temp\avgnt.exe C:\Users\Blau\AppData\Local\Temp\FFSetupSoftonic260.exe C:\Users\Blau\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Blau\AppData\Local\Temp\installerdll1141677.dll C:\Users\Blau\AppData\Local\Temp\installerdll1142535.dll C:\Users\Blau\AppData\Local\Temp\installerdll1148728.dll C:\Users\Blau\AppData\Local\Temp\installerdll1154578.dll C:\Users\Blau\AppData\Local\Temp\installerdll1156731.dll C:\Users\Blau\AppData\Local\Temp\installerdll1339549.dll C:\Users\Blau\AppData\Local\Temp\installerdll1340578.dll C:\Users\Blau\AppData\Local\Temp\installerdll1346226.dll C:\Users\Blau\AppData\Local\Temp\installerdll1370265.dll C:\Users\Blau\AppData\Local\Temp\installerdll16960631.dll C:\Users\Blau\AppData\Local\Temp\installerdll19145924.dll C:\Users\Blau\AppData\Local\Temp\installerdll19154317.dll C:\Users\Blau\AppData\Local\Temp\installerdll19242816.dll C:\Users\Blau\AppData\Local\Temp\installerdll19252660.dll C:\Users\Blau\AppData\Local\Temp\installerdll19362235.dll C:\Users\Blau\AppData\Local\Temp\installerdll19363187.dll C:\Users\Blau\AppData\Local\Temp\installerdll19369973.dll C:\Users\Blau\AppData\Local\Temp\installerdll19597251.dll C:\Users\Blau\AppData\Local\Temp\installerdll2714214.dll C:\Users\Blau\AppData\Local\Temp\installerdll2715384.dll C:\Users\Blau\AppData\Local\Temp\installerdll271925.dll C:\Users\Blau\AppData\Local\Temp\installerdll2723184.dll C:\Users\Blau\AppData\Local\Temp\installerdll638933.dll C:\Users\Blau\AppData\Local\Temp\installerdll666810.dll C:\Users\Blau\AppData\Local\Temp\installerdll7955536.dll C:\Users\Blau\AppData\Local\Temp\installerdll7956643.dll C:\Users\Blau\AppData\Local\Temp\installerdll7962353.dll C:\Users\Blau\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Blau\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\Blau\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Blau\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\Blau\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exe C:\Users\Blau\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Blau\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Blau\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\Blau\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Blau\AppData\Local\Temp\nvStereoApiI64.dll C:\Users\Blau\AppData\Local\Temp\nvStInst.exe C:\Users\Blau\AppData\Local\Temp\OfficeSetup.exe C:\Users\Blau\AppData\Local\Temp\OriginLauncher1141677.exe C:\Users\Blau\AppData\Local\Temp\OriginLauncher1339549.exe C:\Users\Blau\AppData\Local\Temp\OriginLauncher19362235.exe C:\Users\Blau\AppData\Local\Temp\OriginLauncher2714214.exe C:\Users\Blau\AppData\Local\Temp\OriginLauncher7955536.exe C:\Users\Blau\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\Blau\AppData\Local\Temp\Quarantine.exe C:\Users\Blau\AppData\Local\Temp\rootsupd.exe C:\Users\Blau\AppData\Local\Temp\Setup.exe C:\Users\Blau\AppData\Local\Temp\SkypeSetup.exe C:\Users\Blau\AppData\Local\Temp\sonarinst.exe C:\Users\Blau\AppData\Local\Temp\ubi6475.tmp.exe C:\Users\Blau\AppData\Local\Temp\vcredist_x64.exe C:\Users\Blau\AppData\Local\Temp\vcredist_x86.exe C:\Users\Blau\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe C:\Users\Blau\AppData\Local\Temp\xmlUpdater.exe C:\Users\Blau\AppData\Local\Temp\ydetect.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-28 19:09 ==================== End Of Log ============================ |
|
03.08.2014, 20:53
| #4 | |
| /// TB-Ausbilder | DHL fake Mail Bitte lasse die Dateien aus der Code-Box bei Virustotal überprüfen.
|
|
03.08.2014, 22:23
| #5 |
| | DHL fake Mail https://www.virustotal.com/de/file/4c4eff0387f5dd04934a0c55921aea9af7632ad9657df1a886125b45b0985213/analysis/1407100807/ https://www.virustotal.com/de/file/85f7f034e1ca7ce8804aed6109f25e87cfb61fc09d5cc7c2b7e9a1555c04587c/analysis/1407100958/ |
|
03.08.2014, 22:41
| #6 |
| /// TB-Ausbilder | DHL fake Mail ESET zur Kontrolle, der Scan dauert länger, teilweise mehrere Stunden. ESET Online Scanner
|
|
04.08.2014, 19:46
| #7 |
| | DHL fake MailCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b740e615f4fdc241a696006f12204d75
# engine=19494
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-04 06:37:11
# local_time=2014-08-04 08:37:11 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 6830 151729609 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 164158 158807281 0 0
# scanned=248353
# found=7
# cleaned=0
# scan_time=5679
sh=ACA2558520A5EBD8F94E35808F4D6325F633E72E ft=1 fh=6cc204e903fa7f0d vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2220639255-1590196800-3861590088-1000\$RYEM6LZ.exe"
sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Blau\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=5543317AB6CC3C84B018F7262CD7F6048CA22C4B ft=1 fh=1b57474b1411cddc vn="Win32/InstallMonetizer.AH evtl. unerwünschte Anwendung" ac=I fn="C:\tmp\MyPhoneExplorer_Setup_1.8.4.exe"
sh=2FB12ABF4F98AFF486DDD72B82800C75FE631A1B ft=1 fh=bfe6a20598449ca7 vn="Win32/InstallMonetizer.AG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Blau\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CBUE3CP4\MyPhoneExplorer_v2_5185[1].exe"
sh=856A3106EF97E4B534C6DEC7FCFF654572465592 ft=1 fh=56513733603524fc vn="Win32/Somoto.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe"
sh=439970C503F460E7DABB0D661038BD411A5C6D61 ft=1 fh=d05fceba4f9328be vn="Variante von Win32/KillProc.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\FixCamera.exe"
sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Variante von Win32/KillProc.A evtl. unerwünschte Anwendung" ac=I fn="${Memory}"
|
|
04.08.2014, 20:05
| #8 |
| /// TB-Ausbilder | DHL fake Mail Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter "C:\tmp\MyPhoneExplorer_Setup_1.8.4.exe"
"C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe"
"C:\Windows\FixCamera.exe"
"C:\$Recycle.Bin\S-1-5-21-2220639255-1590196800-3861590088-1000\$RYEM6LZ.exe"
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
04.08.2014, 20:09
| #9 |
| | DHL fake MailCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-08-2014
Ran by Blau at 2014-08-04 21:08:58 Run:1
Running from C:\Users\Blau\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
"C:\tmp\MyPhoneExplorer_Setup_1.8.4.exe"
"C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe"
"C:\Windows\FixCamera.exe"
"C:\$Recycle.Bin\S-1-5-21-2220639255-1590196800-3861590088-1000\$RYEM6LZ.exe"
*****************
C:\tmp\MyPhoneExplorer_Setup_1.8.4.exe => Moved successfully.
C:\Users\Blau\AppData\Local\Temp\audiograbber-toolbar.exe => Moved successfully.
C:\Windows\FixCamera.exe => Moved successfully.
"C:\$Recycle.Bin\S-1-5-21-2220639255-1590196800-3861590088-1000\$RYEM6LZ.exe" => File/Directory not found.
==== End of Fixlog ====
|
|
04.08.2014, 20:21
| #10 |
| /// TB-Ausbilder | DHL fake Mail Ok, wir sind fast komplett durch. Nur noch die Schritte hier abarbeiten  War nichts wildes drauf, nur bisschen Toolbar und Werbezeugs.  Die Reihenfolge ist hier entscheidend.
Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
04.08.2014, 21:24
| #11 |
| | DHL fake Mail Danke für deine Hilfe. Eine Frage hätte ich noch: Die von ESET bemängelten Dateien ist ok? sh=FED7CAA2E24771B66065C8D30131FC8037B6BD2A ft=1 fh=b41296876ed186e5 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Blau\AppData\Local\Temp\OCS\ocs_v71b.exe.vir" Da diese nicht direkt, für mich ersichtich, behandelt wurde. |
|
05.08.2014, 07:32
| #12 |
| /// TB-Ausbilder | DHL fake Mail Kein Problem. Wie du ja evtl in der Zeile siehst, liegt die Datei unter C:\AdwCleaner\Quarantine\ Durch die Ausführung von Delfix wird u.a. auch dieses Verzeichnis gelöscht. Sollte das nicht der Fall sein, gib mir kurz Bescheid.
__________________ Lerne, zurück zu schlagen und unterstütze uns! TB Akademie | Spende | Lob & Kritik |
|
Linear-Darstellung
