| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System clean?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
02.09.2014, 19:49
| #1 |
| |  System clean? Hallo, Ich habe eine Frage und zwar hab ich neulich eine Datei aus dem Internet heruntergeladen und mir dabei wahrscheinlich Malware eingefangen mit Trojaner Virus. Hab dann auf meinem PC Kasperksky und Malware Antibytes laufen lassen. Nun sieht es so aus als wäre alles wieder normal. Nun möchte ich einfach nur wissen ob mein System nun tatsächlich "clean" ist. Malware war "search protect" icon in windows explorer und "istartsurf" im Browser mit ganz viel Werbung. So hab versucht das ganz gut zu erklären. Kann mir jemand sagen, wie ich vorgehen soll?? Bei euren Hilfe Threads gibt es sehr viele davon und ich weiß nicht welcher zu meiner Situation passt. Ich bedanke mich im Voraus!!! |
|
02.09.2014, 20:06
| #2 |
| /// TB-Ausbilder   | System clean? Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
03.09.2014, 09:29
| #3 |
| | System clean? FRST Logfile:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Michael Neumann (administrator) on PC on 03-09-2014 10:20:28
Running from C:\Users\Michael Neumann\Downloads
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DeskDrive.lnk
ShortcutTarget: DeskDrive.lnk -> C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
ShortcutTarget: Finderbar.lnk -> C:\Windows\Lion Skin Pack\Finderbar\Finderbar.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maComfort.lnk
ShortcutTarget: maComfort.lnk -> C:\Windows\Lion Skin Pack\maComfort\maComfort.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
ShortcutTarget: Refresh.lnk -> C:\Windows\Lion Skin Pack\Tools\Refresh.cmd (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
ShortcutTarget: RocketDock.lnk -> C:\Windows\Lion Skin Pack\RocketDock\RocketDock.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
ShortcutTarget: UberIcon.lnk -> C:\Windows\Lion Skin Pack\UberIcon\UberIcon.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinLaunch.lnk
ShortcutTarget: WinLaunch.lnk -> C:\Windows\Lion Skin Pack\WinLaunch\WinLaunch.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
ShortcutTarget: Winroll.lnk -> C:\Windows\Lion Skin Pack\Winroll\winroll.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\xwidget.lnk
ShortcutTarget: xwidget.lnk -> C:\Windows\Lion Skin Pack\xwidget\xwidget.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
ShortcutTarget: YzShadow.lnk -> C:\Windows\Lion Skin Pack\YzShadow\YzShadow.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408818547&from=mp3&uid=ST1000DM003-1CH162_Z1D91Z0RXXXXZ1D91Z0R&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409581753&from=amt&uid=ST1000DM003-1CH162_Z1D91Z0RXXXXZ1D91Z0R&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1409581753&from=amt&uid=ST1000DM003-1CH162_Z1D91Z0RXXXXZ1D91Z0R&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\Michael Neumann\AppData\Roaming\Mozilla\Firefox\Profiles\6crjv80j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
R2 BBDemon; C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [46592 2011-01-08] (Dassault Systemes) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-05-30] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-29] (Disc Soft Ltd)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-27] (Symantec Corporation) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-01] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-09-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-09-01] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-29] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 10:20 - 2014-09-03 10:21 - 00019959 _____ () C:\Users\Michael Neumann\Downloads\FRST.txt
2014-09-03 10:20 - 2014-09-03 10:20 - 00000000 ____D () C:\FRST
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Downloads\FRST64.exe
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 18:01 - 2014-09-03 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-03-20 00:31 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\Key's (20.03.2014)
2014-09-01 16:40 - 2014-09-01 16:42 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:35 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-09-01 16:34 - 2014-09-03 09:42 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-01 16:34 - 2014-09-01 17:01 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 16:34 - 2014-09-01 17:01 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:29 - 2014-09-01 17:27 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 16:28 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\KIS2013
2014-08-31 14:28 - 2014-08-31 14:29 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:25 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 13:48 - 2014-08-31 14:45 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 13:39 - 2013-05-13 19:36 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\13.05.2013 2013
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 20:28 - 2014-09-01 17:39 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
2014-08-23 20:21 - 2013-12-23 08:40 - 00000102 _____ () C:\Users\Michael Neumann\Downloads\ReadME.nfo
2014-08-23 17:31 - 2014-09-01 17:37 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:51 - 2014-08-08 09:52 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-05 20:41 - 2014-08-23 20:48 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:23 - 2014-08-05 19:26 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:22 - 2014-08-05 19:34 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:15 - 2014-08-28 11:53 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 10:21 - 2014-09-03 10:20 - 00019959 _____ () C:\Users\Michael Neumann\Downloads\FRST.txt
2014-09-03 10:20 - 2014-09-03 10:20 - 00000000 ____D () C:\FRST
2014-09-03 10:19 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Battle.net
2014-09-03 10:13 - 2014-04-08 21:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 09:47 - 2014-06-28 18:47 - 00000318 _____ () C:\Windows\Tasks\Rocket Updater.job
2014-09-03 09:42 - 2014-09-01 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Downloads\FRST64.exe
2014-09-03 09:34 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 09:34 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 09:30 - 2014-01-27 19:20 - 01605245 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 09:25 - 2014-09-01 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-03 09:25 - 2014-01-28 12:27 - 00172922 _____ () C:\Windows\setupact.log
2014-09-03 09:25 - 2014-01-27 21:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-03 09:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 19:06 - 2014-01-27 21:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-02 16:38 - 2014-01-28 12:27 - 00178338 _____ () C:\Windows\PFRO.log
2014-09-01 18:49 - 2014-04-12 11:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 17:58 - 2011-04-12 10:14 - 00697658 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 17:58 - 2011-04-12 10:14 - 00148452 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 17:58 - 2009-07-14 07:12 - 01615906 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 17:50 - 2014-04-09 15:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 17:39 - 2014-08-23 20:28 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
2014-09-01 17:37 - 2014-08-23 17:31 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338
2014-09-01 17:27 - 2014-09-01 16:29 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 17:01 - 2014-09-01 16:34 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 17:01 - 2014-09-01 16:34 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-09-01 17:01 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-09-01 17:01 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-09-01 17:01 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-01 17:01 - 2012-06-08 11:38 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-09-01 16:40 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:29 - 2014-02-02 12:39 - 00001207 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-01 16:29 - 2014-01-27 19:24 - 00001390 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-01 16:28 - 2014-02-03 23:18 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\CrashDumps
2014-09-01 12:20 - 2014-01-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-31 14:45 - 2014-08-31 13:48 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 14:29 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:28 - 2014-08-31 14:25 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:15 - 2014-01-27 20:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-31 11:14 - 2014-01-27 20:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Google
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 11:53 - 2014-08-05 19:15 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-28 11:44 - 2014-04-10 16:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Eclipse
2014-08-28 11:41 - 2014-04-10 16:35 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\eclipse
2014-08-27 15:13 - 2014-01-28 19:44 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Datenbank
2014-08-23 20:48 - 2014-08-05 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 20:47 - 2014-06-18 14:17 - 00000000 ____D () C:\ProgramData\WorldAppIt
2014-08-23 20:47 - 2014-05-30 10:01 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\TempDIR
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-22 20:10 - 2014-01-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-20 10:05 - 2014-02-19 12:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-08-20 10:05 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-08-20 09:56 - 2014-02-19 12:34 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Canon
2014-08-14 19:53 - 2009-07-14 07:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 20:27 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Battle.net
2014-08-12 19:35 - 2014-07-30 12:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:52 - 2014-08-08 09:51 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-07 12:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:34 - 2014-08-05 19:22 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:26 - 2014-08-05 19:23 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:23 - 2014-01-27 19:23 - 00000000 ____D () C:\Users\Michael Neumann
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
Some content of TEMP:
====================
C:\Users\Michael Neumann\AppData\Local\Temp\04upzwc4.dll
C:\Users\Michael Neumann\AppData\Local\Temp\20140131062707939jniverify.dll
C:\Users\Michael Neumann\AppData\Local\Temp\6F93.exe
C:\Users\Michael Neumann\AppData\Local\Temp\71E4.exe
C:\Users\Michael Neumann\AppData\Local\Temp\7C11.exe
C:\Users\Michael Neumann\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_10931754_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_16234072_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_7772203_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Bundle.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\DownloadManager.exe
C:\Users\Michael Neumann\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Gw2.exe
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_1619.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_18291.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2396.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2471.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2585.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2784.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2868.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_29573.dll
C:\Users\Michael Neumann\AppData\Local\Temp\Lion_Skin_Pack_13-X64.exe
C:\Users\Michael Neumann\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Michael Neumann\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Michael Neumann\AppData\Local\Temp\nvStInst.exe
C:\Users\Michael Neumann\AppData\Local\Temp\optprosetup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\ose00000.exe
C:\Users\Michael Neumann\AppData\Local\Temp\post2.dll
C:\Users\Michael Neumann\AppData\Local\Temp\post2.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sdapskill.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sdaspwn.exe
C:\Users\Michael Neumann\AppData\Local\Temp\setup{D76E2E0E-65EA-40DD-81CA-0F8CB47F7CE7}.exe
C:\Users\Michael Neumann\AppData\Local\Temp\smt_qone8.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sqlite3.exe
C:\Users\Michael Neumann\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michael Neumann\AppData\Local\Temp\tmp1D70.exe
C:\Users\Michael Neumann\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Michael Neumann\AppData\Local\Temp\uninstall.exe
C:\Users\Michael Neumann\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Wildstar.exe
C:\Users\Michael Neumann\AppData\Local\Temp\_isF112.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 18:36
==================== End Of Log ============================
--- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Michael Neumann at 2014-09-03 10:21:11
Running from C:\Users\Michael Neumann\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dassault Systemes Software B20_1 (HKLM\...\Dassault Systemes B20_2) (Version: - )
Dassault Systemes Software B21 (HKLM\...\Dassault Systemes B21_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.53 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-08-2014 08:41:00 Geplanter Prüfpunkt
23-08-2014 18:30:28 Revo Uninstaller's restore point - Software Version Updater
23-08-2014 18:31:59 Revo Uninstaller's restore point - istartsurf uninstall
23-08-2014 18:33:36 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
23-08-2014 18:33:59 Revo Uninstaller's restore point - Re-markit
23-08-2014 18:34:54 Revo Uninstaller's restore point - WindowsMangerProtect20.0.0.722
23-08-2014 18:36:26 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
23-08-2014 18:37:04 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:12:29 Revo Uninstaller's restore point - Software Version Updater
31-08-2014 09:13:40 Revo Uninstaller's restore point - istartsurf uninstall
31-08-2014 09:14:21 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:15:46 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
01-09-2014 15:49:37 Revo Uninstaller's restore point - istartsurf uninstall
01-09-2014 15:50:32 Revo Uninstaller's restore point - World of Warcraft
01-09-2014 15:52:05 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {15442E06-C91D-4D6A-940A-D088EB3B1C4B} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: {650786E9-0D94-47B5-A15F-7827DE3B1990} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {6C528A24-D455-4E5B-88D0-73EC1C81601C} - \HDvid-Codec V9.0-enabler No Task File <==== ATTENTION
Task: {7E3A14F3-6776-43EE-B286-404C8B9EDEA3} - \HDvid-Codec V9.0-codedownloader No Task File <==== ATTENTION
Task: {87DDEFD6-2E05-4EEF-B466-C664FA782BAC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {8C60204E-3FDF-4F6F-8B63-01CB4BB170E4} - \Microsoft\3e3d8a16a4d7fe446f631e1b97603a83 No Task File <==== ATTENTION
Task: {8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B} - \HDvid-Codec V9.0-firefoxinstaller No Task File <==== ATTENTION
Task: {97E4EB93-6697-4B91-B7FB-002D58E9342D} - System32\Tasks\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27 => C:\Users\Michael Neumann\AppData\Roaming\DownloadManager\Updater.exe [2014-08-23] (LADY'S WOOD 2013 LIMITED)
Task: {CFEC6FC1-D9AA-489F-A71E-3256E75A0B31} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D1AB9AC5-FF38-4D35-B4F5-6C385D3823F7} - \fsupdate No Task File <==== ATTENTION
Task: {D2176310-91CD-454D-9F30-856039C72E97} - \HDvid-Codec V9.0-updater No Task File <==== ATTENTION
Task: {EFDADCDA-121A-4281-A03F-487C87B161F6} - System32\Tasks\Rocket Updater => C:\Users\MICHAE~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1} - \HDvid-Codec V9.0-chromeinstaller No Task File <==== ATTENTION
Task: {FDB2942C-B82F-47E1-BFB8-197B10705364} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Rocket Updater.job => C:\Users\MICHAE~1\AppData\Roaming\ROCKET~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2014-01-27 21:26 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-27 19:55 - 2013-03-19 15:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-08-17 21:39 - 2014-09-01 16:57 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-01-27 20:48 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-02 19:28 - 2014-09-02 19:28 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-07-10 16:13 - 2014-07-10 16:13 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2014 09:27:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 07:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 06:20:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:40:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 06:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 05:46:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 05:03:32 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Kaspersky Internet Security 2013 - Update "Kaspersky Internet Security 2013 (Patch d)" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\MSIbc187.LOG enthalten.
Error: (09/01/2014 05:03:31 PM) (Source: MsiInstaller) (EventID: 10005) (User: NT-AUTORITÄT)
Description: Programm: Kaspersky Internet Security 2013 -- Interner Fehler 2761.
Error: (09/01/2014 05:03:02 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: {560985FB-4B76-4121-9189-7A2CDC7886D6}. Fehler 1618 beim Starten der Transaktion.
Error: (09/01/2014 05:03:02 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT-AUTORITÄT)
Description: Fehler beim Starten einer Windows Installer-Transaktion: {560985FB-4B76-4121-9189-7A2CDC7886D6}. Fehler 1618 beim Starten der Transaktion.
System errors:
=============
Error: (09/03/2014 09:27:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 07:06:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 06:20:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 04:40:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 06:00:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 05:45:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 05:21:00 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (09/01/2014 04:57:07 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (09/01/2014 04:52:06 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 04:50:28 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 01.09.2014 um 16:49:24 unerwartet heruntergefahren.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 8070.8 MB
Available physical RAM: 5641.86 MB
Total Pagefile: 16139.77 MB
Available Pagefile: 13471.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:792.47 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F2604F7)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.09.2014, 10:57
| #4 | |
| | System clean?Zitat:
|
|
03.09.2014, 11:09
| #5 | |
| /// TB-Ausbilder | System clean? Servus, ist noch nicht alles sauber.  Zukünftig: Zitat:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 3
Bitte poste mit deiner nächsten Antwort
|
|
03.09.2014, 12:24
| #6 |
| | System clean? AdwCleaner: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 03/09/2014 um 12:39:10
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional N Service Pack 1 (64 bits)
# Benutzername : Michael Neumann - PC
# Gestartet von : C:\Users\Michael Neumann\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Windows Genuine Advantage
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Michael Neumann\AppData\Local\Rocket
Datei Gelöscht : C:\Users\MICHAE~1\AppData\Local\Temp\Uninstall.exe
***** [ Tasks ] *****
Task Gelöscht : Desk 365 RunAsStdUser
Task Gelöscht : fsupdate
Task Gelöscht : Rocket Updater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\vopackage_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EAB5257A-1FB3-474C-9B42-231F52622E72}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Re_Markit
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\5E8031606EB60A64C882918F8FF38DD4
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0 (x86 de)
[ Datei : C:\Users\Michael Neumann\AppData\Roaming\Mozilla\Firefox\Profiles\6crjv80j.default\prefs.js ]
*************************
AdwCleaner[R2].txt - [11885 octets] - [12/06/2014 11:17:30]
AdwCleaner[R3].txt - [16583 octets] - [01/07/2014 15:16:31]
AdwCleaner[R4].txt - [5920 octets] - [03/09/2014 12:37:41]
AdwCleaner[S1].txt - [7357 octets] - [12/06/2014 11:18:49]
AdwCleaner[S2].txt - [12747 octets] - [01/07/2014 15:16:48]
AdwCleaner[S3].txt - [4906 octets] - [03/09/2014 12:39:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [4966 octets] ##########
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 03-September-2014
Tool run by Michael Neumann on 03.09.2014 at 12:45:10,77.
Microsoft Windows 7 Professional N 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Michael Neumann\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
03.09.2014 12:46:33 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-281873479-767526044-2589904799-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully
HKEY_USERS\S-1-5-21-281873479-767526044-2589904799-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-281873479-767526044-2589904799-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
HKEY_USERS\S-1-5-21-281873479-767526044-2589904799-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://www.google.com"
"Search Bar"="hxxp://www.google.com"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://www.google.com"
"SearchAssistant"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
==== shortcuts on Users Desktops ======================
C:\Users\Michael Neumann\Desktop\Hearthstone.lnk - C:\Program Files (x86)\Hearthstone\Hearthstone Beta Launcher.exe
C:\Users\Michael Neumann\Desktop\Revo Uninstaller.lnk - C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe
C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe -hidden safebanking
C:\Users\Michael Neumann\Desktop\UNi Nati\Neuer Ordner\DustAET.exe.lnk - C:\Program Files (x86)\Humble Hearts LLC\Dust An Elysian Tail\DustAET.exe
C:\Users\Michael Neumann\Desktop\UNi Nati\Neuer Ordner\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe
C:\Users\Michael Neumann\Desktop\UNi Nati\Neuer Ordner\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\Canon IJ Network Tool.lnk - C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE
C:\Users\Public\Desktop\CATIA V5R20 1.lnk - C:\Program Files (x86)\Dassault Systemes\B20\win_b64\code\bin\CATSTART.exe -run "CNEXT.exe" -env CATIA.V5R20_1.B20 -direnv "C:\ProgramData\DassaultSystemes\CATEnv" -nowindow
C:\Users\Public\Desktop\CATIA V5R21.lnk - C:\Program Files (x86)\Dassault Systemes\B21\win_b64\code\bin\CATSTART.exe -run "CNEXT.exe" -env CATIA.V5R21.B21 -direnv "C:\ProgramData\DassaultSystemes\CATEnv" -nowindow
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Public\Desktop\PDF24 Creator.lnk - C:\Program Files (x86)\PDF24\pdf24-Creator.exe
C:\Users\Public\Desktop\Speccy.lnk - C:\Program Files\Speccy\Speccy64.exe
C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Scanner Selector EX\IJ Network Scanner Selector EX.lnk - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Network Tool\IJ Network Tool.lnk - C:\Program Files (x86)\Canon\Canon IJ Network Tool\CNMNPUT.EXE
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\IJ Scan Utility\IJ Scan Utility.lnk - C:\Program Files (x86)\Canon\IJ Scan Utility\SCANUTILITY.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\World of Warcraft™.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Hilfe für Kaspersky Internet Security 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Kaspersky Internet Security 2013 entfernen.lnk - C:\Windows\SysWOW64\msiexec.exe /i{560985FB-4B76-4121-9189-7A2CDC7886D6} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Kaspersky Internet Security 2013.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Kaspersky Lab im Internet.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013\Lizenzvertrag.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\Doc\de\license.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CATIA V5R20.lnk - C:\Program Files (x86)\Dassault Systemes\B20\win_b64\code\bin\CATSTART.exe -run "CNEXT.exe" -env CATIA.V5R20.B20 -direnv "C:\ProgramData\DassaultSystemes\CATEnv" -nowindow
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== C:\zoek_backup content ======================
C:\zoek_backup (files=0 folders=0 0 bytes)
==== EOF on 03.09.2014 at 12:46:58,87 ======================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Michael Neumann (administrator) on PC on 03-09-2014 13:13:55
Running from C:\Users\Michael Neumann\Desktop
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Policies\Explorer: [DisallowRun] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DeskDrive.lnk
ShortcutTarget: DeskDrive.lnk -> C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
ShortcutTarget: Finderbar.lnk -> C:\Windows\Lion Skin Pack\Finderbar\Finderbar.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maComfort.lnk
ShortcutTarget: maComfort.lnk -> C:\Windows\Lion Skin Pack\maComfort\maComfort.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
ShortcutTarget: Refresh.lnk -> C:\Windows\Lion Skin Pack\Tools\Refresh.cmd (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
ShortcutTarget: RocketDock.lnk -> C:\Windows\Lion Skin Pack\RocketDock\RocketDock.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
ShortcutTarget: UberIcon.lnk -> C:\Windows\Lion Skin Pack\UberIcon\UberIcon.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinLaunch.lnk
ShortcutTarget: WinLaunch.lnk -> C:\Windows\Lion Skin Pack\WinLaunch\WinLaunch.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
ShortcutTarget: Winroll.lnk -> C:\Windows\Lion Skin Pack\Winroll\winroll.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\xwidget.lnk
ShortcutTarget: xwidget.lnk -> C:\Windows\Lion Skin Pack\xwidget\xwidget.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
ShortcutTarget: YzShadow.lnk -> C:\Windows\Lion Skin Pack\YzShadow\YzShadow.exe (No File)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\Michael Neumann\AppData\Roaming\Mozilla\Firefox\Profiles\6crjv80j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
R2 BBDemon; C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [46592 2011-01-08] (Dassault Systemes) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-05-30] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-29] (Disc Soft Ltd)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-27] (Symantec Corporation) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-01] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-09-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-09-01] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-29] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 13:10 - 2014-09-03 13:14 - 00018582 _____ () C:\Users\Michael Neumann\Desktop\FRST.txt
2014-09-03 12:46 - 2014-09-03 12:46 - 00011245 _____ () C:\Users\Michael Neumann\Desktop\zoek-results.log
2014-09-03 12:44 - 2014-09-03 12:46 - 00000691 _____ () C:\runcheck.txt
2014-09-03 12:44 - 2014-09-03 12:44 - 00000000 ____D () C:\zoek_backup
2014-09-03 12:43 - 2014-09-03 12:43 - 01288704 _____ () C:\Users\Michael Neumann\Desktop\zoek.exe
2014-09-03 12:39 - 2014-09-03 12:39 - 00005078 _____ () C:\Users\Michael Neumann\Desktop\AdwCleaner[S3].txt
2014-09-03 12:37 - 2014-09-03 12:37 - 01370483 _____ () C:\Users\Michael Neumann\Desktop\adwcleaner_3.309.exe
2014-09-03 10:21 - 2014-09-03 10:21 - 00027209 _____ () C:\Users\Michael Neumann\Downloads\Addition.txt
2014-09-03 10:20 - 2014-09-03 13:13 - 00000000 ____D () C:\FRST
2014-09-03 10:20 - 2014-09-03 10:21 - 00038212 _____ () C:\Users\Michael Neumann\Downloads\FRST.txt
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Desktop\FRST64.exe
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 18:01 - 2014-09-03 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-03-20 00:31 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\Key's (20.03.2014)
2014-09-01 16:40 - 2014-09-01 16:42 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:35 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-09-01 16:34 - 2014-09-03 13:10 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-01 16:34 - 2014-09-01 17:01 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 16:34 - 2014-09-01 17:01 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:29 - 2014-09-01 17:27 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 16:28 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\KIS2013
2014-08-31 14:28 - 2014-08-31 14:29 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:25 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 13:48 - 2014-08-31 14:45 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 13:39 - 2013-05-13 19:36 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\13.05.2013 2013
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 20:28 - 2014-09-01 17:39 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
2014-08-23 20:21 - 2013-12-23 08:40 - 00000102 _____ () C:\Users\Michael Neumann\Downloads\ReadME.nfo
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:51 - 2014-08-08 09:52 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-05 20:41 - 2014-08-23 20:48 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:23 - 2014-08-05 19:26 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:22 - 2014-08-05 19:34 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:15 - 2014-08-28 11:53 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-03 13:14 - 2014-09-03 13:10 - 00018582 _____ () C:\Users\Michael Neumann\Desktop\FRST.txt
2014-09-03 13:13 - 2014-09-03 10:20 - 00000000 ____D () C:\FRST
2014-09-03 13:13 - 2014-04-08 21:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-03 13:12 - 2014-01-27 19:20 - 01616425 _____ () C:\Windows\WindowsUpdate.log
2014-09-03 13:10 - 2014-09-01 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-03 13:09 - 2014-06-12 11:17 - 00000000 ____D () C:\AdwCleaner
2014-09-03 13:08 - 2014-01-28 12:27 - 00173426 _____ () C:\Windows\setupact.log
2014-09-03 13:07 - 2014-01-28 12:27 - 00178974 _____ () C:\Windows\PFRO.log
2014-09-03 13:07 - 2014-01-27 21:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-03 13:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-03 12:48 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-03 12:48 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-03 12:46 - 2014-09-03 12:46 - 00011245 _____ () C:\Users\Michael Neumann\Desktop\zoek-results.log
2014-09-03 12:46 - 2014-09-03 12:44 - 00000691 _____ () C:\runcheck.txt
2014-09-03 12:44 - 2014-09-03 12:44 - 00000000 ____D () C:\zoek_backup
2014-09-03 12:43 - 2014-09-03 12:43 - 01288704 _____ () C:\Users\Michael Neumann\Desktop\zoek.exe
2014-09-03 12:39 - 2014-09-03 12:39 - 00005078 _____ () C:\Users\Michael Neumann\Desktop\AdwCleaner[S3].txt
2014-09-03 12:39 - 2014-02-02 12:39 - 00001003 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-03 12:39 - 2014-01-27 19:24 - 00001186 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-03 12:37 - 2014-09-03 12:37 - 01370483 _____ () C:\Users\Michael Neumann\Desktop\adwcleaner_3.309.exe
2014-09-03 10:21 - 2014-09-03 10:21 - 00027209 _____ () C:\Users\Michael Neumann\Downloads\Addition.txt
2014-09-03 10:21 - 2014-09-03 10:20 - 00038212 _____ () C:\Users\Michael Neumann\Downloads\FRST.txt
2014-09-03 10:19 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Battle.net
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Desktop\FRST64.exe
2014-09-03 09:25 - 2014-09-01 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 19:06 - 2014-01-27 21:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-01 18:49 - 2014-04-12 11:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 17:58 - 2011-04-12 10:14 - 00697658 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 17:58 - 2011-04-12 10:14 - 00148452 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 17:58 - 2009-07-14 07:12 - 01615906 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 17:50 - 2014-04-09 15:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 17:39 - 2014-08-23 20:28 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
2014-09-01 17:27 - 2014-09-01 16:29 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 17:01 - 2014-09-01 16:34 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 17:01 - 2014-09-01 16:34 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-09-01 17:01 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-09-01 17:01 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-09-01 17:01 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-01 17:01 - 2012-06-08 11:38 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-09-01 16:40 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:28 - 2014-02-03 23:18 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\CrashDumps
2014-09-01 12:20 - 2014-01-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-31 14:45 - 2014-08-31 13:48 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 14:29 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:28 - 2014-08-31 14:25 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:15 - 2014-01-27 20:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-31 11:14 - 2014-01-27 20:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Google
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 11:53 - 2014-08-05 19:15 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-28 11:44 - 2014-04-10 16:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Eclipse
2014-08-28 11:41 - 2014-04-10 16:35 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\eclipse
2014-08-27 15:13 - 2014-01-28 19:44 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Datenbank
2014-08-23 20:48 - 2014-08-05 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 20:47 - 2014-06-18 14:17 - 00000000 ____D () C:\ProgramData\WorldAppIt
2014-08-23 20:47 - 2014-05-30 10:01 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\TempDIR
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-22 20:10 - 2014-01-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-20 10:05 - 2014-02-19 12:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-08-20 10:05 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-08-20 09:56 - 2014-02-19 12:34 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Canon
2014-08-14 19:53 - 2009-07-14 07:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 20:27 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Battle.net
2014-08-12 19:35 - 2014-07-30 12:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:52 - 2014-08-08 09:51 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-07 12:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:34 - 2014-08-05 19:22 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:26 - 2014-08-05 19:23 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:23 - 2014-01-27 19:23 - 00000000 ____D () C:\Users\Michael Neumann
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
Some content of TEMP:
====================
C:\Users\Michael Neumann\AppData\Local\Temp\04upzwc4.dll
C:\Users\Michael Neumann\AppData\Local\Temp\20140131062707939jniverify.dll
C:\Users\Michael Neumann\AppData\Local\Temp\6F93.exe
C:\Users\Michael Neumann\AppData\Local\Temp\71E4.exe
C:\Users\Michael Neumann\AppData\Local\Temp\7C11.exe
C:\Users\Michael Neumann\AppData\Local\Temp\7za.exe
C:\Users\Michael Neumann\AppData\Local\Temp\amazonicon_v4.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BackupSetup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_10931754_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_16234072_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\BRSVC_7772203_hlp.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Bundle.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Cloud_Backup_Setup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\DownloadManager.exe
C:\Users\Michael Neumann\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Gw2.exe
C:\Users\Michael Neumann\AppData\Local\Temp\hijackthis.exe
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_1619.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_18291.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2396.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2471.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2585.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2784.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_2868.dll
C:\Users\Michael Neumann\AppData\Local\Temp\hrprfl_29573.dll
C:\Users\Michael Neumann\AppData\Local\Temp\Lion_Skin_Pack_13-X64.exe
C:\Users\Michael Neumann\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Michael Neumann\AppData\Local\Temp\NirCmd.exe
C:\Users\Michael Neumann\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Michael Neumann\AppData\Local\Temp\nvStInst.exe
C:\Users\Michael Neumann\AppData\Local\Temp\optprosetup.exe
C:\Users\Michael Neumann\AppData\Local\Temp\ose00000.exe
C:\Users\Michael Neumann\AppData\Local\Temp\PEVZ.EXE
C:\Users\Michael Neumann\AppData\Local\Temp\post2.dll
C:\Users\Michael Neumann\AppData\Local\Temp\post2.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael Neumann\AppData\Local\Temp\remove.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sdapskill.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sdaspwn.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sed.exe
C:\Users\Michael Neumann\AppData\Local\Temp\setup{D76E2E0E-65EA-40DD-81CA-0F8CB47F7CE7}.exe
C:\Users\Michael Neumann\AppData\Local\Temp\smt_qone8.exe
C:\Users\Michael Neumann\AppData\Local\Temp\sqlite3.exe
C:\Users\Michael Neumann\AppData\Local\Temp\swreg.exe
C:\Users\Michael Neumann\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Michael Neumann\AppData\Local\Temp\swxcacls.exe
C:\Users\Michael Neumann\AppData\Local\Temp\tmp1D70.exe
C:\Users\Michael Neumann\AppData\Local\Temp\TUUUninstallHelper.exe
C:\Users\Michael Neumann\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Michael Neumann\AppData\Local\Temp\wget.exe
C:\Users\Michael Neumann\AppData\Local\Temp\Wildstar.exe
C:\Users\Michael Neumann\AppData\Local\Temp\zoek-delete.exe
C:\Users\Michael Neumann\AppData\Local\Temp\_isF112.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 18:36
==================== End Of Log ============================
--- --- --- FRST Additional: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Michael Neumann at 2014-09-03 13:14:23
Running from C:\Users\Michael Neumann\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dassault Systemes Software B20_1 (HKLM\...\Dassault Systemes B20_2) (Version: - )
Dassault Systemes Software B21 (HKLM\...\Dassault Systemes B21_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.53 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-08-2014 08:41:00 Geplanter Prüfpunkt
23-08-2014 18:30:28 Revo Uninstaller's restore point - Software Version Updater
23-08-2014 18:31:59 Revo Uninstaller's restore point - istartsurf uninstall
23-08-2014 18:33:36 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
23-08-2014 18:33:59 Revo Uninstaller's restore point - Re-markit
23-08-2014 18:34:54 Revo Uninstaller's restore point - WindowsMangerProtect20.0.0.722
23-08-2014 18:36:26 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
23-08-2014 18:37:04 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:12:29 Revo Uninstaller's restore point - Software Version Updater
31-08-2014 09:13:40 Revo Uninstaller's restore point - istartsurf uninstall
31-08-2014 09:14:21 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:15:46 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
01-09-2014 15:49:37 Revo Uninstaller's restore point - istartsurf uninstall
01-09-2014 15:50:32 Revo Uninstaller's restore point - World of Warcraft
01-09-2014 15:52:05 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
03-09-2014 10:46:17 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {650786E9-0D94-47B5-A15F-7827DE3B1990} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {6C528A24-D455-4E5B-88D0-73EC1C81601C} - \HDvid-Codec V9.0-enabler No Task File <==== ATTENTION
Task: {7E3A14F3-6776-43EE-B286-404C8B9EDEA3} - \HDvid-Codec V9.0-codedownloader No Task File <==== ATTENTION
Task: {87DDEFD6-2E05-4EEF-B466-C664FA782BAC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {8C60204E-3FDF-4F6F-8B63-01CB4BB170E4} - \Microsoft\3e3d8a16a4d7fe446f631e1b97603a83 No Task File <==== ATTENTION
Task: {8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B} - \HDvid-Codec V9.0-firefoxinstaller No Task File <==== ATTENTION
Task: {97E4EB93-6697-4B91-B7FB-002D58E9342D} - System32\Tasks\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27 => C:\Users\Michael Neumann\AppData\Roaming\DownloadManager\Updater.exe [2014-08-23] (LADY'S WOOD 2013 LIMITED)
Task: {CFEC6FC1-D9AA-489F-A71E-3256E75A0B31} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {D2176310-91CD-454D-9F30-856039C72E97} - \HDvid-Codec V9.0-updater No Task File <==== ATTENTION
Task: {F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1} - \HDvid-Codec V9.0-chromeinstaller No Task File <==== ATTENTION
Task: {FDB2942C-B82F-47E1-BFB8-197B10705364} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-27 21:26 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-27 19:55 - 2013-03-19 15:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2012-08-17 21:39 - 2014-09-01 16:57 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-08-17 21:38 - 2012-08-17 21:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2014-01-27 20:48 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-09-02 19:28 - 2014-09-02 19:28 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/03/2014 01:09:38 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2014 00:41:56 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2014 00:32:13 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2014 09:27:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 07:06:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 06:20:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/02/2014 04:40:14 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 06:00:53 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 05:46:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/01/2014 05:03:32 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT-AUTORITÄT)
Description: Produkt: Kaspersky Internet Security 2013 - Update "Kaspersky Internet Security 2013 (Patch d)" konnte nicht installiert werden. Fehlercode 1603. Weitere Informationen sind in der Protokolldatei C:\Windows\TEMP\MSIbc187.LOG enthalten.
System errors:
=============
Error: (09/03/2014 01:09:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 00:41:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 00:32:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 09:27:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 07:06:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 06:20:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 04:40:12 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 06:00:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 05:45:58 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/01/2014 05:21:00 PM) (Source: DCOM) (EventID: 10000) (User: )
Description: C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}5{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 25%
Total physical RAM: 8070.8 MB
Available physical RAM: 6001.32 MB
Total Pagefile: 16139.77 MB
Available Pagefile: 13907.3 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:792.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F2604F7)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
03.09.2014, 13:14
| #7 |
| /// TB-Ausbilder | System clean? Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 3 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Policies\Explorer: [DisallowRun] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\WorldAppIt
Task: {6C528A24-D455-4E5B-88D0-73EC1C81601C} - \HDvid-Codec V9.0-enabler No Task File <==== ATTENTION
Task: {7E3A14F3-6776-43EE-B286-404C8B9EDEA3} - \HDvid-Codec V9.0-codedownloader No Task File <==== ATTENTION
Task: {8C60204E-3FDF-4F6F-8B63-01CB4BB170E4} - \Microsoft\3e3d8a16a4d7fe446f631e1b97603a83 No Task File <==== ATTENTION
Task: {8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B} - \HDvid-Codec V9.0-firefoxinstaller No Task File <==== ATTENTION
Task: {97E4EB93-6697-4B91-B7FB-002D58E9342D} - System32\Tasks\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27 => C:\Users\Michael Neumann\AppData\Roaming\DownloadManager\Updater.exe [2014-08-23] (LADY'S WOOD 2013 LIMITED)
C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
Task: {D2176310-91CD-454D-9F30-856039C72E97} - \HDvid-Codec V9.0-updater No Task File <==== ATTENTION
Task: {F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1} - \HDvid-Codec V9.0-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Schritt 4 Lade dir die passende Version von SystemLook vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit) | SystemLook (64 bit)
Bitte poste mit deiner nächsten Antwort
|
|
04.09.2014, 15:22
| #8 |
| | System clean? SO FRST-FIX: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
Ran by Michael Neumann at 2014-09-04 13:19:47 Run:1
Running from C:\Users\Michael Neumann\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Policies\Explorer: [DisallowRun] 1
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
C:\ProgramData\WorldAppIt
Task: {6C528A24-D455-4E5B-88D0-73EC1C81601C} - \HDvid-Codec V9.0-enabler No Task File <==== ATTENTION
Task: {7E3A14F3-6776-43EE-B286-404C8B9EDEA3} - \HDvid-Codec V9.0-codedownloader No Task File <==== ATTENTION
Task: {8C60204E-3FDF-4F6F-8B63-01CB4BB170E4} - \Microsoft\3e3d8a16a4d7fe446f631e1b97603a83 No Task File <==== ATTENTION
Task: {8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B} - \HDvid-Codec V9.0-firefoxinstaller No Task File <==== ATTENTION
Task: {97E4EB93-6697-4B91-B7FB-002D58E9342D} - System32\Tasks\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27 => C:\Users\Michael Neumann\AppData\Roaming\DownloadManager\Updater.exe [2014-08-23] (LADY'S WOOD 2013 LIMITED)
C:\Users\Michael Neumann\AppData\Roaming\DownloadManager
Task: {D2176310-91CD-454D-9F30-856039C72E97} - \HDvid-Codec V9.0-updater No Task File <==== ATTENTION
Task: {F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1} - \HDvid-Codec V9.0-chromeinstaller No Task File <==== ATTENTION
EmptyTemp:
end
*****************
HKU\S-1-5-21-281873479-767526044-2589904799-1000\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\\DisallowRun => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\ProgramData\WorldAppIt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6C528A24-D455-4E5B-88D0-73EC1C81601C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6C528A24-D455-4E5B-88D0-73EC1C81601C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-enabler" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7E3A14F3-6776-43EE-B286-404C8B9EDEA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E3A14F3-6776-43EE-B286-404C8B9EDEA3}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-codedownloader" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8C60204E-3FDF-4F6F-8B63-01CB4BB170E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C60204E-3FDF-4F6F-8B63-01CB4BB170E4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\3e3d8a16a4d7fe446f631e1b97603a83" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8ECF3E2E-AD7A-45DA-A45A-785FF7C5844B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-firefoxinstaller" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{97E4EB93-6697-4B91-B7FB-002D58E9342D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{97E4EB93-6697-4B91-B7FB-002D58E9342D}" => Key deleted successfully.
C:\Windows\System32\Tasks\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\6db3e5de510bc1b9bc91ea56e5a07a27" => Key deleted successfully.
C:\Users\Michael Neumann\AppData\Roaming\DownloadManager => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2176310-91CD-454D-9F30-856039C72E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2176310-91CD-454D-9F30-856039C72E97}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-updater" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2B31FC0-6FC3-48CC-85E8-5C8FF26988C1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HDvid-Codec V9.0-chromeinstaller" => Key deleted successfully.
EmptyTemp: => Removed 3.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=823652579fdcf7448f9595c18a7ecb64
# engine=19998
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-04 02:06:45
# local_time=2014-09-04 04:06:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1291 16777214 100 98 9702 64609527 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 98089 161469455 0 0
# scanned=409805
# found=45
# cleaned=0
# scan_time=9125
sh=FEB644C3C7D549177CCB7666F67DBF33A782C0BE ft=1 fh=15060ceecdc4b923 vn="Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\BHOEnabler.exe.vir"
sh=C7C0F42A23562AA6DCCD60326FD8CC2AA41B5448 ft=1 fh=c053642cee9f3def vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=125B1C393F2104CBA08183E495C0907BFF7EDA22 ft=1 fh=ea25908c8365106f vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=8E85792765D0E0BF52107CFF4A6620995DB19BB0 ft=1 fh=627da500ea2e265f vn="Variante von Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterfacef32.dll.vir"
sh=2FCA2173F2DD16DF8F1F990170FA4479FC5D5BFC ft=1 fh=c528dd1cda99a111 vn="Variante von Win32/ELEX.AR evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\RSHP.exe.vir"
sh=6043D1ACD51FD373472020FBB748C405AAF22397 ft=1 fh=4c716dbbae6c21b9 vn="Win32/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=FF431CD8693F4045BD7BD87DBCE54B820F000FC0 ft=1 fh=16c2e1bd3fd6b7e2 vn="Win64/Thinknice.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=5836A5DF3860241F6B69F2292ABCE592A13689B6 ft=1 fh=a3db04555f559ea8 vn="Variante von Win32/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv32.dll.vir"
sh=E97CBDBD7CFED2C58464C1ABF186520022DE5666 ft=1 fh=7a2ea5ecc33ad0e3 vn="Variante von Win64/Thinknice.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SpAPPSv64.dll.vir"
sh=9DC13DB9C123270C2356ED410128E11D5ADF7C6E ft=1 fh=023ab782f0a9b07d vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=A61CB0928F34B9ECF90CE9B5E841C0E23775E78B ft=1 fh=f3837d59fe518d7e vn="Variante von Win32/BrowseFox.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\ToggleMarkBHO.dll.vir"
sh=169CD92AFE0F4EE9DB39596CE3D3A400526EAAD1 ft=1 fh=13aa67372d86eaed vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\ToggleMarkUninstall.exe.vir"
sh=047278064AE6E38562E451DB2EF510B40FE490E9 ft=1 fh=8f3c8e5d217e8008 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\updateToggleMark.exe.vir"
sh=63D8BA50DF31D4ED2977DDC5F807361E065A1EDA ft=1 fh=5561386d44f287c9 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMark.BrowserAdapter.exe.vir"
sh=1D3516EDD5F30AF64DE3B7D7F7F8F7D5B744ED98 ft=1 fh=a1dadc3d6eae6e0d vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMark.PurBrowse64.exe.vir"
sh=DB10E9FC9FF330F8FDF511E1047D5AF6A2DAB301 ft=1 fh=5ca234879a68363f vn="Variante von Win32/BrowseFox.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\ToggleMarkBAApp.dll.vir"
sh=047278064AE6E38562E451DB2EF510B40FE490E9 ft=1 fh=8f3c8e5d217e8008 vn="Variante von Win32/BrowseFox.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\utilToggleMark.exe.vir"
sh=0E48D679ED6F9B460545AF82CA1F1278CFF66193 ft=1 fh=82186129a71e6ceb vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\{af16abf4-eac1-49b4-93fc-58f6ca799135}.dll.vir"
sh=683DF8E020F6616BD82E84D32A3B3297BB65C6EF ft=1 fh=adad28baacc0c36f vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.Bromon.dll.vir"
sh=716DC19AE74F240F079E3CD3BBF69B1564D75D68 ft=1 fh=66d7539934e4224e vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.BroStats.dll.vir"
sh=372C6BC7F0B8E0D1275E1EADB1E837C1FA04810A ft=1 fh=208c519ccb56bb0f vn="möglicherweise Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.BrowserAdapterS.dll.vir"
sh=C1BF635ACD34EC4E7613165B65B84F299E099E91 ft=1 fh=f084d243b22c5098 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.CompatibilityChecker.dll.vir"
sh=A0592CA158BC2334086B1487E23FDAA3570FEEB3 ft=1 fh=6fa4fb3592e0a2d8 vn="Variante von MSIL/BrowseFox.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.FFUpdate.dll.vir"
sh=A08D3410596DF8996684BFB651F0AACEE7C0C1FF ft=1 fh=8f37e401fdcd4973 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.IEUpdate.dll.vir"
sh=F45F5FE2490A2E6846E3EEE308AC764CB3EB2A36 ft=1 fh=5aca58421c95aa7c vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ToggleMark\bin\plugins\ToggleMark.PurBrowseG.dll.vir"
sh=56659F7FF1F1FA7906A77228E315F65F38BCEF73 ft=1 fh=0ff759dfc352fd03 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=251A3803C9AB15C6EAF576250F78DC4CC1D843F7 ft=1 fh=bbd71f22d491c083 vn="Variante von Win32/ELEX.AM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsProtectManger\wprotectmanager.exe.vir"
sh=374ED059A53890FE8C9A2C1A2BD26DCC94E49528 ft=1 fh=4e86c3c8e568e45b vn="Variante von Win32/DealPly.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Michael Neumann\AppData\Roaming\RocketUpdater\UpdateProc\UpdateTask.exe.vir"
sh=99F97AD369E8621AB4D17DF53E80E60FEE99C727 ft=1 fh=42567613b862d846 vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\MICHAE~1\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=8FF22F347083EEC16D56485BDC6A8008EE6DDD0A ft=1 fh=9699786f8dc2d934 vn="Variante von Win32/AdWare.OxyPumper.C Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Michael Neumann\AppData\Roaming\DownloadManager\Hearthstone_Gold_Hack_2014_Installer.exe"
sh=AE0F5BB7CB73F7FF4CC866207F28944AB3330EA7 ft=1 fh=6e450a6c626ae491 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files\Dassault Systemes\B20\win_b64\startup\Manufacturing\ICAMPar\gener.exe"
sh=38009455E13D064F4F56812CF9F09CC0A5CD9EA5 ft=1 fh=6e450a6c50e2d870 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files\Dassault Systemes\B20\win_b64\startup\Manufacturing\ICAMPar\bin\win32\pos170gw.exe"
sh=D67810E36DCB5606CEE7584ADDC9E86FB6EFA5C0 ft=1 fh=6e450a6c0a08f2a0 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\MfgPPIGO2Imp.exe"
sh=E1030E1C88B9B8C5B26EB13AC3361DBF6B438F6F ft=1 fh=32681d974738e0fb vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files\Dassault Systemes\B21\win_b64\code\bin32\CATVBAHostingApplication.exe"
sh=B4AA320C8CC8F9063880117D21ED8CC8CC640282 ft=1 fh=32681d97a46163d0 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Battle.net\Battle.net.4930\battle.net.dll"
sh=8E8641312E856273A33FEAF3486F75B9FAA89C96 ft=1 fh=6e450a6cebef0851 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriver.exe"
sh=84FBCA68B28DA988104DE5D34013D58C0B1294AE ft=1 fh=6e450a6c2d02bf33 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Common Files\microsoft shared\PROOF\1033\MSGR3GE.DLL"
sh=40105238D5DD68A71BC8115719230FACBD5B26A0 ft=1 fh=6e450a6c0ed5dced vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Common Files\microsoft shared\TRANSLAT\FREN\MSB1FREN.DLL"
sh=D7298240E1713AEDB8AFF5299A92873D99F51651 ft=1 fh=32681d9714afae49 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\Common Files\microsoft shared\VBA\VBA6\APC62.dll"
sh=E9A49066C2312171C72ED71F244F06F77901F246 ft=1 fh=32681d9717cb9c24 vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\DivX\DivX Player\DPXPlugins\DPXDCFServicesPlugin.dll"
sh=93110A452CE27EAD48377354F6239A824A9565F7 ft=1 fh=32681d972db4b94c vn="Win32/Ramnit.A Virus" ac=I fn="C:\Program Files (x86)\DivX\DivX Transcode Engine\plugins\mcmcmimp_plugin.dll"
sh=F7520C75BAF8B06292581ED8CD73AC44892010EC ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\InstallMate\{498127E4-5486-46B0-A45B-1CA492620512}\Custom.dll"
sh=F7520C75BAF8B06292581ED8CD73AC44892010EC ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\InstallMate\{498127E4-5486-46B0-A45B-1CA492620512}\Custom.dll"
sh=0B967C7E2D799AA0728FCB6438E4C855BB60DA7F ft=0 fh=0000000000000000 vn="Variante von Win32/Packed.NoobyProtect.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip"
sh=8E11576A2D99F0900DF7B767B216F3813170EB97 ft=1 fh=103cd6974b4c4f5b vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2014 (de-DE)
Java 7 Update 51
Java version out of Date!
Adobe Flash Player 14.0.0.145
Adobe Reader XI
Mozilla Firefox (32.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-09-2014
Ran by Michael Neumann (administrator) on PC on 04-09-2014 16:19:52
Running from C:\Users\Michael Neumann\Desktop
Platform: Windows 7 Professional N Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Dassault Systemes) C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13423688 2013-02-26] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2201032 2014-04-02] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-03-12] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291128 2013-03-06] (Intel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-12-23] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2013-11-15] ()
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707472 2014-03-12] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-281873479-767526044-2589904799-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3675352 2013-10-28] (Disc Soft Ltd)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DeskDrive.lnk
ShortcutTarget: DeskDrive.lnk -> C:\Windows\Lion Skin Pack\DeskDrive\DeskDrive.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Finderbar.lnk
ShortcutTarget: Finderbar.lnk -> C:\Windows\Lion Skin Pack\Finderbar\Finderbar.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maComfort.lnk
ShortcutTarget: maComfort.lnk -> C:\Windows\Lion Skin Pack\maComfort\maComfort.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Refresh.lnk
ShortcutTarget: Refresh.lnk -> C:\Windows\Lion Skin Pack\Tools\Refresh.cmd (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RocketDock.lnk
ShortcutTarget: RocketDock.lnk -> C:\Windows\Lion Skin Pack\RocketDock\RocketDock.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UberIcon.lnk
ShortcutTarget: UberIcon.lnk -> C:\Windows\Lion Skin Pack\UberIcon\UberIcon.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinLaunch.lnk
ShortcutTarget: WinLaunch.lnk -> C:\Windows\Lion Skin Pack\WinLaunch\WinLaunch.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Winroll.lnk
ShortcutTarget: Winroll.lnk -> C:\Windows\Lion Skin Pack\Winroll\winroll.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\xwidget.lnk
ShortcutTarget: xwidget.lnk -> C:\Windows\Lion Skin Pack\xwidget\xwidget.exe (No File)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\YzShadow.lnk
ShortcutTarget: YzShadow.lnk -> C:\Windows\Lion Skin Pack\YzShadow\YzShadow.exe (No File)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/software/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre8\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre8\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 82.212.62.62 78.42.43.62
FireFox:
========
FF ProfilePath: C:\Users\Michael Neumann\AppData\Roaming\Mozilla\Firefox\Profiles\6crjv80j.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> C:\Program Files\Java\jre8\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-09-01] (Kaspersky Lab ZAO)
R2 BBDemon; C:\Program Files\Dassault Systemes\B21\win_b64\code\bin\CATSysDemon.exe [46592 2011-01-08] (Dassault Systemes) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1615192 2014-04-02] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [20541216 2014-04-02] (NVIDIA Corporation)
R2 Themes; C:\Windows\system32\themeservice.dll [44544 2014-05-30] (Microsoft Corporation) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21584 2013-02-19] ()
S1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1405000.01C\ccSetx64.sys [169048 2013-04-16] (Symantec Corporation)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-01-29] (Disc Soft Ltd)
S3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-01-27] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-27] (Symantec Corporation) [File not signed]
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-09-01] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-09-01] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-09-01] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-09-01] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-09-01] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-09-01] (Kaspersky Lab ZAO)
R1 LUMDriver; C:\Windows\system32\drivers\LUMDriver.sys [24848 2008-01-02] (IBM)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-21] (NVIDIA Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 ssudobex; C:\Windows\System32\DRIVERS\ssudobex.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2014-01-29] (Symantec Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2013-03-18] (Apple, Inc.) [File not signed]
S1 UsbCharger; C:\Windows\System32\DRIVERS\UsbCharger.sys [21072 2013-03-27] ()
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva64-6.sys [52592 2014-03-12] (Cisco Systems, Inc.)
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 16:15 - 2014-09-04 16:16 - 00029904 _____ () C:\Users\Michael Neumann\Desktop\SystemLook.txt
2014-09-04 16:14 - 2014-09-04 16:14 - 00165376 _____ () C:\Users\Michael Neumann\Desktop\SystemLook_x64.exe
2014-09-04 16:14 - 2014-09-04 16:14 - 00000780 _____ () C:\Users\Michael Neumann\Desktop\checkup.txt
2014-09-04 16:10 - 2014-09-04 16:10 - 00854417 _____ () C:\Users\Michael Neumann\Desktop\SecurityCheck.exe
2014-09-04 13:28 - 2014-09-04 13:28 - 02347384 _____ (ESET) C:\Users\Michael Neumann\Desktop\esetsmartinstaller_deu.exe
2014-09-03 13:14 - 2014-09-03 13:14 - 00026783 _____ () C:\Users\Michael Neumann\Desktop\Addition.txt
2014-09-03 13:10 - 2014-09-04 16:20 - 00018526 _____ () C:\Users\Michael Neumann\Desktop\FRST.txt
2014-09-03 12:46 - 2014-09-03 12:46 - 00011245 _____ () C:\Users\Michael Neumann\Desktop\zoek-results.log
2014-09-03 12:44 - 2014-09-03 12:46 - 00000691 _____ () C:\runcheck.txt
2014-09-03 12:44 - 2014-09-03 12:44 - 00000000 ____D () C:\zoek_backup
2014-09-03 12:43 - 2014-09-03 12:43 - 01288704 _____ () C:\Users\Michael Neumann\Desktop\zoek.exe
2014-09-03 12:39 - 2014-09-03 12:39 - 00005078 _____ () C:\Users\Michael Neumann\Desktop\AdwCleaner[S3].txt
2014-09-03 12:37 - 2014-09-03 12:37 - 01370483 _____ () C:\Users\Michael Neumann\Desktop\adwcleaner_3.309.exe
2014-09-03 10:21 - 2014-09-03 10:21 - 00027209 _____ () C:\Users\Michael Neumann\Downloads\Addition.txt
2014-09-03 10:20 - 2014-09-04 16:19 - 00000000 ____D () C:\FRST
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Desktop\FRST64.exe
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 18:01 - 2014-09-03 09:25 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-03-20 00:31 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\Key's (20.03.2014)
2014-09-01 16:40 - 2014-09-01 16:42 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:35 - 2012-07-11 17:09 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll
2014-09-01 16:34 - 2014-09-04 13:27 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-01 16:34 - 2014-09-01 17:01 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 16:34 - 2014-09-01 17:01 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:29 - 2014-09-01 17:27 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 16:28 - 2014-01-28 16:29 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\KIS2013
2014-08-31 14:28 - 2014-08-31 14:29 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:25 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 13:48 - 2014-08-31 14:45 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 13:39 - 2013-05-13 19:36 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\13.05.2013 2013
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:10 - 2014-08-31 11:11 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 20:21 - 2013-12-23 08:40 - 00000102 _____ () C:\Users\Michael Neumann\Downloads\ReadME.nfo
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:51 - 2014-08-08 09:52 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-05 20:41 - 2014-08-23 20:48 - 00000000 ____D () C:\Windows\Minidump
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:23 - 2014-08-05 19:26 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:22 - 2014-08-05 19:34 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:15 - 2014-08-28 11:53 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-04 16:20 - 2014-09-03 13:10 - 00018526 _____ () C:\Users\Michael Neumann\Desktop\FRST.txt
2014-09-04 16:19 - 2014-09-03 10:20 - 00000000 ____D () C:\FRST
2014-09-04 16:16 - 2014-09-04 16:15 - 00029904 _____ () C:\Users\Michael Neumann\Desktop\SystemLook.txt
2014-09-04 16:14 - 2014-09-04 16:14 - 00165376 _____ () C:\Users\Michael Neumann\Desktop\SystemLook_x64.exe
2014-09-04 16:14 - 2014-09-04 16:14 - 00000780 _____ () C:\Users\Michael Neumann\Desktop\checkup.txt
2014-09-04 16:13 - 2014-04-08 21:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-04 16:10 - 2014-09-04 16:10 - 00854417 _____ () C:\Users\Michael Neumann\Desktop\SecurityCheck.exe
2014-09-04 16:00 - 2014-01-27 19:20 - 01635550 _____ () C:\Windows\WindowsUpdate.log
2014-09-04 13:33 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:33 - 2009-07-14 06:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-04 13:28 - 2014-09-04 13:28 - 02347384 _____ (ESET) C:\Users\Michael Neumann\Desktop\esetsmartinstaller_deu.exe
2014-09-04 13:27 - 2014-09-01 16:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-09-04 13:25 - 2014-06-18 14:17 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-09-04 13:25 - 2014-01-28 12:27 - 00174266 _____ () C:\Windows\setupact.log
2014-09-04 13:25 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-04 13:24 - 2014-01-28 12:27 - 00457098 _____ () C:\Windows\PFRO.log
2014-09-04 13:24 - 2014-01-27 21:26 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-09-04 13:19 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-09-04 12:37 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Battle.net
2014-09-03 13:14 - 2014-09-03 13:14 - 00026783 _____ () C:\Users\Michael Neumann\Desktop\Addition.txt
2014-09-03 13:09 - 2014-06-12 11:17 - 00000000 ____D () C:\AdwCleaner
2014-09-03 12:46 - 2014-09-03 12:46 - 00011245 _____ () C:\Users\Michael Neumann\Desktop\zoek-results.log
2014-09-03 12:46 - 2014-09-03 12:44 - 00000691 _____ () C:\runcheck.txt
2014-09-03 12:44 - 2014-09-03 12:44 - 00000000 ____D () C:\zoek_backup
2014-09-03 12:43 - 2014-09-03 12:43 - 01288704 _____ () C:\Users\Michael Neumann\Desktop\zoek.exe
2014-09-03 12:39 - 2014-09-03 12:39 - 00005078 _____ () C:\Users\Michael Neumann\Desktop\AdwCleaner[S3].txt
2014-09-03 12:39 - 2014-02-02 12:39 - 00001003 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-09-03 12:39 - 2014-01-27 19:24 - 00001186 _____ () C:\Users\Michael Neumann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-03 12:37 - 2014-09-03 12:37 - 01370483 _____ () C:\Users\Michael Neumann\Desktop\adwcleaner_3.309.exe
2014-09-03 10:21 - 2014-09-03 10:21 - 00027209 _____ () C:\Users\Michael Neumann\Downloads\Addition.txt
2014-09-03 09:41 - 2014-09-03 09:41 - 02104832 _____ (Farbar) C:\Users\Michael Neumann\Desktop\FRST64.exe
2014-09-03 09:25 - 2014-09-01 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-02 19:28 - 2014-09-02 19:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-02 19:06 - 2014-01-27 21:43 - 00000000 ____D () C:\ProgramData\Battle.net
2014-09-01 18:49 - 2014-04-12 11:34 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-09-01 18:02 - 2014-09-01 18:02 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-01 18:02 - 2014-09-01 18:02 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-01 17:58 - 2011-04-12 10:14 - 00697658 _____ () C:\Windows\system32\perfh007.dat
2014-09-01 17:58 - 2011-04-12 10:14 - 00148452 _____ () C:\Windows\system32\perfc007.dat
2014-09-01 17:58 - 2009-07-14 07:12 - 01615906 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-01 17:50 - 2014-04-09 15:56 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-01 17:27 - 2014-09-01 16:29 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\16242
2014-09-01 17:01 - 2014-09-01 16:34 - 00628320 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-09-01 17:01 - 2014-09-01 16:34 - 00091008 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2014-09-01 17:01 - 2012-10-25 12:42 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-09-01 17:01 - 2012-08-13 16:49 - 00178448 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-09-01 17:01 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2014-09-01 17:01 - 2012-06-19 17:28 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-09-01 17:01 - 2012-06-08 11:38 - 00054368 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2014-09-01 16:44 - 2014-09-01 16:44 - 00262144 _____ () C:\Windows\system32\config\elam
2014-09-01 16:42 - 2014-09-01 16:40 - 05454761 _____ () C:\Users\Michael Neumann\Downloads\(20.03.2014).7z
2014-09-01 16:36 - 2014-09-01 16:36 - 00002340 _____ () C:\Users\Michael Neumann\Desktop\Sicherer Zahlungsverkehr.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00001146 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security 2013.lnk
2014-09-01 16:35 - 2014-09-01 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2013
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-09-01 16:34 - 2014-09-01 16:34 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-09-01 16:28 - 2014-02-03 23:18 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\CrashDumps
2014-09-01 12:20 - 2014-01-27 21:49 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-08-31 14:45 - 2014-08-31 13:48 - 176554007 _____ () C:\Users\Michael Neumann\Downloads\KIS2013.7z
2014-08-31 14:29 - 2014-08-31 14:28 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Kofferraumwanne
2014-08-31 14:28 - 2014-08-31 14:25 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Reifen
2014-08-31 12:36 - 2014-08-31 12:36 - 05729683 _____ () C:\Users\Michael Neumann\Downloads\13.05.2013-2013.rar
2014-08-31 11:15 - 2014-01-27 20:43 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-31 11:14 - 2014-01-27 20:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Google
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-31 11:11 - 2014-08-31 11:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael Neumann\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-08-28 11:53 - 2014-08-05 19:15 - 00000000 ____D () C:\Users\Michael Neumann\workspace
2014-08-28 11:44 - 2014-04-10 16:43 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\Eclipse
2014-08-28 11:41 - 2014-04-10 16:35 - 00000000 ____D () C:\Users\Michael Neumann\Downloads\eclipse
2014-08-27 15:13 - 2014-01-28 19:44 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\Datenbank
2014-08-23 20:48 - 2014-08-05 20:41 - 00000000 ____D () C:\Windows\Minidump
2014-08-23 20:47 - 2014-05-30 10:01 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Local\TempDIR
2014-08-23 20:39 - 2014-08-23 20:39 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-23 20:39 - 2014-04-09 15:56 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-08-23 20:35 - 2014-08-23 20:35 - 00244408 _____ () C:\Users\Michael Neumann\Downloads\Firefox Setup Stub 31.0.exe
2014-08-23 20:29 - 2014-08-23 20:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstr_01009.Wdf
2014-08-23 17:31 - 2014-08-23 17:31 - 10234193 _____ () C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
2014-08-22 20:10 - 2014-01-27 21:45 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-08-20 10:05 - 2014-08-20 10:05 - 00002009 _____ () C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2014-08-20 10:05 - 2014-08-20 10:05 - 00000000 ____D () C:\ProgramData\Canon IJ Network Tool
2014-08-20 10:05 - 2014-02-19 12:00 - 00000000 ____D () C:\Program Files (x86)\Canon
2014-08-20 10:05 - 2009-07-14 05:20 - 00000000 __RSD () C:\Windows\Media
2014-08-20 09:56 - 2014-02-19 12:34 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Canon
2014-08-14 19:53 - 2009-07-14 07:38 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-08-13 20:27 - 2014-01-27 21:45 - 00000000 ____D () C:\Users\Michael Neumann\AppData\Roaming\Battle.net
2014-08-12 19:35 - 2014-07-30 12:47 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-08-08 09:52 - 2014-08-08 09:52 - 00000008 _____ () C:\Users\Michael Neumann\Downloads\ees_version.txt
2014-08-08 09:52 - 2014-08-08 09:51 - 10692651 _____ (F-Chart Software) C:\Users\Michael Neumann\Downloads\Dampftafel_ITW_52014.EXE
2014-08-07 12:22 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-05 20:41 - 2014-08-05 20:41 - 00338400 _____ () C:\Windows\Minidump\080514-24117-01.dmp
2014-08-05 20:40 - 2014-08-05 20:40 - 736190357 _____ () C:\Windows\MEMORY.DMP
2014-08-05 19:34 - 2014-08-05 19:22 - 00000000 ____D () C:\Users\Michael Neumann\Desktop\eclipse
2014-08-05 19:26 - 2014-08-05 19:23 - 00000000 ____D () C:\Users\Michael Neumann\workspace2
2014-08-05 19:23 - 2014-01-27 19:23 - 00000000 ____D () C:\Users\Michael Neumann
2014-08-05 18:32 - 2014-08-05 18:32 - 215807131 _____ () C:\Users\Michael Neumann\Downloads\eclipse-standard-luna-R-win32-x86_64.zip
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-30 18:36
==================== End Of Log ============================
--- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 03-09-2014
Ran by Michael Neumann at 2014-09-04 16:20:28
Running from C:\Users\Michael Neumann\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2007 Microsoft Office Suite Service Pack 2 (SP2) (HKLM-x32\...\{90120000-0012-0000-0000-0000000FF1CE}_STANDARD_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 2 (SP2) (x32 Version: - Microsoft) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Cisco AnyConnect Secure Mobility Client (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05160 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05160 - Cisco Systems, Inc.) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.48.1.0347 - Disc Soft Ltd)
Dassault Systemes Software B20_1 (HKLM\...\Dassault Systemes B20_2) (Version: - )
Dassault Systemes Software B21 (HKLM\...\Dassault Systemes B21_0) (Version: - )
Dassault Systemes Software Prerequisites x86-x64 (HKLM\...\{CF1EB598-B424-436A-B15F-B763846BA970}) (Version: 8.1.3 - Dassault Systemes)
Dassault Systemes Software VC9 Prerequisites x86-x64 (HKLM\...\{F2F2DEA7-36AB-4E13-907C-D8BDE775EF97}) (Version: 9.1.2 - Dassault Systemes)
DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.90 - DivX, LLC)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Firefall (HKLM-x32\...\Steam App 227700) (Version: - Red 5 Studios)
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1011 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1323 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3071 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.0.1083 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.0.1083 - Intel Corporation) Hidden
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.0.0.100 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java 8 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418000FF}) (Version: 8.0.0 - Oracle Corporation)
Java Auto Updater (x32 Version: 2.8.00.132 - Oracle, Inc.) Hidden
Java SE Development Kit 8 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180000}) (Version: 8.0.0 - Oracle Corporation)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LWS Facebook (x32 Version: 13.50.854.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.51.827.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.51.828.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.51.815.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Standard 2007 (HKLM-x32\...\STANDARD) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Office Standard 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0 (x86 de)) (Version: 32.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.0 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.151.1095 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 12.4.55 (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 12.4.55 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.22 (Version: 1.2.22 - NVIDIA Corporation) Hidden
ON_OFF Charge 2 B13.0403.1 (HKLM-x32\...\InstallShield_{6B4ED6F7-BB88-4945-B0C6-01410E1BAC3A}) (Version: 1.00.0000 - GIGABYTE)
ON_OFF Charge 2 B13.0403.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
ON_OFF Charge B13.0403.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
PDF24 Creator 6.3.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.65.1025.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SHIELD Streaming (Version: 1.8.323 - NVIDIA Corporation) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (HKLM-x32\...\{8E34682C-8118-31F1-BC4C-98CD9675E1C2}.KB2836939v3) (Version: 3 - Microsoft Corporation)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Visual Basic for Applications (R) Core - English (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.32 - Microsoft Corporation) Hidden
Visual Basic for Applications (R) Core (x32 Version: 6.5.10.53 - Microsoft Corporation) Hidden
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
WinRAR 5.01 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
20-08-2014 08:41:00 Geplanter Prüfpunkt
23-08-2014 18:30:28 Revo Uninstaller's restore point - Software Version Updater
23-08-2014 18:31:59 Revo Uninstaller's restore point - istartsurf uninstall
23-08-2014 18:33:36 Revo Uninstaller's restore point - Remote Desktop Access (VuuPC)
23-08-2014 18:33:59 Revo Uninstaller's restore point - Re-markit
23-08-2014 18:34:54 Revo Uninstaller's restore point - WindowsMangerProtect20.0.0.722
23-08-2014 18:36:26 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
23-08-2014 18:37:04 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:12:29 Revo Uninstaller's restore point - Software Version Updater
31-08-2014 09:13:40 Revo Uninstaller's restore point - istartsurf uninstall
31-08-2014 09:14:21 Revo Uninstaller's restore point - Google Chrome
31-08-2014 09:15:46 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
01-09-2014 15:49:37 Revo Uninstaller's restore point - istartsurf uninstall
01-09-2014 15:50:32 Revo Uninstaller's restore point - World of Warcraft
01-09-2014 15:52:05 Revo Uninstaller's restore point - Mozilla Firefox 31.0 (x86 de)
03-09-2014 10:46:17 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {650786E9-0D94-47B5-A15F-7827DE3B1990} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {87DDEFD6-2E05-4EEF-B466-C664FA782BAC} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe
Task: {CFEC6FC1-D9AA-489F-A71E-3256E75A0B31} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe
Task: {FDB2942C-B82F-47E1-BFB8-197B10705364} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-07-10] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-27 21:26 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-27 19:55 - 2013-03-19 15:25 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-11-15 02:48 - 2013-11-15 02:48 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2014-03-12 22:53 - 2014-03-12 22:53 - 00063376 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-11-15 02:49 - 2013-11-15 02:49 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 01:38 - 2012-09-13 01:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-09-02 19:28 - 2014-09-02 19:28 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-27 20:48 - 2013-03-12 14:19 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-07-10 16:13 - 2014-07-10 16:13 - 17029808 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: Norton Internet Security Settings Manager
Description: Norton Internet Security Settings Manager
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ccSet_NIS
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/04/2014 04:08:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/04/2014 01:30:46 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/04/2014 01:28:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/04/2014 01:28:47 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/04/2014 01:28:38 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/04/2014 01:26:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/04/2014 01:14:31 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/04/2014 00:11:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/04/2014 09:14:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/03/2014 05:47:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (09/04/2014 01:26:34 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/04/2014 01:14:23 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/04/2014 00:10:59 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/04/2014 09:14:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 05:47:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 01:09:21 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 00:41:42 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 00:32:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/03/2014 09:27:12 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Error: (09/02/2014 07:06:39 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ccSet_NIS
UsbCharger
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-4570 CPU @ 3.20GHz
Percentage of memory in use: 29%
Total physical RAM: 8070.8 MB
Available physical RAM: 5701.62 MB
Total Pagefile: 16139.77 MB
Available Pagefile: 13326.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:792.26 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 8F2604F7)
Partition 1: (Active) - (Size=931.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.09.2014, 16:24
| #9 | |
| /// TB-Ausbilder | System clean? Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
|
|
04.09.2014, 17:57
| #10 |
| | System clean? so hier: https://www.virustotal.com/de/file/948cd167e2325350ba898efecb84bf0a283bcd382f22ea705794fa59f52f1eb4/analysis/1409849742/ |
|
04.09.2014, 18:16
| #11 |
| /// TB-Ausbilder | System clean? Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
C:\ProgramData\InstallMate
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reboot:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Hinweis: Registry Cleaner Ich sehe, dass du sogenannte Registry Cleaner installiert hast. In deinem Fall TuneUp Utilities 2014. Wir raten von der Verwendung jeglicher Art von Registry Cleaner ab. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Man sollte nicht unnötigerweise an der Registry rumbasteln. Schon ein kleiner Fehler kann gravierende Folgen haben und auch Programme machen manchmal Fehler. Zerstörst du die Registry, zerstörst du Windows. Zudem ist der Nutzen zur Performancesteigerung umstritten und meist kaum im wahrnehmbaren Bereich. Ich würde dir empfehlen, Registry Cleaner nicht weiterhin zu verwenden und über Start --> Systemsteuerung --> Software (bei Windows XP)zu deinstallieren. Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern. Ändere regelmäßig alle deine Passwörter, jetzt nach der Bereinigung ist ein idealer Zeitpunkt dafür!
Schritt 1 Du verwendest veraltete Software auf deinem Rechner, was ein Sicherheitsrisiko darstellt. Daher solltest du veraltete Software deinstallieren und anschließend die aktuellste Version installieren. Folge dem Pfad Start > Systemsteuerung > Sofware / Programme deinstallieren. Deinstalliere die folgenden Programme von deinem Rechner:
Downloade und installiere dir bitte nun:Starte deinen Rechner nach der Installation neu auf. Schritt 2 Die Reihenfolge ist hier entscheidend.
Schritt 3 Abschließend habe ich noch ein paar Tipps zur Absicherung deines Systems. Ich kann gar nicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti-Viren-Programm und zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden. Mozilla Firefox
Performance
Was du vermeiden solltest:
Nun bleibt mir nur noch dir viel Spaß beim sicheren Surfen zu wünschen... ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
05.09.2014, 15:12
| #12 |
| | System clean? Tuneup 2014 hab ich gar net installiert. Hab geschaut und es nicht drauf. Oder ist es unsichtbar? So, Schritt 2 weiß ich nicht was ich damit anfangen soll?? hier Logdatei: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-09-2014
Ran by Michael Neumann at 2014-09-05 16:06:57 Run:2
Running from C:\Users\Michael Neumann\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
C:\ProgramData\InstallMate
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Reboot:
end
*****************
C:\ProgramData\InstallMate => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
C:\Users\Michael Neumann\Downloads\HearthCrawl v27 R338.zip => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
The system needed a reboot.
==== End of Fixlog ====
|
|
06.09.2014, 10:35
| #13 | ||
| /// TB-Ausbilder | System clean?Zitat:
Zitat:
 Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank!  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
06.09.2014, 16:14
| #14 |
| | System clean? Ok, ja ich meinte dieses Defogger und Combofix hat mich irritiert. Aber ok. Aber ansonsten Top-Arbeit von dir!!! Ich bedanke mich an dieser Stelle nochmals für den sehr guten Support!!! |
|
Linear-Darstellung
