| |
| |||||||
Log-Analyse und Auswertung: Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.09.2014, 14:50
| #1 |
| |  Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Hallo zusammen, ich wollte heute für das Spiel Minecraft ein zusätzliches Paket (MCPatcher) installieren und habe bei der hektischen Google-Suche und Installation leider ein inoffizielles Setup-Paket heruntergeladen und installiert. Ich habe zwar bei der Installation darauf geachtet, immer "Benutzerdefiniert" auszuwählen und habe die die ganzen "Zusatzprogramme" abgewählt aber es wurde anscheinend trotzdem einiger Müll installiert. Leider dachte ich zunächst an ein harmlose Adware, die ich selber entfernen kann, aber es wurde dann doch mehr. Daher habe ich Regel 1 nicht beachtet. :-( Zuerst habe ich die veränderte Firefox-Startseite (istartsurf.com) und die geänderte Standardsuche bemerkt. Dann sah ich ein neues Tray-Icon, welches ich nicht beenden konnte. Was habe ich bereits getan? 1.) Firefox-Startseite und Suche wieder zurückgesetzt sowie den IE vollständig resettet. 2.) Verdächtige/unbekannte Prozesse geschlossen, doch dann merkte ich, dass diese immer nachgestartet werden. 3.) Daraufhin habe ich ein Dienst, den ich mit istartsurf.com in Verbidnung gebracht habe gestoppt und konnte dann die Tasks auch beenden. 4.) Unter Programme und Funktionen, habe ich eine Adware gefunden und deinstalliert. 5.) Vollständigen Virenscan durchgeführt (AVAST Free). Ergebnis: keine Funde 6.) Malwarebytes Anti-Malware installiert und ausgeführt (Scan+Bereinigung). Ergbnis: Über 100 Funde (siehe Log). 7.) Adware Cleaner installiert und ausgeführt (Scan+Bereinigung). Egebnis: Mehrere Funde (siehe Log). Dabei habe ich gemerkt, dass es mich richtig getroffen hat und daher bitte ich jetzt hier um Hilfe. Tut mir leid, dass ich nicht gleich gekommen bin. Hier die Logs: Malwarebytes Anti-Malware Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.09.2014 Suchlauf-Zeit: 12:19:33 Logdatei: Malwarebytes Anti-Malware .txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.21.02 Rootkit Datenbank: v2014.09.19.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: MyName Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 448965 Verstrichene Zeit: 16 Min, 27 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert (***LOG zu groß -> siehe Malwarebytes Anti-Malware.txt im Anhang***) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 12:57:16
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : MyName - HPNOTEBOOK
# Gestartet von : C:\Users\MyName\Downloads\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\NCH Software
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\NCH Software
Ordner Gelöscht : C:\Users\User2\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\MyName\AppData\Roaming\NCH Software
Ordner Gelöscht : C:\Users\User1\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\User1\AppData\Roaming\NCH Software
Datei Gelöscht : C:\END
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\User2\AppData\Roaming\Mozilla\Firefox\Profiles\sfgv9b1y.default\prefs.js ]
[ Datei : C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Ixquick hxxpS - Deutsch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Ixquick hxxpS - Deutsch");
Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxps://ixquick.com/do/search?language=deutsch&cat=web&query=");
[ Datei : C:\Users\User1\AppData\Roaming\Mozilla\Firefox\Profiles\lg2zq0n0.default\prefs.js ]
Zeile gelöscht : user_pref("CT2481020_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1356266447482,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2481020&SearchSource=13&CUI=SB_CUI");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo DE Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481020");
Zeile gelöscht : user_pref("extensions.fvd_single.surfcanyon.ramp.start_time", "1394100699518");
[ Datei : C:\Users\Uwe\AppData\Roaming\Mozilla\Firefox\Profiles\jy05i4cu.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [4995 octets] - [21/09/2014 12:50:47]
AdwCleaner[R1].txt - [5055 octets] - [21/09/2014 12:56:25]
AdwCleaner[S0].txt - [4666 octets] - [21/09/2014 12:57:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4726 octets] ##########
Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:24 on 21/09/2014 (MyName)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by MyName (administrator) on HPNOTEBOOK on 21-09-2014 14:09:29
Running from C:\Users\MyName\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-07] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2945080 2011-09-12] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-09-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\MountPoints2: {dc0b97a8-7fde-11e1-abcd-806e6f6e6963} - G:\LaunchBFII.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-4219148564-3154154102-1992973587-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-10-18] (Macrovision Europe Ltd.) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-02-09] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-08-02] ()
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [12306848 2011-08-31] (Intel Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-08-02] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
U3 fwtdyaog; \??\C:\Users\MyName\AppData\Local\Temp\fwtdyaog.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 13:57 - 2014-09-21 14:09 - 00018384 _____ () C:\Users\MyName\Downloads\FRST.txt
2014-09-21 13:39 - 2014-09-21 13:39 - 00279208 _____ () C:\windows\Minidump\092114-25412-01.dmp
2014-09-21 13:38 - 2014-09-21 13:38 - 730026222 _____ () C:\windows\MEMORY.DMP
2014-09-21 13:26 - 2014-09-21 14:09 - 00000000 ____D () C:\FRST
2014-09-21 13:25 - 2014-09-21 13:25 - 00380416 _____ () C:\Users\MyName\Downloads\om9b1lo0.exe
2014-09-21 13:24 - 2014-09-21 13:25 - 02105856 _____ (Farbar) C:\Users\MyName\Downloads\FRST64.exe
2014-09-21 13:24 - 2014-09-21 13:24 - 00000474 _____ () C:\Users\MyName\Downloads\defogger_disable.log
2014-09-21 13:24 - 2014-09-21 13:24 - 00000000 _____ () C:\Users\MyName\defogger_reenable
2014-09-21 13:23 - 2014-09-21 13:23 - 00050477 _____ () C:\Users\MyName\Downloads\Defogger.exe
2014-09-21 13:14 - 2014-09-21 13:14 - 00024041 _____ () C:\Users\MyName\Desktop\ Malwarebytes Anti-Malware .txt
2014-09-21 13:00 - 2014-09-21 13:00 - 00004826 _____ () C:\Users\MyName\Desktop\AdwCleaner[S0].txt
2014-09-21 12:50 - 2014-09-21 13:02 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:18 - 2014-09-21 13:54 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 12:17 - 2014-09-21 12:17 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-21 12:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-21 12:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\MyName\Downloads\AdwCleaner_3.310.exe
2014-09-21 12:09 - 2014-09-21 12:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MyName\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieUserList
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieSiteList
2014-09-21 10:04 - 2014-09-21 10:04 - 00003156 _____ () C:\windows\System32\Tasks\{F0DF3150-D166-46B9-9AB5-8C24B34019A2}
2014-09-19 23:43 - 2014-09-19 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:07 - 2014-09-19 19:20 - 00260017 _____ () C:\windows\DirectX.log
2014-09-14 14:10 - 2014-09-14 14:10 - 00000000 ____D () C:\ProgramData\Intel
2014-09-14 14:10 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-09-14 14:10 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-14 14:04 - 2014-09-14 14:04 - 00000000 ____D () C:\Users\MyName\SystemRequirementsLab
2014-09-14 13:54 - 2014-09-14 13:54 - 00000219 _____ () C:\Users\MyName\Desktop\Dota 2.url
2014-09-12 00:09 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-12 00:09 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-12 00:09 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-12 00:09 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-12 00:09 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-12 00:09 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-12 00:09 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-12 00:09 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-12 00:09 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-12 00:09 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-12 00:09 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-12 00:09 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-12 00:09 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-12 00:09 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-12 00:09 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-12 00:09 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-12 00:09 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-12 00:09 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:09 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-12 00:09 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-12 00:09 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:09 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-12 00:09 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:09 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:09 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-12 00:09 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-12 00:09 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-12 00:09 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-12 00:09 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-12 00:09 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-12 00:09 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-12 00:09 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-12 00:09 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-12 00:09 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-12 00:09 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-12 00:09 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:09 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-12 00:09 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-12 00:09 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-12 00:09 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-12 00:09 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-12 00:09 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-12 00:09 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-12 00:09 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-12 00:09 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:09 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-12 00:09 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-12 00:09 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-12 00:09 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-12 00:09 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-12 00:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-12 00:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 10:53 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 10:53 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 10:53 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 10:53 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 10:53 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 10:53 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 10:53 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-11 10:52 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-11 10:52 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 10:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 10:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-09 12:30 - 2014-09-09 12:30 - 00001151 _____ () C:\Users\User1\Desktop\INtex Hausverwaltung.lnk
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Roaming\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Local\FileMaker
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INtex Hausverwaltung 10
2014-09-09 12:29 - 2014-09-09 19:59 - 00000000 ____D () C:\Program Files (x86)\INtex Hausverwaltung 10
2014-09-09 12:28 - 2014-09-09 12:28 - 22176096 _____ (INtex Publishing ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager [1].exe
2014-09-09 12:23 - 2014-09-09 12:24 - 00816064 _____ ( ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager.exe
2014-09-07 16:30 - 2014-09-07 16:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-07 16:27 - 2014-09-07 16:27 - 00056100 _____ () C:\windows\SysWOW64\CCCInstall_201409071627426592.log
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\AMD
2014-09-07 16:15 - 2014-09-07 16:15 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-09-07 16:13 - 2011-09-12 17:05 - 00003917 _____ () C:\windows\SysWOW64\atipblup.dat
2014-09-07 16:13 - 2011-09-12 17:05 - 00003917 _____ () C:\windows\system32\atipblup.dat
2014-09-07 16:12 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\ATI
2014-09-07 16:11 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-07 16:06 - 2014-09-21 12:58 - 00039234 _____ () C:\windows\PFRO.log
2014-09-07 16:05 - 2014-09-21 13:53 - 00001516 _____ () C:\windows\setupact.log
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 15:52 - 2014-09-07 15:52 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 15:13 - 2014-09-07 15:13 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Oracle
2014-09-07 15:08 - 2014-09-07 15:08 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 14:57 - 2014-09-07 14:57 - 00061609 _____ () C:\4ce94848-0159-4de0-a640-7fb2c9095920.dmp
2014-09-07 14:55 - 2014-09-07 14:55 - 00063761 _____ () C:\97b2af29-b4a4-4108-af20-fb688ea36072.dmp
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-09-06 18:47 - 2014-09-14 14:08 - 00000000 ____D () C:\Intel
2014-09-06 17:47 - 2014-09-06 17:47 - 00872152 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-09-06 17:47 - 2014-09-06 17:47 - 00074456 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-09-06 17:47 - 2014-09-06 17:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-06 17:46 - 2014-09-06 17:46 - 00175928 _____ (JMicron Technology Corporation) C:\windows\system32\Drivers\jmcr.sys
2014-09-06 17:43 - 2014-09-06 17:45 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-06 17:43 - 2014-09-06 17:43 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-06 17:42 - 2014-09-06 17:42 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-09-06 17:42 - 2014-09-06 17:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00026416 _____ () C:\windows\system32\pca-manta.bin
2014-09-06 17:42 - 2014-09-06 17:42 - 00000092 _____ () C:\windows\system32\calibration.bin
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Hewlett-Packard Company
2014-09-06 17:16 - 2014-09-06 17:16 - 00000000 ____D () C:\Users\User2\AppData\Roaming\java
2014-09-06 10:28 - 2014-09-06 17:49 - 00000000 ____D () C:\ProgramData\HP
2014-09-06 10:28 - 2014-09-06 10:28 - 00000000 ____D () C:\HPSDM
2014-09-06 10:25 - 2014-09-06 10:26 - 20578280 _____ (Hewlett-Packard Company ) C:\Users\MyName\Downloads\HP_SDM_Setup.exe
2014-09-06 10:18 - 2014-09-06 10:18 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\java
2014-09-06 10:17 - 2014-09-06 10:17 - 00000000 ____D () C:\Program Files\Java
2014-09-06 10:05 - 2014-09-06 10:05 - 00675988 _____ () C:\Users\MyName\Downloads\Minecraft(1).exe
2014-08-30 09:00 - 2014-08-30 09:00 - 00803691 _____ () C:\Users\User2\Documents\transfer1.xps
2014-08-28 19:44 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 19:44 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 19:44 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 14:09 - 2014-09-21 13:57 - 00018384 _____ () C:\Users\MyName\Downloads\FRST.txt
2014-09-21 14:09 - 2014-09-21 13:26 - 00000000 ____D () C:\FRST
2014-09-21 14:01 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 14:01 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 13:58 - 2011-12-25 06:04 - 00702388 _____ () C:\windows\system32\perfh007.dat
2014-09-21 13:58 - 2011-12-25 06:04 - 00151022 _____ () C:\windows\system32\perfc007.dat
2014-09-21 13:58 - 2009-07-14 07:13 - 01628890 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-21 13:57 - 2012-04-06 13:37 - 01110237 _____ () C:\windows\WindowsUpdate.log
2014-09-21 13:54 - 2014-09-21 12:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 13:54 - 2012-04-06 13:52 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-09-21 13:54 - 2011-12-25 07:21 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-21 13:53 - 2014-09-07 16:05 - 00001516 _____ () C:\windows\setupact.log
2014-09-21 13:53 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\VMware
2014-09-21 13:53 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-21 13:48 - 2012-11-03 20:55 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\XnViewMP
2014-09-21 13:46 - 2012-11-01 22:06 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{791ECB16-7748-46C6-B6AA-9CC3D6972430}
2014-09-21 13:44 - 2012-11-01 22:07 - 00000000 ____D () C:\Users\MyName\Documents\Bluetooth Folder
2014-09-21 13:40 - 2014-01-15 14:53 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-21 13:39 - 2014-09-21 13:39 - 00279208 _____ () C:\windows\Minidump\092114-25412-01.dmp
2014-09-21 13:39 - 2013-01-07 11:59 - 00000000 ____D () C:\windows\Minidump
2014-09-21 13:38 - 2014-09-21 13:38 - 730026222 _____ () C:\windows\MEMORY.DMP
2014-09-21 13:25 - 2014-09-21 13:25 - 00380416 _____ () C:\Users\MyName\Downloads\om9b1lo0.exe
2014-09-21 13:25 - 2014-09-21 13:24 - 02105856 _____ (Farbar) C:\Users\MyName\Downloads\FRST64.exe
2014-09-21 13:24 - 2014-09-21 13:24 - 00000474 _____ () C:\Users\MyName\Downloads\defogger_disable.log
2014-09-21 13:24 - 2014-09-21 13:24 - 00000000 _____ () C:\Users\MyName\defogger_reenable
2014-09-21 13:24 - 2012-11-01 22:06 - 00000000 ____D () C:\Users\MyName
2014-09-21 13:23 - 2014-09-21 13:23 - 00050477 _____ () C:\Users\MyName\Downloads\Defogger.exe
2014-09-21 13:22 - 2012-09-15 14:11 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 13:14 - 2014-09-21 13:14 - 00024041 _____ () C:\Users\MyName\Desktop\ Malwarebytes Anti-Malware .txt
2014-09-21 13:02 - 2014-09-21 12:50 - 00000000 ____D () C:\AdwCleaner
2014-09-21 13:00 - 2014-09-21 13:00 - 00004826 _____ () C:\Users\MyName\Desktop\AdwCleaner[S0].txt
2014-09-21 12:58 - 2014-09-07 16:06 - 00039234 _____ () C:\windows\PFRO.log
2014-09-21 12:43 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PLA
2014-09-21 12:17 - 2014-09-21 12:17 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\MyName\Downloads\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MyName\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieUserList
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieSiteList
2014-09-21 11:55 - 2013-02-02 23:23 - 00000000 ____D () C:\Users\MyName\AppData\Local\CrashDumps
2014-09-21 11:48 - 2012-11-03 20:32 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-21 10:05 - 2013-03-02 12:36 - 00000000 ____D () C:\Users\User2\Documents\Bluetooth Folder
2014-09-21 10:05 - 2012-11-01 22:06 - 00001425 _____ () C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 10:05 - 2012-09-10 20:57 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 10:05 - 2012-09-10 20:57 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 10:04 - 2014-09-21 10:04 - 00003156 _____ () C:\windows\System32\Tasks\{F0DF3150-D166-46B9-9AB5-8C24B34019A2}
2014-09-21 08:21 - 2014-01-18 21:28 - 00000000 ____D () C:\Users\User2\AppData\Roaming\.minecraft
2014-09-21 08:21 - 2013-03-02 12:35 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{76E34C46-0F60-4FBC-A6A1-E13060845810}
2014-09-21 08:17 - 2012-09-10 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 23:43 - 2014-09-19 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:20 - 2014-09-14 16:07 - 00260017 _____ () C:\windows\DirectX.log
2014-09-19 19:20 - 2014-03-18 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 10:44 - 2012-09-10 20:35 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{B198A42B-7342-457A-82F7-21F274254314}
2014-09-14 17:25 - 2013-05-18 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 14:18 - 2014-01-18 21:25 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\.minecraft
2014-09-14 14:10 - 2014-09-14 14:10 - 00000000 ____D () C:\ProgramData\Intel
2014-09-14 14:10 - 2011-12-25 06:50 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-14 14:08 - 2014-09-06 18:47 - 00000000 ____D () C:\Intel
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-14 14:04 - 2014-09-14 14:04 - 00000000 ____D () C:\Users\MyName\SystemRequirementsLab
2014-09-14 13:54 - 2014-09-14 13:54 - 00000219 _____ () C:\Users\MyName\Desktop\Dota 2.url
2014-09-14 13:54 - 2014-03-16 12:46 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-14 11:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-13 23:38 - 2012-09-10 22:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\XnView
2014-09-12 17:09 - 2014-07-02 18:50 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\vlc
2014-09-12 16:52 - 2014-07-02 18:47 - 00000000 ____D () C:\Users\MyName\.mediathek3
2014-09-12 00:08 - 2011-12-25 06:48 - 01603170 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:07 - 2013-08-14 21:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 00:01 - 2012-09-14 21:57 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 00:00 - 2014-05-07 19:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 14:20 - 2012-09-15 14:11 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 14:20 - 2012-09-15 14:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 14:20 - 2012-09-15 14:11 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:59 - 2014-09-09 12:29 - 00000000 ____D () C:\Program Files (x86)\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00001151 _____ () C:\Users\User1\Desktop\INtex Hausverwaltung.lnk
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Roaming\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Local\FileMaker
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INtex Hausverwaltung 10
2014-09-09 12:28 - 2014-09-09 12:28 - 22176096 _____ (INtex Publishing ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager [1].exe
2014-09-09 12:24 - 2014-09-09 12:23 - 00816064 _____ ( ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager.exe
2014-09-07 19:22 - 2012-09-15 14:42 - 00000000 ____D () C:\Users\User1\AppData\Local\CrashDumps
2014-09-07 16:30 - 2014-09-07 16:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-07 16:27 - 2014-09-07 16:27 - 00056100 _____ () C:\windows\SysWOW64\CCCInstall_201409071627426592.log
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-07 16:27 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-07 16:27 - 2014-09-07 16:11 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-07 16:27 - 2014-08-02 10:25 - 00000000 ____D () C:\ProgramData\AMD
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\AMD
2014-09-07 16:17 - 2012-11-01 22:08 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\ATI
2014-09-07 16:17 - 2012-11-01 22:08 - 00000000 ____D () C:\Users\MyName\AppData\Local\ATI
2014-09-07 16:15 - 2014-09-07 16:15 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\ATI
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 15:54 - 2011-02-11 07:14 - 00000000 ____D () C:\windows\Panther
2014-09-07 15:52 - 2014-09-07 15:52 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 15:13 - 2014-09-07 15:13 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Oracle
2014-09-07 15:08 - 2014-09-07 15:08 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 15:08 - 2013-10-03 13:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-07 14:57 - 2014-09-07 14:57 - 00061609 _____ () C:\4ce94848-0159-4de0-a640-7fb2c9095920.dmp
2014-09-07 14:55 - 2014-09-07 14:55 - 00063761 _____ () C:\97b2af29-b4a4-4108-af20-fb688ea36072.dmp
2014-09-07 11:36 - 2013-03-13 18:24 - 00000000 ____D () C:\Users\User2\AppData\Local\CrashDumps
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-09-06 17:55 - 2011-12-25 06:37 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-06 17:54 - 2011-12-25 07:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-06 17:49 - 2014-09-06 10:28 - 00000000 ____D () C:\ProgramData\HP
2014-09-06 17:47 - 2014-09-06 17:47 - 00872152 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-09-06 17:47 - 2014-09-06 17:47 - 00074456 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-09-06 17:47 - 2014-09-06 17:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-06 17:47 - 2012-11-01 22:07 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\hpqLog
2014-09-06 17:47 - 2011-12-25 07:54 - 00108760 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNUninst64.dll
2014-09-06 17:47 - 2011-12-25 06:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-06 17:46 - 2014-09-06 17:46 - 00175928 _____ (JMicron Technology Corporation) C:\windows\system32\Drivers\jmcr.sys
2014-09-06 17:45 - 2014-09-06 17:43 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-06 17:45 - 2012-04-06 13:45 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-09-06 17:44 - 2012-04-06 13:45 - 00000000 ____D () C:\windows\system32\nn-NO
2014-09-06 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\tr-TR
2014-09-06 17:43 - 2014-09-06 17:43 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-06 17:42 - 2014-09-06 17:42 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-09-06 17:42 - 2014-09-06 17:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00026416 _____ () C:\windows\system32\pca-manta.bin
2014-09-06 17:42 - 2014-09-06 17:42 - 00000092 _____ () C:\windows\system32\calibration.bin
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Hewlett-Packard Company
2014-09-06 17:40 - 2011-12-25 07:23 - 00000191 _____ () C:\windows\system32\HPPA.ini
2014-09-06 17:40 - 2011-12-25 07:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-06 17:39 - 2012-04-06 13:56 - 00000000 ____D () C:\windows\Hewlett-Packard
2014-09-06 17:16 - 2014-09-06 17:16 - 00000000 ____D () C:\Users\User2\AppData\Roaming\java
2014-09-06 10:28 - 2014-09-06 10:28 - 00000000 ____D () C:\HPSDM
2014-09-06 10:26 - 2014-09-06 10:25 - 20578280 _____ (Hewlett-Packard Company ) C:\Users\MyName\Downloads\HP_SDM_Setup.exe
2014-09-06 10:18 - 2014-09-06 10:18 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\java
2014-09-06 10:17 - 2014-09-06 10:17 - 00000000 ____D () C:\Program Files\Java
2014-09-06 10:05 - 2014-09-06 10:05 - 00675988 _____ () C:\Users\MyName\Downloads\Minecraft(1).exe
2014-09-05 04:10 - 2014-09-11 10:52 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 10:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-30 09:00 - 2014-08-30 09:00 - 00803691 _____ () C:\Users\User2\Documents\transfer1.xps
2014-08-29 08:57 - 2009-07-14 06:45 - 00413288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-26 20:02 - 2013-02-07 23:04 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 19:04 - 2013-03-02 12:36 - 00117080 _____ () C:\Users\User2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-23 04:07 - 2014-08-28 19:44 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 19:44 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 19:44 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
Files to move or delete:
====================
C:\Users\MyName\WebVpnRegKey6-217-91-61-208.dll
Some content of TEMP:
====================
C:\Users\User2\AppData\Local\Temp\CmdLineExt.dll
C:\Users\User2\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User2\AppData\Local\Temp\drm_dyndata_7300015.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 14:20
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by MyName at 2014-09-21 14:09:53
Running from C:\Users\MyName\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Durchstarten mit Ponky - Deutsch 3+4" (HKLM-x32\...\"Durchstarten mit Ponky - Deutsch 3+4") (Version: 2.00 - Engel Edition)
"Ponky gezielt Mathe 3+4" (HKLM-x32\...\"Ponky gezielt Mathe 3+4") (Version: 2.00 - Engel Edition)
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (x32 Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.2 - Adobe Systems) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audio-CD-Archiv v7 (HKLM-x32\...\{ACA709B7-DB00-48B3-A30C-97F50679E175}) (Version: 7.00.687 - GBelectronics)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 2(TM) (HKCU\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: 1.00.0000 - DICE)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BUG Mod 4.4 (HKLM-x32\...\BUG Mod 4.4) (Version: - )
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help User2ish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6622 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2107 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2107 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die ersten 10 Jahre (HKLM-x32\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte) (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
FIFA 11 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FlatOut2 (HKLM-x32\...\{7E641E46-81DB-4D1D-906A-48342523051C}) (Version: 1.00.0000 - Ihr Firmenname)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
FreeFileSync 5.10 (HKLM-x32\...\FreeFileSync) (Version: 5.10 - Zenju)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{68E1C9E9-1606-49AF-9978-573148CED9E4}) (Version: 3.5.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{72E3D563-C37C-4037-9F04-B64C0DAD0EFF}) (Version: 2.2.3 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
INtex Hausverwaltung Version 10 (HKLM-x32\...\{C8F19197-739E-48C3-8A78-8C1434411F9A}_is1) (Version: 10 - INtex Publishing)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM-x32\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}) (Version: 1.0.0005.129 - Microsoft Studios)
Microsoft Flight (x32 Version: 1.0.0005.129 - Microsoft Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18100 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{3F380A3D-695A-4199-B026-A811A9FC6D91}) (Version: 12.0.00500 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.5.34.0 - Nokia)
Nokia Suite (x32 Version: 3.5.34.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PC Connectivity Solution (HKLM-x32\...\{7390478C-8581-415E-92E9-2997D9306B81}) (Version: 12.0.32.0 - Nokia)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.33 - PDF Complete, Inc)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Perspective Pilot Free 3.2.0 (HKLM\...\Perspective Pilot Free_is1) (Version: 3.2.0 - Two Pilots)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Serif CraftArtist (HKLM-x32\...\{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}) (Version: 1.0.5.043 - Serif (Europe) Ltd)
Serif Photo Projects (HKLM-x32\...\{D87677F6-5F58-4BB9-8D50-78A1BF9C2F33}) (Version: 1.0.2.027 - Serif (Europe) Ltd)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.2.012 - Serif (Europe) Ltd)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steuer 2012 (HKCU\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
test und FINANZtest Archiv CD-Rom 2011 (HKLM-x32\...\test und FINANZtest Archiv CD-Rom 2011) (Version: - )
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
XMedia Recode Version 3.1.2.5 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.5 - XMedia Recode)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
XnViewMP 0.68 (HKLM\...\XnViewMP_is1) (Version: 0.68 - Gougelet Pierre-e)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-09-2014 14:06:22 DirectX wurde installiert
14-09-2014 16:04:58 DirectX wurde installiert
14-09-2014 16:08:14 DirectX wurde installiert
16-09-2014 12:19:12 Windows Update
16-09-2014 17:59:07 DirectX wurde installiert
19-09-2014 17:18:15 DirectX wurde installiert
19-09-2014 17:19:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14E9462E-AF2F-46A7-BE39-9271E4787599} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {656EFEA3-037B-4C77-B282-242798BB3DE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8A00151D-E898-4D1F-98BC-4BEFEFC72D07} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {90779F6F-36FA-440A-9A1E-83A89A4D0B12} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {A1C1248B-B6A4-4C6F-86FF-9EA5DD69F779} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {CCA38787-787F-4505-BD6E-0F1041E97EF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-02-07 23:02 - 2013-02-09 22:57 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-11-04 02:34 - 2009-04-17 12:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-03-09 15:32 - 2005-04-22 06:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2012-04-06 05:09 - 2011-08-31 15:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-12 17:02 - 2011-09-12 17:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-07-15 22:48 - 2014-07-15 22:48 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-21 10:01 - 2014-09-21 10:01 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092100\algo.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-07-15 22:48 - 2014-07-15 22:48 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-12 15:52 - 2014-09-12 15:52 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\60e3de33f3b7204f87483b97989a13b6\IsdiInterop.ni.dll
2012-04-06 13:41 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-19 23:43 - 2014-09-19 23:43 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:66633281
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/21/2014 01:53:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 01:39:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 00:44:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 11:54:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000002ff0fd8
ID des fehlerhaften Prozesses: 0x1bdc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (09/21/2014 08:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/20/2014 07:29:07 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: SSL alert by host: Description is: 47.
Error: (09/20/2014 07:29:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Name des fehlerhaften Moduls: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b5d6
ID des fehlerhaften Prozesses: 0x2054
Startzeit der fehlerhaften Anwendung: 0xhpqWmiEx.exe0
Pfad der fehlerhaften Anwendung: hpqWmiEx.exe1
Pfad des fehlerhaften Moduls: hpqWmiEx.exe2
Berichtskennung: hpqWmiEx.exe3
Error: (09/20/2014 00:24:43 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: SSL alert by host: Description is: 47.
Error: (09/20/2014 00:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Name des fehlerhaften Moduls: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b5d6
ID des fehlerhaften Prozesses: 0x7dc
Startzeit der fehlerhaften Anwendung: 0xhpqWmiEx.exe0
Pfad der fehlerhaften Anwendung: hpqWmiEx.exe1
Pfad des fehlerhaften Moduls: hpqWmiEx.exe2
Berichtskennung: hpqWmiEx.exe3
System errors:
=============
Error: (09/21/2014 01:54:54 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/21/2014 01:54:41 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (09/21/2014 01:53:54 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32
Error: (09/21/2014 01:53:20 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (09/21/2014 01:40:51 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (09/21/2014 01:40:31 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTLOKALER DIENSTS-1-5-19LocalHost (unter Verwendung von LRPC)
Error: (09/21/2014 01:39:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ASPI32
Error: (09/21/2014 01:39:06 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x00000109 (0xa3a039d8a0886817, 0xb3b7465ef306a351, 0xfffff880009f65c0, 0x0000000000000002)C:\windows\MEMORY.DMP092114-25412-01
Error: (09/21/2014 01:39:05 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 21.09.2014 um 13:37:20 unerwartet heruntergefahren.
Error: (09/21/2014 01:38:43 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\ASPI32.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Microsoft Office Sessions:
=========================
Error: (09/21/2014 01:53:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 01:39:50 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 00:58:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 00:44:42 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 11:54:49 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4unknown0.0.0.000000000c00000050000000002ff0fd81bdc01cfd571002902f4C:\windows\Explorer.EXEunknown52c37a86-4175-11e4-976b-9cb70dca0491
Error: (09/21/2014 08:18:04 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/20/2014 07:29:07 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: Description is: 47
Error: (09/20/2014 07:29:06 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpqWmiEx.exe4.6.15.150a165a9hpqWmiEx.exe4.6.15.150a165a9c00000050002b5d6205401cfd45882b8c07dC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe09d5a49a-4087-11e4-98da-83ef66920723
Error: (09/20/2014 00:24:43 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: Description is: 47
Error: (09/20/2014 00:24:42 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpqWmiEx.exe4.6.15.150a165a9hpqWmiEx.exe4.6.15.150a165a9c00000050002b5d67dc01cfd44daa889e0bC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exebfe7226e-404b-11e4-98da-83ef66920723
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 8126.36 MB
Available physical RAM: 5914.68 MB
Total Pagefile: 16250.9 MB
Available Pagefile: 13639.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:674.31 GB) (Free:441.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:19.03 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:4.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E76A04A3)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-21 14:52:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JE4O 698,64GB
Running: om9b1lo0.exe; Driver: C:\Users\MyName\AppData\Local\Temp\fwtdyaog.sys
(Log war zu groß --> siehe GMER.ZIP)
|
|
21.09.2014, 15:12
| #2 |
| /// the machine /// TB-Ausbilder    | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) hi,
__________________Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ |
|
22.09.2014, 19:30
| #3 |
| | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Hallo schrauber,
__________________vielen Dank, dass Du Dich um mein Problem kümmerst! Der ESET-Scan hat ganz schön lange gedauert und lief die Nacht durch, daher antworte ich erst jetzt. Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by MyName on 21.09.2014 at 19:26:59,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-4219148564-3154154102-1992973587-1004\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\MyName\AppData\Roaming\mozilla\firefox\profiles\tbn3bszz.default\minidumps [66 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 19:38:14,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=1c888171f63ea4498395dbaa670c8f33
# engine=20241
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-09-21 08:48:11
# local_time=2014-09-21 10:48:11 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 100 97 52255 175752981 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 34475 162962341 0 0
# scanned=334371
# found=12
# cleaned=0
# scan_time=7905
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Conduit\Community Alerts\Alert.dll.vir"
sh=37C2B582C84E83EB1DBE7F6BE8648E406BD739A7 ft=1 fh=941e524606a3f411 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburn.exe.vir"
sh=DEDF92691226E483A0497515EDED90773F93398A ft=1 fh=24cc767e2aae6d63 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressBurn\expressburnsetup_v4.62.exe.vir"
sh=79C1214442FB0E1F9AD7A32ECD224B2920A03DB0 ft=1 fh=c8fa3065121f18f8 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DE3EQANK\Ashampoo_DE[1].exe"
sh=F89D0D35647789000A23E8BD1E557BEE519A6BAE ft=1 fh=4f81c51847428f3f vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GD9KL305\statisticsstub[1].exe"
sh=A1280B1F085B8284DC157EC359BD1ADA091CFE7E ft=1 fh=d8aa3384d1249a40 vn="Variante von Win32/Toolbar.Conduit.P evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\AppData\LocalLow\Ashampoo_DE\ldrtbAsha.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\AppData\LocalLow\Ashampoo_DE\tbAsha.dll"
sh=227AA468A327AEEEBA2A8435EC181370136B81F9 ft=1 fh=5f440b0f78dc3247 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\Downloads\ashampoo_hdd_control_2_2.1.0_sm.exe"
sh=C54A0413E142F4DDA287BB3497EBF2E5BFF4D3C9 ft=1 fh=af27b5fd5f742cf7 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\Downloads\debutsetup.exe"
sh=DC6CFEC825E1BC7863CD87333BEF860CB04F5980 ft=1 fh=148f4ae10543316c vn="Win32/DownWare.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\Downloads\dvdstyler-2.3.3-win32.exe"
sh=596D78A7F03D1DAEE86BCCE8DD7713AA60E8F9E4 ft=1 fh=8eaf1d336ac02ccc vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\Downloads\FreeYouTubeToMP3Converter34.exe"
sh=23422BA9AC9EC006E9C287F868404A133244283B ft=1 fh=7dcb11e90876be50 vn="Variante von Win32/InstallCore.QH evtl. unerwünschte Anwendung" ac=I fn="C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager.exe"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-09-2014 01
Ran by MyName (administrator) on HPNOTEBOOK on 22-09-2014 18:25:29
Running from C:\Users\MyName\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HPHotkeyMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(ArcSoft, Inc.) C:\Windows\SysWOW64\ArcVCapRender\uArcCapture.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdiSDKHelperx64.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [615584 2011-01-07] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2011-01-07] (Atheros Commnucations)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-09-07] (IDT, Inc.)
HKLM\...\Run: [HPPowerAssistant] => C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2945080 2011-09-12] (Hewlett-Packard Company)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2774256 2014-09-06] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2011-01-26] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => c:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [QLBController] => C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\QLBController.exe [319360 2012-03-14] (Hewlett-Packard Company)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [1967616 2014-04-17] (AMD)
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-4219148564-3154154102-1992973587-1004\...\MountPoints2: {dc0b97a8-7fde-11e1-abcd-806e6f6e6963} - G:\LaunchBFII.exe
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
GroupPolicyUsers\S-1-5-21-4219148564-3154154102-1992973587-1006\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default
FF Homepage: about:home
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF SearchPlugin: C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default\searchplugins\ixquick-https---deutsch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\MyName\AppData\Roaming\Mozilla\Firefox\Profiles\tbn3bszz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-06]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-01-06]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-15]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-01-13] (Adobe Systems) [File not signed]
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-01-07] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [53920 2011-01-07] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-15] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2013-10-18] (Macrovision Europe Ltd.) [File not signed]
R2 HPDayStarterService; c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe [133688 2011-01-28] (Hewlett-Packard Company)
R2 hpHotkeyMonitor; C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe [365440 2012-03-14] (Hewlett-Packard Company)
S2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
R2 PnkBstrA; C:\windows\SysWOW64\PnkBstrA.exe [76888 2013-02-09] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] ()
R2 uArcCapture; C:\windows\SysWow64\ArcVCapRender\uArcCapture.exe [502464 2010-11-11] (ArcSoft, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-12] (Advanced Micro Devices, Inc.)
R3 ARCVCAM; C:\Windows\System32\DRIVERS\ArcSoftVCapture.sys [32192 2010-11-11] (ArcSoft, Inc.)
S1 ASPI32; C:\Windows\SysWow64\Drivers\ASPI32.sys [25244 1999-09-10] (Adaptec) [File not signed]
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-15] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-15] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-12-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-15] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2014-08-02] ()
S3 intelkmd; C:\Windows\System32\DRIVERS\igdpmd64.sys [12306848 2011-08-31] (Intel Corporation) [File not signed]
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2014-08-02] ()
S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [1866080 2012-11-28] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 18:25 - 2014-09-22 18:25 - 00018399 _____ () C:\Users\MyName\Downloads\FRST.txt
2014-09-22 18:20 - 2014-09-22 18:20 - 00854417 _____ () C:\Users\MyName\Downloads\SecurityCheck.exe
2014-09-21 20:32 - 2014-09-21 20:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 20:30 - 2014-09-21 20:30 - 02347384 _____ (ESET) C:\Users\MyName\Downloads\esetsmartinstaller_deu.exe
2014-09-21 19:38 - 2014-09-21 19:38 - 00001557 _____ () C:\Users\MyName\Desktop\JRT.txt
2014-09-21 19:26 - 2014-09-21 19:26 - 00165713 _____ () C:\Users\MyName\Desktop\Malware_Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) - Trojaner-Board.htm
2014-09-21 19:26 - 2014-09-21 19:26 - 00000000 ____D () C:\windows\ERUNT
2014-09-21 19:26 - 2014-09-21 19:26 - 00000000 ____D () C:\Users\MyName\Desktop\Malware_Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) - Trojaner-Board-Dateien
2014-09-21 19:19 - 2014-09-21 19:19 - 01027006 _____ (Thisisu) C:\Users\MyName\Downloads\JRT.exe
2014-09-21 15:42 - 2014-09-21 15:42 - 00019844 _____ () C:\Users\MyName\Desktop\GMER.zip
2014-09-21 14:52 - 2014-09-21 14:55 - 00482910 _____ () C:\Users\MyName\Desktop\GMER.log
2014-09-21 14:09 - 2014-09-21 14:58 - 00041678 _____ () C:\Users\MyName\Desktop\Addition.txt
2014-09-21 13:57 - 2014-09-21 14:58 - 00053851 _____ () C:\Users\MyName\Desktop\FRST.txt
2014-09-21 13:39 - 2014-09-21 13:39 - 00279208 _____ () C:\windows\Minidump\092114-25412-01.dmp
2014-09-21 13:38 - 2014-09-21 13:38 - 730026222 _____ () C:\windows\MEMORY.DMP
2014-09-21 13:26 - 2014-09-22 18:25 - 00000000 ____D () C:\FRST
2014-09-21 13:25 - 2014-09-21 13:25 - 00380416 _____ () C:\Users\MyName\Downloads\om9b1lo0.exe
2014-09-21 13:24 - 2014-09-21 14:55 - 00000474 _____ () C:\Users\MyName\Desktop\defogger_disable.log
2014-09-21 13:24 - 2014-09-21 13:25 - 02105856 _____ (Farbar) C:\Users\MyName\Downloads\FRST64.exe
2014-09-21 13:24 - 2014-09-21 13:24 - 00000000 _____ () C:\Users\MyName\defogger_reenable
2014-09-21 13:23 - 2014-09-21 13:23 - 00050477 _____ () C:\Users\MyName\Downloads\Defogger.exe
2014-09-21 13:14 - 2014-09-21 14:58 - 00024041 _____ () C:\Users\MyName\Desktop\ Malwarebytes Anti-Malware .txt
2014-09-21 13:00 - 2014-09-21 14:58 - 00004828 _____ () C:\Users\MyName\Desktop\AdwCleaner[S0].txt
2014-09-21 12:50 - 2014-09-21 13:02 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:18 - 2014-09-21 19:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 12:17 - 2014-09-21 12:17 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-21 12:17 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-21 12:17 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\MyName\Downloads\AdwCleaner_3.310.exe
2014-09-21 12:09 - 2014-09-21 12:10 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MyName\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieUserList
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieSiteList
2014-09-21 10:04 - 2014-09-21 10:04 - 00003156 _____ () C:\windows\System32\Tasks\{F0DF3150-D166-46B9-9AB5-8C24B34019A2}
2014-09-19 23:43 - 2014-09-19 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 16:07 - 2014-09-19 19:20 - 00260017 _____ () C:\windows\DirectX.log
2014-09-14 14:10 - 2014-09-14 14:10 - 00000000 ____D () C:\ProgramData\Intel
2014-09-14 14:10 - 2012-05-15 07:13 - 00144896 _____ (Intel Corporation) C:\windows\system32\IntelOpenCL64.dll
2014-09-14 14:10 - 2012-05-15 06:20 - 00104448 _____ (Intel Corporation) C:\windows\SysWOW64\IntelOpenCL32.dll
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-14 14:04 - 2014-09-14 14:04 - 00000000 ____D () C:\Users\MyName\SystemRequirementsLab
2014-09-14 13:54 - 2014-09-14 13:54 - 00000219 _____ () C:\Users\MyName\Desktop\Dota 2.url
2014-09-12 00:09 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-12 00:09 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-12 00:09 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-12 00:09 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-12 00:09 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-09-12 00:09 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-12 00:09 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-12 00:09 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-12 00:09 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-12 00:09 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-12 00:09 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-09-12 00:09 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-12 00:09 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-12 00:09 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-09-12 00:09 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-09-12 00:09 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-09-12 00:09 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-09-12 00:09 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-12 00:09 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-09-12 00:09 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-12 00:09 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-12 00:09 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-09-12 00:09 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-12 00:09 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-09-12 00:09 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-09-12 00:09 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-12 00:09 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-12 00:09 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-12 00:09 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-12 00:09 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-09-12 00:09 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-09-12 00:09 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-09-12 00:09 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-12 00:09 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-12 00:09 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-12 00:09 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-12 00:09 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-09-12 00:09 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-12 00:09 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-12 00:09 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-12 00:09 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-12 00:09 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-12 00:09 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-12 00:09 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-12 00:09 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-12 00:09 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-12 00:09 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-09-12 00:09 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-12 00:09 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-12 00:09 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-12 00:09 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-09-12 00:09 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-09-12 00:01 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-09-12 00:01 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 10:53 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-09-11 10:53 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-09-11 10:53 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-11 10:53 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-11 10:53 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-11 10:53 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-11 10:53 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-11 10:52 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-11 10:52 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-09-11 10:52 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-09-11 10:52 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-09 12:30 - 2014-09-09 12:30 - 00001151 _____ () C:\Users\User1\Desktop\INtex Hausverwaltung.lnk
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Roaming\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Local\FileMaker
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INtex Hausverwaltung 10
2014-09-09 12:29 - 2014-09-09 19:59 - 00000000 ____D () C:\Program Files (x86)\INtex Hausverwaltung 10
2014-09-09 12:28 - 2014-09-09 12:28 - 22176096 _____ (INtex Publishing ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager [1].exe
2014-09-09 12:23 - 2014-09-09 12:24 - 00816064 _____ ( ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager.exe
2014-09-07 16:30 - 2014-09-07 16:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-07 16:27 - 2014-09-07 16:27 - 00056100 _____ () C:\windows\SysWOW64\CCCInstall_201409071627426592.log
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\AMD
2014-09-07 16:15 - 2014-09-07 16:15 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-09-07 16:13 - 2011-09-12 17:05 - 00003917 _____ () C:\windows\SysWOW64\atipblup.dat
2014-09-07 16:13 - 2011-09-12 17:05 - 00003917 _____ () C:\windows\system32\atipblup.dat
2014-09-07 16:12 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\ATI
2014-09-07 16:11 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-07 16:06 - 2014-09-21 12:58 - 00039234 _____ () C:\windows\PFRO.log
2014-09-07 16:05 - 2014-09-21 19:15 - 00001572 _____ () C:\windows\setupact.log
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 15:52 - 2014-09-07 15:52 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 15:13 - 2014-09-07 15:13 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Oracle
2014-09-07 15:08 - 2014-09-07 15:08 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 14:57 - 2014-09-07 14:57 - 00061609 _____ () C:\4ce94848-0159-4de0-a640-7fb2c9095920.dmp
2014-09-07 14:55 - 2014-09-07 14:55 - 00063761 _____ () C:\97b2af29-b4a4-4108-af20-fb688ea36072.dmp
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-09-06 18:47 - 2014-09-14 14:08 - 00000000 ____D () C:\Intel
2014-09-06 17:47 - 2014-09-06 17:47 - 00872152 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-09-06 17:47 - 2014-09-06 17:47 - 00074456 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-09-06 17:47 - 2014-09-06 17:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-06 17:46 - 2014-09-06 17:46 - 00175928 _____ (JMicron Technology Corporation) C:\windows\system32\Drivers\jmcr.sys
2014-09-06 17:43 - 2014-09-06 17:45 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-06 17:43 - 2014-09-06 17:43 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-06 17:42 - 2014-09-06 17:42 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-09-06 17:42 - 2014-09-06 17:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00026416 _____ () C:\windows\system32\pca-manta.bin
2014-09-06 17:42 - 2014-09-06 17:42 - 00000092 _____ () C:\windows\system32\calibration.bin
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Hewlett-Packard Company
2014-09-06 17:16 - 2014-09-06 17:16 - 00000000 ____D () C:\Users\User2\AppData\Roaming\java
2014-09-06 10:28 - 2014-09-06 17:49 - 00000000 ____D () C:\ProgramData\HP
2014-09-06 10:28 - 2014-09-06 10:28 - 00000000 ____D () C:\HPSDM
2014-09-06 10:25 - 2014-09-06 10:26 - 20578280 _____ (Hewlett-Packard Company ) C:\Users\MyName\Downloads\HP_SDM_Setup.exe
2014-09-06 10:18 - 2014-09-06 10:18 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\java
2014-09-06 10:17 - 2014-09-06 10:17 - 00000000 ____D () C:\Program Files\Java
2014-09-06 10:05 - 2014-09-06 10:05 - 00675988 _____ () C:\Users\MyName\Downloads\Minecraft(1).exe
2014-08-30 09:00 - 2014-08-30 09:00 - 00803691 _____ () C:\Users\User2\Documents\transfer1.xps
2014-08-28 19:44 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-28 19:44 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-28 19:44 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 18:26 - 2014-09-22 18:25 - 00018399 _____ () C:\Users\MyName\Downloads\FRST.txt
2014-09-22 18:25 - 2014-09-21 13:26 - 00000000 ____D () C:\FRST
2014-09-22 18:22 - 2012-09-15 14:11 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 18:20 - 2014-09-22 18:20 - 00854417 _____ () C:\Users\MyName\Downloads\SecurityCheck.exe
2014-09-22 18:16 - 2012-11-01 22:07 - 00000000 ____D () C:\Users\MyName\Documents\Bluetooth Folder
2014-09-22 18:16 - 2012-04-06 13:52 - 00000035 _____ () C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-09-22 18:16 - 2012-04-06 13:37 - 01131458 _____ () C:\windows\WindowsUpdate.log
2014-09-21 20:32 - 2014-09-21 20:32 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 20:30 - 2014-09-21 20:30 - 02347384 _____ (ESET) C:\Users\MyName\Downloads\esetsmartinstaller_deu.exe
2014-09-21 19:38 - 2014-09-21 19:38 - 00001557 _____ () C:\Users\MyName\Desktop\JRT.txt
2014-09-21 19:26 - 2014-09-21 19:26 - 00165713 _____ () C:\Users\MyName\Desktop\Malware_Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) - Trojaner-Board.htm
2014-09-21 19:26 - 2014-09-21 19:26 - 00000000 ____D () C:\windows\ERUNT
2014-09-21 19:26 - 2014-09-21 19:26 - 00000000 ____D () C:\Users\MyName\Desktop\Malware_Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) - Trojaner-Board-Dateien
2014-09-21 19:23 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 19:23 - 2009-07-14 06:45 - 00028352 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 19:20 - 2011-12-25 06:04 - 00702388 _____ () C:\windows\system32\perfh007.dat
2014-09-21 19:20 - 2011-12-25 06:04 - 00151022 _____ () C:\windows\system32\perfc007.dat
2014-09-21 19:20 - 2009-07-14 07:13 - 01628890 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-21 19:19 - 2014-09-21 19:19 - 01027006 _____ (Thisisu) C:\Users\MyName\Downloads\JRT.exe
2014-09-21 19:18 - 2014-09-21 12:18 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 19:16 - 2011-12-25 07:21 - 00000000 ____D () C:\ProgramData\PDFC
2014-09-21 19:15 - 2014-09-07 16:05 - 00001572 _____ () C:\windows\setupact.log
2014-09-21 19:15 - 2014-02-08 13:41 - 00000000 ____D () C:\ProgramData\VMware
2014-09-21 19:15 - 2009-07-14 07:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-21 15:42 - 2014-09-21 15:42 - 00019844 _____ () C:\Users\MyName\Desktop\GMER.zip
2014-09-21 14:58 - 2014-09-21 14:09 - 00041678 _____ () C:\Users\MyName\Desktop\Addition.txt
2014-09-21 14:58 - 2014-09-21 13:57 - 00053851 _____ () C:\Users\MyName\Desktop\FRST.txt
2014-09-21 14:58 - 2014-09-21 13:14 - 00024041 _____ () C:\Users\MyName\Desktop\ Malwarebytes Anti-Malware .txt
2014-09-21 14:58 - 2014-09-21 13:00 - 00004828 _____ () C:\Users\MyName\Desktop\AdwCleaner[S0].txt
2014-09-21 14:55 - 2014-09-21 14:52 - 00482910 _____ () C:\Users\MyName\Desktop\GMER.log
2014-09-21 14:55 - 2014-09-21 13:24 - 00000474 _____ () C:\Users\MyName\Desktop\defogger_disable.log
2014-09-21 13:48 - 2012-11-03 20:55 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\XnViewMP
2014-09-21 13:46 - 2012-11-01 22:06 - 00003942 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{791ECB16-7748-46C6-B6AA-9CC3D6972430}
2014-09-21 13:40 - 2014-01-15 14:53 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-21 13:39 - 2014-09-21 13:39 - 00279208 _____ () C:\windows\Minidump\092114-25412-01.dmp
2014-09-21 13:39 - 2013-01-07 11:59 - 00000000 ____D () C:\windows\Minidump
2014-09-21 13:38 - 2014-09-21 13:38 - 730026222 _____ () C:\windows\MEMORY.DMP
2014-09-21 13:25 - 2014-09-21 13:25 - 00380416 _____ () C:\Users\MyName\Downloads\om9b1lo0.exe
2014-09-21 13:25 - 2014-09-21 13:24 - 02105856 _____ (Farbar) C:\Users\MyName\Downloads\FRST64.exe
2014-09-21 13:24 - 2014-09-21 13:24 - 00000000 _____ () C:\Users\MyName\defogger_reenable
2014-09-21 13:24 - 2012-11-01 22:06 - 00000000 ____D () C:\Users\MyName
2014-09-21 13:23 - 2014-09-21 13:23 - 00050477 _____ () C:\Users\MyName\Downloads\Defogger.exe
2014-09-21 13:02 - 2014-09-21 12:50 - 00000000 ____D () C:\AdwCleaner
2014-09-21 12:58 - 2014-09-07 16:06 - 00039234 _____ () C:\windows\PFRO.log
2014-09-21 12:43 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\PLA
2014-09-21 12:17 - 2014-09-21 12:17 - 00001066 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 12:17 - 2014-09-21 12:17 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 12:10 - 2014-09-21 12:10 - 01373475 _____ () C:\Users\MyName\Downloads\AdwCleaner_3.310.exe
2014-09-21 12:10 - 2014-09-21 12:09 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\MyName\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieUserList
2014-09-21 12:00 - 2014-09-21 12:00 - 00000000 __SHD () C:\Users\MyName\AppData\Local\EmieSiteList
2014-09-21 11:55 - 2013-02-02 23:23 - 00000000 ____D () C:\Users\MyName\AppData\Local\CrashDumps
2014-09-21 11:48 - 2012-11-03 20:32 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-21 10:05 - 2013-03-02 12:36 - 00000000 ____D () C:\Users\User2\Documents\Bluetooth Folder
2014-09-21 10:05 - 2012-11-01 22:06 - 00001425 _____ () C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-21 10:05 - 2012-09-10 20:57 - 00001146 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-21 10:05 - 2012-09-10 20:57 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-21 10:04 - 2014-09-21 10:04 - 00003156 _____ () C:\windows\System32\Tasks\{F0DF3150-D166-46B9-9AB5-8C24B34019A2}
2014-09-21 08:21 - 2014-01-18 21:28 - 00000000 ____D () C:\Users\User2\AppData\Roaming\.minecraft
2014-09-21 08:21 - 2013-03-02 12:35 - 00003934 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{76E34C46-0F60-4FBC-A6A1-E13060845810}
2014-09-21 08:17 - 2012-09-10 20:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 23:43 - 2014-09-19 23:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:20 - 2014-09-14 16:07 - 00260017 _____ () C:\windows\DirectX.log
2014-09-19 19:20 - 2014-03-18 21:45 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-09-18 10:44 - 2012-09-10 20:35 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{B198A42B-7342-457A-82F7-21F274254314}
2014-09-14 17:25 - 2013-05-18 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-14 14:18 - 2014-01-18 21:25 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\.minecraft
2014-09-14 14:10 - 2014-09-14 14:10 - 00000000 ____D () C:\ProgramData\Intel
2014-09-14 14:10 - 2011-12-25 06:50 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-09-14 14:08 - 2014-09-06 18:47 - 00000000 ____D () C:\Intel
2014-09-14 14:05 - 2014-09-14 14:05 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-09-14 14:04 - 2014-09-14 14:04 - 00000000 ____D () C:\Users\MyName\SystemRequirementsLab
2014-09-14 13:54 - 2014-09-14 13:54 - 00000219 _____ () C:\Users\MyName\Desktop\Dota 2.url
2014-09-14 13:54 - 2014-03-16 12:46 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-09-14 11:04 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\rescache
2014-09-13 23:38 - 2012-09-10 22:11 - 00000000 ____D () C:\Users\User1\AppData\Roaming\XnView
2014-09-12 17:09 - 2014-07-02 18:50 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\vlc
2014-09-12 16:52 - 2014-07-02 18:47 - 00000000 ____D () C:\Users\MyName\.mediathek3
2014-09-12 00:08 - 2011-12-25 06:48 - 01603170 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-09-12 00:07 - 2013-08-14 21:46 - 00000000 ____D () C:\windows\system32\MRT
2014-09-12 00:01 - 2012-09-14 21:57 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-12 00:00 - 2014-05-07 19:26 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-09-11 14:20 - 2012-09-15 14:11 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 14:20 - 2012-09-15 14:11 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 14:20 - 2012-09-15 14:11 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-09-09 19:59 - 2014-09-09 12:29 - 00000000 ____D () C:\Program Files (x86)\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00001151 _____ () C:\Users\User1\Desktop\INtex Hausverwaltung.lnk
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Roaming\INtex Hausverwaltung 10
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\User1\AppData\Local\FileMaker
2014-09-09 12:30 - 2014-09-09 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\INtex Hausverwaltung 10
2014-09-09 12:28 - 2014-09-09 12:28 - 22176096 _____ (INtex Publishing ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager [1].exe
2014-09-09 12:24 - 2014-09-09 12:23 - 00816064 _____ ( ) C:\Users\User1\Downloads\setuphausverwaltung10_CB-DL-Manager.exe
2014-09-07 19:22 - 2012-09-15 14:42 - 00000000 ____D () C:\Users\User1\AppData\Local\CrashDumps
2014-09-07 16:30 - 2014-09-07 16:30 - 00000000 ____D () C:\ProgramData\ATI
2014-09-07 16:27 - 2014-09-07 16:27 - 00056100 _____ () C:\windows\SysWOW64\CCCInstall_201409071627426592.log
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-09-07 16:27 - 2014-09-07 16:27 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-09-07 16:27 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-09-07 16:27 - 2014-09-07 16:11 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-09-07 16:27 - 2014-08-02 10:25 - 00000000 ____D () C:\ProgramData\AMD
2014-09-07 16:19 - 2014-09-07 16:19 - 00000000 ____D () C:\AMD
2014-09-07 16:17 - 2012-11-01 22:08 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\ATI
2014-09-07 16:17 - 2012-11-01 22:08 - 00000000 ____D () C:\Users\MyName\AppData\Local\ATI
2014-09-07 16:15 - 2014-09-07 16:15 - 00000000 _____ () C:\windows\ativpsrm.bin
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-09-07 16:14 - 2014-09-07 16:14 - 00000000 ____D () C:\Program Files (x86)\AMD APP
2014-09-07 16:12 - 2014-09-07 16:12 - 00000000 ____D () C:\Program Files\ATI
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 ____D () C:\ProgramData\IsolatedStorage
2014-09-07 16:05 - 2014-09-07 16:05 - 00000000 _____ () C:\windows\setuperr.log
2014-09-07 15:54 - 2011-02-11 07:14 - 00000000 ____D () C:\windows\Panther
2014-09-07 15:52 - 2014-09-07 15:52 - 00002774 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-07 15:52 - 2014-09-07 15:52 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-07 15:13 - 2014-09-07 15:13 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Oracle
2014-09-07 15:08 - 2014-09-07 15:08 - 00272808 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00175528 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-09-07 15:08 - 2014-09-07 15:08 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-07 15:08 - 2014-09-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-07 15:08 - 2013-10-03 13:40 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-07 14:57 - 2014-09-07 14:57 - 00061609 _____ () C:\4ce94848-0159-4de0-a640-7fb2c9095920.dmp
2014-09-07 14:55 - 2014-09-07 14:55 - 00063761 _____ () C:\97b2af29-b4a4-4108-af20-fb688ea36072.dmp
2014-09-07 11:36 - 2013-03-13 18:24 - 00000000 ____D () C:\Users\User2\AppData\Local\CrashDumps
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieUserList
2014-09-06 20:46 - 2014-09-06 20:46 - 00000000 __SHD () C:\Users\User1\AppData\Local\EmieSiteList
2014-09-06 17:55 - 2011-12-25 06:37 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-09-06 17:54 - 2011-12-25 07:11 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-06 17:49 - 2014-09-06 10:28 - 00000000 ____D () C:\ProgramData\HP
2014-09-06 17:47 - 2014-09-06 17:47 - 00872152 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-09-06 17:47 - 2014-09-06 17:47 - 00074456 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-09-06 17:47 - 2014-09-06 17:47 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-09-06 17:47 - 2012-11-01 22:07 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\hpqLog
2014-09-06 17:47 - 2011-12-25 07:54 - 00108760 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNUninst64.dll
2014-09-06 17:47 - 2011-12-25 06:38 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-09-06 17:46 - 2014-09-06 17:46 - 00175928 _____ (JMicron Technology Corporation) C:\windows\system32\Drivers\jmcr.sys
2014-09-06 17:45 - 2014-09-06 17:43 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-09-06 17:45 - 2012-04-06 13:45 - 00000000 ____D () C:\Program Files (x86)\Atheros
2014-09-06 17:44 - 2012-04-06 13:45 - 00000000 ____D () C:\windows\system32\nn-NO
2014-09-06 17:44 - 2009-07-14 05:20 - 00000000 ____D () C:\windows\system32\tr-TR
2014-09-06 17:43 - 2014-09-06 17:43 - 00000000 ____H () C:\windows\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2014-09-06 17:42 - 2014-09-06 17:42 - 01795952 _____ (Microsoft Corporation) C:\windows\system32\WdfCoInstaller01011.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00722160 _____ (Synaptics Incorporated) C:\windows\system32\SynCOM.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00524016 _____ (Synaptics Incorporated) C:\windows\system32\Drivers\SynTP.sys
2014-09-06 17:42 - 2014-09-06 17:42 - 00421616 _____ (Synaptics Incorporated) C:\windows\system32\SynTPCo19.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00400112 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00251632 _____ (Synaptics Incorporated) C:\windows\system32\SynTPAPI.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00169712 _____ (Synaptics Incorporated) C:\windows\SysWOW64\SynTPCom.dll
2014-09-06 17:42 - 2014-09-06 17:42 - 00026416 _____ () C:\windows\system32\pca-manta.bin
2014-09-06 17:42 - 2014-09-06 17:42 - 00000092 _____ () C:\windows\system32\calibration.bin
2014-09-06 17:40 - 2014-09-06 17:40 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\Hewlett-Packard Company
2014-09-06 17:40 - 2011-12-25 07:23 - 00000191 _____ () C:\windows\system32\HPPA.ini
2014-09-06 17:40 - 2011-12-25 07:11 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-06 17:39 - 2012-04-06 13:56 - 00000000 ____D () C:\windows\Hewlett-Packard
2014-09-06 17:16 - 2014-09-06 17:16 - 00000000 ____D () C:\Users\User2\AppData\Roaming\java
2014-09-06 10:28 - 2014-09-06 10:28 - 00000000 ____D () C:\HPSDM
2014-09-06 10:26 - 2014-09-06 10:25 - 20578280 _____ (Hewlett-Packard Company ) C:\Users\MyName\Downloads\HP_SDM_Setup.exe
2014-09-06 10:18 - 2014-09-06 10:18 - 00000000 ____D () C:\Users\MyName\AppData\Roaming\java
2014-09-06 10:17 - 2014-09-06 10:17 - 00000000 ____D () C:\Program Files\Java
2014-09-06 10:05 - 2014-09-06 10:05 - 00675988 _____ () C:\Users\MyName\Downloads\Minecraft(1).exe
2014-09-05 04:10 - 2014-09-11 10:52 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-11 10:52 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-08-30 09:00 - 2014-08-30 09:00 - 00803691 _____ () C:\Users\User2\Documents\transfer1.xps
2014-08-29 08:57 - 2009-07-14 06:45 - 00413288 _____ () C:\windows\system32\FNTCACHE.DAT
2014-08-26 20:02 - 2013-02-07 23:04 - 00000000 ____D () C:\windows\System32\Tasks\Games
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-08-23 19:04 - 2013-03-02 12:36 - 00117080 _____ () C:\Users\User2\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-23 04:07 - 2014-08-28 19:44 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 19:44 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 19:44 - 03163648 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
Files to move or delete:
====================
C:\Users\MyName\WebVpnRegKey6-217-91-61-208.dll
Some content of TEMP:
====================
C:\Users\User2\AppData\Local\Temp\CmdLineExt.dll
C:\Users\User2\AppData\Local\Temp\drm_dialogs.dll
C:\Users\User2\AppData\Local\Temp\drm_dyndata_7300015.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 14:20
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- Ich habe die Addition.txt vergessen... Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-09-2014 01
Ran by MyName at 2014-09-22 19:57:23
Running from C:\Users\MyName\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
"Durchstarten mit Ponky - Deutsch 3+4" (HKLM-x32\...\"Durchstarten mit Ponky - Deutsch 3+4") (Version: 2.00 - Engel Edition)
"Ponky gezielt Mathe 3+4" (HKLM-x32\...\"Ponky gezielt Mathe 3+4") (Version: 2.00 - Engel Edition)
Adobe Bridge 1.0 (x32 Version: 1.0.1.1 - Adobe Systems) Hidden
Adobe Common File Installer (x32 Version: 1.00.002 - Adobe System Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Help Center 2.0 (x32 Version: 2.0.0 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0407-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (x32 Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (x32 Version: 7.0 - Adobe Systems Incorporated) Hidden
Adobe Premiere Pro 2.0 (HKLM-x32\...\Adobe Premiere Pro 2.0) (Version: 2.000.000 - Adobe Systems, Inc.)
Adobe Premiere Pro 2.0 (x32 Version: 2.000.000 - Adobe Systems, Inc.) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.1 - Adobe Systems) Hidden
Adobe Stock Photos 1.0 (x32 Version: 1.0.2 - Adobe Systems) Hidden
Age of Empires III - The WarChiefs (HKLM-x32\...\InstallShield_{1C08A24C-B168-407E-A826-68FAF5F20710}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III - The WarChiefs (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Empires III (HKLM-x32\...\InstallShield_{70F8B183-99EB-4304-BA35-080E2DFFD2A3}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (x32 Version: 1.00.0000 - Microsoft Game Studios) Hidden
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.30.100.40417 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 2.5.793.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2014.0417.2226.38446 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{3FAEEEBE-48F4-84C1-2B49-96AE73E67E3E}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.61013.1636 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.15 - Advanced Micro Devices, Inc.) Hidden
ArcSoft TotalMedia (HKLM-x32\...\ArcSoft TotalMedia) (Version: 2.0.39.12 - ArcSoft)
ArcSoft TotalMedia (x32 Version: 1.0.48.25 - ArcSoft) Hidden
ArcSoft Webcam Sharing Manager (HKLM-x32\...\{190A7D93-3823-439C-91B9-ADCE3EC2A6A2}) (Version: 2.0.0.30 - ArcSoft)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM-x32\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audio-CD-Archiv v7 (HKLM-x32\...\{ACA709B7-DB00-48B3-A30C-97F50679E175}) (Version: 7.00.687 - GBelectronics)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)
Battlefield 2(TM) (HKCU\...\{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}) (Version: 1.00.0000 - DICE)
Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.0.0 - Electronic Arts)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.02.000.55 - Atheros Communications)
Brother MFL-Pro Suite MFC-7360N (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
BUG Mod 4.4 (HKLM-x32\...\BUG Mod 4.4) (Version: - )
Call of Duty 4: Modern Warfare (HKLM-x32\...\Steam App 7940) (Version: - Infinity Ward)
Canon Inkjet Printer Driver Add-On Module (HKLM\...\CANONIJINBOXADDON100) (Version: - )
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help User2ish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2014.0417.2225.38446 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2014.0417.2226.38446 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.17 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.6622 - CyberLink Corp.)
CyberLink PhotoNow (x32 Version: 1.1.6622 - CyberLink Corp.) Hidden
CyberLink PowerDirector (HKLM-x32\...\InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}) (Version: 8.0.2107 - CyberLink Corp.)
CyberLink PowerDirector (x32 Version: 8.0.2107 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Die ersten 10 Jahre (HKLM-x32\...\{1C12B0B2-91FB-439A-A64D-1A239F0B7FAB}) (Version: 1.00.0000 - )
DIE SIEDLER - Aufstieg eines Königreichs (Alle Produkte) (HKLM-x32\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler II - Die nächste Generation (HKLM-x32\...\S2TNG) (Version: - )
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: - NCH Software)
Far Cry 2 (HKLM-x32\...\{F2835483-37F2-4123-B4FE-0E77D58447F2}) (Version: 1.03.00 - Ubisoft)
FIFA 11 (HKLM-x32\...\{3FEA6CD1-EA13-4CE7-A74E-A74A4A0A7B5C}) (Version: 1.0.0.0 - Electronic Arts)
FlatOut2 (HKLM-x32\...\{7E641E46-81DB-4D1D-906A-48342523051C}) (Version: 1.00.0000 - Ihr Firmenname)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free YouTube to MP3 Converter version 3.12.2.430 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.2.430 - DVDVideoSoft Ltd.)
FreeFileSync 5.10 (HKLM-x32\...\FreeFileSync) (Version: 5.10 - Zenju)
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
GRID (HKLM-x32\...\{5A0B7BA5-4682-4273-81C2-69B17E649103}) (Version: 1.30.0000 - Codemasters)
Hewlett-Packard ACLM.NET v1.1.2.0 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
HP 3D DriveGuard (HKLM\...\{83DA38AB-1014-41C2-A3CD-E2B93832A71A}) (Version: 4.1.4.1 - Hewlett-Packard Company)
HP Auto (Version: 1.0.12494.3472 - Hewlett-Packard Company) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP DayStarter (HKLM\...\{483D5A49-A26B-4CB8-AA2D-0D1811322061}) (Version: 2.0.0.12 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{C6A49140-A2D9-4CA4-BB92-2E1C8CBB6E16}) (Version: 1.3.0.0 - Hewlett-Packard)
HP ESU for Microsoft Windows 7 (HKLM-x32\...\{CFC1988A-F492-4BC5-B6F7-683A95718AE9}) (Version: 1.1.11.1 - Hewlett-Packard Company)
HP Hotkey Support (HKLM-x32\...\{C97CC14E-4789-4FC5-BC75-79191F7CE009}) (Version: 4.5.9.1 - Hewlett-Packard Company)
HP Power Assistant (HKLM\...\{09A06482-FAF9-4DC5-9EC7-D340B394E22A}) (Version: 2.0.6.0 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SoftPaq Download Manager (HKLM-x32\...\{68E1C9E9-1606-49AF-9978-573148CED9E4}) (Version: 3.5.3.0 - Hewlett-Packard Company)
HP Software Framework (HKLM-x32\...\{D2462056-BA75-4B2C-8267-DFEA2B6AC4AE}) (Version: 4.6.10.1 - Hewlett-Packard Company)
HP Software Setup (HKLM-x32\...\{531000B3-DBEE-4115-BBF3-DA48B67C053F}) (Version: 8.2.1.1 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}) (Version: 6.1.12.1 - Hewlett-Packard Company)
HP System Default Settings (HKLM-x32\...\{72E3D563-C37C-4037-9F04-B64C0DAD0EFF}) (Version: 2.2.3 - Hewlett-Packard Company)
HP Wallpaper (HKLM-x32\...\{11C9A461-DD9D-4C71-85A4-6DCE7F99CC44}) (Version: 2.00 - Hewlett-Packard Company)
HP Webcam Driver (HKLM-x32\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50058.0 - Sonix)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6365.0 - IDT)
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Identity Protection Technology 1.0.71.0 (HKLM-x32\...\{2C43790E-8470-1027-82D3-DF319F3C410F}) (Version: 1.0.71.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3517 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.2.1004 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
INtex Hausverwaltung Version 10 (HKLM-x32\...\{C8F19197-739E-48C3-8A78-8C1434411F9A}_is1) (Version: 10 - INtex Publishing)
IZArc 4.1.7 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.7 - Ivan Zahariev)
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
JMicron Flash Media Controller Driver (HKLM-x32\...\{26604C7E-A313-4D12-867F-7C6E7820BE4C}) (Version: 1.0.72.4 - JMicron Technology Corp.)
KONZ-Steuer-2014 (HKLM-x32\...\InstallShield_{20F1078B-E3B6-4DA1-9570-003DE110890A}) (Version: 1.00.0000 - USM)
KONZ-Steuer-2014 (x32 Version: 1.00.0000 - USM) Hidden
LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{43295475-62CA-4F25-B46C-43C59258780E}) (Version: 4.1.4.2 - The Document Foundation)
LibreOffice 4.3.0.4 (HKLM-x32\...\{5C005E2A-AEAE-4DF7-B7CA-1E6DCDD2AEA4}) (Version: 4.3.0.4 - The Document Foundation)
Logitech Gaming Software 5.10 (HKLM\...\{1444D2EE-C7AD-44A8-844F-2634B49353D1}) (Version: 5.10.127 - Logitech)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Camera Codec Pack (HKLM-x32\...\{908C5B2E-D684-425E-A54D-FE77D5C5A076}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Flight (HKLM-x32\...\GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}) (Version: 1.0.0005.129 - Microsoft Studios)
Microsoft Flight (x32 Version: 1.0.0005.129 - Microsoft Studios) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft_VC100_CRT_SP1_x64 (Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC100_CRT_SP1_x86 (x32 Version: 10.0.40219.1 - Nokia) Hidden
Microsoft_VC90_CRT_x86 (HKLM-x32\...\{DF2035BE-5820-4965-BD97-7FAF8D4A7879}) (Version: 1.0.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla)
MPC-HC 1.7.6 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.6 - MPC-HC Team)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NAVIGON Fresh 3.5.1 (HKLM-x32\...\NAVIGON Fresh) (Version: 3.5.1 - NAVIGON)
Nero ControlCenter (x32 Version: 11.0.15200 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.5000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.18100 - Nero AG) Hidden
Nero CoverDesigner (HKLM-x32\...\{3F380A3D-695A-4199-B026-A811A9FC6D91}) (Version: 12.0.00500 - Nero AG)
Nero CoverDesigner (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero CoverDesigner Help (CHM) (x32 Version: 12.0.2000 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{A57025CC-5F2E-4D01-B387-06DB10500D43}) (Version: 7.1.78.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.5.34.0 - Nokia)
Nokia Suite (x32 Version: 3.5.34.0 - Nokia) Hidden
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.4.5 - Notepad++ Team)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
PC Connectivity Solution (HKLM-x32\...\{7390478C-8581-415E-92E9-2997D9306B81}) (Version: 12.0.32.0 - Nokia)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.33 - PDF Complete, Inc)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Perspective Pilot Free 3.2.0 (HKLM\...\Perspective Pilot Free_is1) (Version: 3.2.0 - Two Pilots)
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Prerequisite installer (x32 Version: 12.0.0002 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.988 - Even Balance, Inc.)
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.73.618.2013 - Realtek)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
SDK (x32 Version: 2.26.012 - Portrait Displays, Inc.) Hidden
Serif CraftArtist (HKLM-x32\...\{C1B148C9-FACF-45F1-8356-4E1C5E3DAA5B}) (Version: 1.0.5.043 - Serif (Europe) Ltd)
Serif Photo Projects (HKLM-x32\...\{D87677F6-5F58-4BB9-8D50-78A1BF9C2F33}) (Version: 1.0.2.027 - Serif (Europe) Ltd)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.2.012 - Serif (Europe) Ltd)
Sid Meier's Civilization 4 - Beyond the Sword (HKLM-x32\...\{32E4F0D2-C135-475E-A841-1D59A0D22989}) (Version: 3.19 - Firaxis Games)
Sid Meier's Civilization 4 Complete (HKLM-x32\...\{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}) (Version: 1.74 - Firaxis Games)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Star Wars Battlefront II (HKLM-x32\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steuer 2012 (HKCU\...\{01159E8A-44F7-4885-A7F9-872CE4D74063}) (Version: 20.00.8137 - Buhl Data Service GmbH)
Steuer 2013 (HKLM-x32\...\{05AEF487-8926-48A9-B5BA-9BED72BC6B1C}) (Version: 21.00.8480 - Buhl Data Service GmbH)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.8.9 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
test und FINANZtest Archiv CD-Rom 2011 (HKLM-x32\...\test und FINANZtest Archiv CD-Rom 2011) (Version: - )
The Dark Eye: Chains of Satinav (HKLM-x32\...\Steam App 203830) (Version: - Daedalic Entertainment)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
TmNationsForever (HKLM-x32\...\TmNationsForever_is1) (Version: - Nadeo)
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - Ihr Firmenname)
Validity Fingerprint Sensor Driver (HKLM\...\{FFC3E41D-2C2B-45B7-9AD9-5EA19572DD26}) (Version: 4.3.117.0 - Validity Sensors, Inc.)
VIP Access SDK x64(1.0.0.50) (HKLM-x32\...\VIP Access SDK) (Version: 1.0.0.50 - Symantec Inc.)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
VMware Player (HKLM-x32\...\VMware_Player) (Version: 6.0.1 - VMware, Inc)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Family Safety (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
XMedia Recode Version 3.1.2.5 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.2.5 - XMedia Recode)
XnView 2.13 (HKLM-x32\...\XnView_is1) (Version: 2.13 - Gougelet Pierre-e)
XnViewMP 0.68 (HKLM\...\XnViewMP_is1) (Version: 0.68 - Gougelet Pierre-e)
Xobni Core (x32 Version: 1.0.0 - Xobni, Inc.) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-09-2014 14:06:22 DirectX wurde installiert
14-09-2014 16:04:58 DirectX wurde installiert
14-09-2014 16:08:14 DirectX wurde installiert
16-09-2014 12:19:12 Windows Update
16-09-2014 17:59:07 DirectX wurde installiert
19-09-2014 17:18:15 DirectX wurde installiert
19-09-2014 17:19:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {14E9462E-AF2F-46A7-BE39-9271E4787599} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe [2011-06-14] (Hewlett-Packard)
Task: {656EFEA3-037B-4C77-B282-242798BB3DE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPSFMessenger\HPSFMsgr.exe [2011-09-09] (Hewlett-Packard Company)
Task: {8A00151D-E898-4D1F-98BC-4BEFEFC72D07} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation)
Task: {90779F6F-36FA-440A-9A1E-83A89A4D0B12} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-07-15] (AVAST Software)
Task: {A1C1248B-B6A4-4C6F-86FF-9EA5DD69F779} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {CCA38787-787F-4505-BD6E-0F1041E97EF8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-02-07 23:02 - 2013-02-09 22:57 - 00076888 _____ () C:\windows\SysWOW64\PnkBstrA.exe
2012-11-04 02:34 - 2009-04-17 12:01 - 00247152 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2013-03-09 15:32 - 2005-04-22 06:36 - 00143360 _____ () C:\windows\system32\BrSNMP64.dll
2012-04-06 05:09 - 2011-08-31 15:13 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-09-12 17:02 - 2011-09-12 17:02 - 01083392 _____ () C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.dll
2014-07-15 22:48 - 2014-07-15 22:48 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-22 18:16 - 2014-09-22 18:16 - 02864640 _____ () C:\Program Files\AVAST Software\Avast\defs\14092200\algo.dll
2013-10-18 13:46 - 2013-10-18 13:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2014-07-15 22:48 - 2014-07-15 22:48 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-12 15:52 - 2014-09-12 15:52 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\60e3de33f3b7204f87483b97989a13b6\IsdiInterop.ni.dll
2012-04-06 13:41 - 2011-01-13 03:56 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-09-19 23:43 - 2014-09-19 23:43 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:0888F409
AlternateDataStreams: C:\ProgramData\TEMP:3440EB47
AlternateDataStreams: C:\ProgramData\TEMP:66633281
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DTRun => c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe
MSCONFIG\startupreg: HPQuickWebProxy => "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
MSCONFIG\startupreg: PDF Complete => C:\Program Files (x86)\PDF Complete\pdfsty.exe
MSCONFIG\startupreg: Start WingMan Profiler => C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
MSCONFIG\startupreg: UpdatePDRShortCut => "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
==================== Faulty Device Manager Devices =============
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Bluetooth-Peripheriegerät
Description: Bluetooth-Peripheriegerät
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/22/2014 06:30:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 06:21:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 00:39:31 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: SSL alert by host: Description is: 47.
Error: (09/22/2014 00:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Name des fehlerhaften Moduls: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b5d6
ID des fehlerhaften Prozesses: 0x50c
Startzeit der fehlerhaften Anwendung: 0xhpqWmiEx.exe0
Pfad der fehlerhaften Anwendung: hpqWmiEx.exe1
Pfad des fehlerhaften Moduls: hpqWmiEx.exe2
Berichtskennung: hpqWmiEx.exe3
Error: (09/21/2014 10:54:39 PM) (Source: Validity USDK) (EventID: 40) (User: )
Description: SSL alert by host: Description is: 47.
Error: (09/21/2014 10:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Name des fehlerhaften Moduls: hpqWmiEx.exe, Version: 4.6.15.1, Zeitstempel: 0x50a165a9
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002b5d6
ID des fehlerhaften Prozesses: 0xef0
Startzeit der fehlerhaften Anwendung: 0xhpqWmiEx.exe0
Pfad der fehlerhaften Anwendung: hpqWmiEx.exe1
Pfad des fehlerhaften Moduls: hpqWmiEx.exe2
Berichtskennung: hpqWmiEx.exe3
System errors:
=============
Error: (09/22/2014 06:16:08 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (09/22/2014 00:39:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (09/21/2014 11:38:49 PM) (Source: BTHUSB) (EventID: 17) (User: )
Description: Der lokale Bluetooth-Adapter ist aus einem unbekannten Grund fehlgeschlagen und wird nicht verwendet. Der Treiber wurde entladen.
Error: (09/21/2014 10:54:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP Software Framework Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (09/21/2014 07:53:47 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}
Microsoft Office Sessions:
=========================
Error: (09/22/2014 06:30:17 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (09/22/2014 06:21:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\MyName\Downloads\esetsmartinstaller_deu.exe
Error: (09/22/2014 00:39:31 AM) (Source: Validity USDK) (EventID: 40) (User: )
Description: Description is: 47
Error: (09/22/2014 00:39:30 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpqWmiEx.exe4.6.15.150a165a9hpqWmiEx.exe4.6.15.150a165a9c00000050002b5d650c01cfd5e469c58de2C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe262dc997-41e0-11e4-b531-005056c00008
Error: (09/21/2014 10:54:39 PM) (Source: Validity USDK) (EventID: 40) (User: )
Description: Description is: 47
Error: (09/21/2014 10:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: hpqWmiEx.exe4.6.15.150a165a9hpqWmiEx.exe4.6.15.150a165a9c00000050002b5d6ef001cfd5bfbcf2907eC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe7e3d7c3d-41d1-11e4-b531-005056c00008
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 34%
Total physical RAM: 8126.36 MB
Available physical RAM: 5311.73 MB
Total Pagefile: 16250.9 MB
Available Pagefile: 13283.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:674.31 GB) (Free:442.49 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_RECOVERY) (Fixed) (Total:19.03 GB) (Free:2.9 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (HP_TOOLS) (Fixed) (Total:4.98 GB) (Free:4.97 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: E76A04A3)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=674.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=19 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=5 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 67
Adobe Flash Player 15.0.0.152
Mozilla Firefox (32.0.2)
Mozilla Thunderbird (24.6.0)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Geändert von Roger Wilco (22.09.2014 um 19:43 Uhr) |
|
23.09.2014, 18:29
| #4 |
| /// the machine /// TB-Ausbilder | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Noch Probleme? Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.09.2014, 19:28
| #5 | ||
| | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite)Zitat:
Zitat:
Vielen Dank schrauber nochmals für Deine Hilfe!  Ist aus Deiner Sicht jetzt alles OK? |
|
25.09.2014, 11:17
| #6 |
| /// the machine /// TB-Ausbilder | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) |
|
25.09.2014, 17:13
| #7 |
| | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Fertig :-) |
|
26.09.2014, 12:12
| #8 |
| /// the machine /// TB-Ausbilder | Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Malware/Adware-Infektion nach Ausführung eines Setup-Paketes für Minecraft (u.a. istartsurf.com als Startseite) |
| antivirus, branding, conduitsearch, conduitsearch entfernen, converter, device driver, dvdvideosoft ltd., entfernen, fehlercode 0xc0000005, fehlercode windows, flash player, iexplore.exe, igdpmd64.sys, installation, internet, internet explorer, schutz, security, services.exe, svchost.exe, symantec, tracker, win32/downware.w, win32/installcore.qh, win32/toolbar.conduit, win32/toolbar.conduit.b, win32/toolbar.conduit.h, win32/toolbar.conduit.p, win32/toolbar.conduit.y, windows |
Linear-Darstellung
