|
Log-Analyse und Auswertung: Windows 7: PriceSparrow gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
07.10.2014, 19:06 | #1 |
| Windows 7: PriceSparrow gefunden Hallo! Am Sonntag, 05.10.2014, hatte ich ein Programm deinstalliert, über Systemsteuerung und Programme, dabei ist mir das Programm "PriceSparrow" aufgefallen. Da es mir nichts sagte, suchte ich im Internet danach und wurde fündig. Das Programm konnte ich normal deinstallieren und bin dabei nach den Anweisungen unter http://www.trojaner-board.de/148417-...entfernen.html vorgegangen. Im Anschluss bin habe ich den Anweisungen unter http://www.trojaner-board.de/69886-a...-beachten.html ausgeführt. Die Logs sind beigefügt. Es sind 11 Stück. Code:
ATTFilter 360 Internet Security Scan log Virus Database version: 2014-10-07 01:02 Date & time: 2014-10-07 07:42:24 Time elapsed: 07:50:22 Type: Full Scan Files scanned: 1786778 Threats: 124 Threats cleared: 123 Current scan settings ---------------------- Scanned all files: No Scanned Zip files: No Resolution: User to decide on resolution Scanned disk Boot Sector: Yes Scanned for Rootkit: No Used Cloud Engine: Yes QVM Engine: Yes Automatically repair: Yes AV Engine settings: BitDefender Scan content ---------------------- Overall Whitelist ---------------------- C:\Users\Sicherungssoldat\Desktop\Stadtgenerator.exe C:\Users\soldat *****\Desktop\stadtgenerator.exe D:\Downloads\Tools\Unstoppable Copier - CHIP-Installer.exe H:\Train Simulator\Utils\TSUnpack.exe J:\Strecken\Südosteuropa\Alföld\Alfold_6\Alfold_6.5.exe K:\Strecken\Nordamerika+Australien\installiert\MLT_Shu_V1.exe Scan results ====================== Virus scan results ---------------------- H:\Train Simulator\Utils\TSUnpack.exe HEUR/QVM07.0.Malware.Gen, 7 Unresolved C:\Windows\SysWOW64\LXtool60NSVC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted C:\Windows\SysWOW64\LxTool60VC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted C:\Windows\SysWOW64\LxTool65VC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted C:\Windows\SysWOW64\LXTool70NSVC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted C:\Windows\SysWOW64\LXTool70VC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted C:\Windows\SysWOW64\zvkonline65VC8.dll HEUR/QVM29.0.Malware.Gen, 29 Deleted D:\Downloads\LicenseCrawler - CHIP-Downloader.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted D:\Downloads\soft32_CPU-Z_1.0.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted E:\Privat\Privat\Fonts_Downloads\Installiert\DigitalNumberFont.exe HEUR/Malware.QVM07.Gen Deleted E:\Privat\Privat\Bewerbungsunterlagen\FAW\Privat\Downloads\Foxit Reader - CHIP-Downloader.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted E:\Privat\Privat\Sicherung_MM-Bahn\MM-Bilder\Eingänge\installiert\rola.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted E:\Privat\Privat\Sicherung_MM-Bahn\MM-Bilder\Eingänge\installiert\sbb_5.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted E:\Programme\MM_Bahn_V3\MM-Bilder\Eingänge\installiert\rola.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted E:\Programme\MM_Bahn_V3\MM-Bilder\Eingänge\installiert\sbb_5.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted G:\Eisenbahnsimulationen\SigVis.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted G:\Eisenbahnsimulationen\BAHN\BAHN388r1\examples\Netzeingänge\Wandernetz FB jbss BAHN_V2\Wandernetz FB jbss BAHN_V2.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted G:\Eisenbahnsimulationen\BAHN\BAHN400b3\examples\Netzeingänge\Wandernetz FB jbss BAHN_V2\Wandernetz FB jbss BAHN_V2.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted G:\Eisenbahnsimulationen\Loksim3D\EBuLa.exe HEUR/QVM03.0.Malware.Gen, 3 Deleted H:\TS_Nordamerika+Australien\ROUTES\KHP2UP\khp2up.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Aufgaben\athv3jcs.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\cabview_eu07_ep07_ep08.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\cabview_wismar_vt.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Conten1.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Conten2.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\conten3.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\CP2240.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\European_Intermodale_Pack_Sgns.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\E_I_P-Container-Texture.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\GRAN-CONFORT_PACK.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\GT_GT22CW.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\id-20.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\id-73.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\IORE_2.exe HEUR/QVM18.0.Malware.Gen, 18 Deleted K:\Fahrzeuge\NGT8D-Mittelteil.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\PKP-101A.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-101A_statyczne.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-Bh-x.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-Bh-x_2.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-Bh-x_doczepne.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-Bh-x_low.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKP-Bipa.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\PKPPPSW.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\Renfe_Shimms_mmb.exe HEUR/Malware.QVM05.Gen Deleted K:\Fahrzeuge\rail-trans_TE-4.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\Ro_40-0728-2_GTF.exe HEUR/Malware.QVM06.Gen Deleted K:\Fahrzeuge\Ro_40-2004-6_CFR_Calatori.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Ro_91-53-0-461-043-8_CFR.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Ro_91-53-0-474026-8_CFR.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Ro_91-53-0-478-001-7_DB.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\TP_141_OB4.exe HEUR/Malware.QVM07.Gen Deleted K:\Fahrzeuge\sound_en57-8.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\sound_eu07-469_eu07-470.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Thunderstorm.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\Uic-X_78-80_Vol.1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Uic-X_78-80_Vol.3.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\UIC-Z_PACK_v3.0.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\XRAB8900.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Fahrzeuge\Fahrzeuge_FS\Fs-ALe426-506-Taf_V2.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\Fs-E402A.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\FS-E464-Pack_v2.0.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\FS_D445_1112_Navetta.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\FS_E444_039.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\FS_MDVC_old_pack.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Fahrzeuge_FS\UIC-Z_PACK_v3.0.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\2009011.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\2009012.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\2009013.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\2009014.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\CSX SD70MAC.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Nordamerika_Australien\installiert\CSX_Engines1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Fahrzeuge\Osteuropa\tsrEMU_ER2K-626_v3_1_1.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Osteuropa\tsrLoco_2TE10L-0792_v2_1.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Osteuropa\tsrSound_Freight-2_v0_1_beta.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\Fahrzeuge\Osteuropa\zdsLoco_chs8-v3_0-patch_v3_1.exe HEUR/Malware.QVM06.Gen Deleted K:\Fahrzeuge\restl. Mitteleuropa\zsskc_752-040.exe HEUR/QVM05.0.Malware.Gen, 5 Deleted K:\sonstiges\aktualizacja_zestaw_samochodow.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\sonstiges\Reserve\tsunpack-fix.exe HEUR/QVM02.0.Malware.Gen, 2 Deleted K:\Strecken\aktualizacja_zestaw_samochodow.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\France006.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\LGEv2_1.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\LGE_Version3.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Patch_LGE_V2-2.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Patch_LGE_V2-3.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\PCA_V2.exe HEUR/QVM07.0.Malware.Gen, 7 Deleted K:\Strecken\Ruta_Timisoara-Arad.exe HEUR/QVM20.0.Malware.Gen, 20 Deleted K:\Strecken\SOUTH_AFRICA_3.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Transversale_Sud_V4_Upgrade.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\COLMENAR.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\FREJUS.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\ITALIA19-v3.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\ITALIA23.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\ITALIA29.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Linea_di_Valico.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Puglia1_V2.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Puglia2.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\PUGLIA2.sfx.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\scenarioITA.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Siracusa-Modica.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Strecke_SOB.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\SUD-ITALIA_01_v1.0.sfx.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Sud-Piemonte.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Sud_Piemonte.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\taufererbahn.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\Tirrenica_v2.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\ZONA NORTE.part01.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Italien\LARGA DISTANCIA\LARGA DISTANCIA.part1.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Nordamerika+Australien\installiert\CajonPass4.1.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\CajonPass4.2.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\CajonPass4.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\Mlt Rogers Pass 1 Setup.exe HEUR/QVM20.0.Malware.Gen, 20 Deleted K:\Strecken\Nordamerika+Australien\installiert\MLT_Shu_V1.exe HEUR/QVM20.0.Malware.Gen, 20 Unresolved K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\ClickerFIx.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\F_EunitCabviews.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\GMOSS.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\GMOSSCONSISTfiles.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\GMOSS_power.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\GMOSS_RollingStock.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Nordamerika+Australien\installiert\GM&OSS\LightingUpdateGMO100A.exe HEUR/QVM01.0.Malware.Gen, 1 Deleted K:\Strecken\Osteuropa\BMO_1.5_Patch.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Westeuropa\BREST-RENNES.part01.exe HEUR/Malware.QVM06.Gen Deleted K:\Strecken\Südosteuropa\120a_v31.exe HEUR/QVM07.0.Malware.Gen, 7 Deleted K:\Strecken\Südosteuropa\athv3jcs.exe HEUR/QVM06.0.Malware.Gen, 6 Deleted K:\Strecken\Westeuropa\CFL\CFL-ROUTEv0.5.exe HEUR/QVM07.0.Malware.Gen, 7 Deleted Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Sicherungssoldat at 2014-10-06 21:56:54 Running from C:\Users\Soldat *******\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D} AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.) 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.3.1485 - Open Media LLC) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.) AMD Catalyst Install Manager (HKLM\...\{DD86C046-D5AB-954F-EBB7-592EB36BD196}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Baidu Spark Browser (HKLM-x32\...\Spark) (Version: 33.8 Preview - Baidu Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Catalyst Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP) ClipGrab 3.4.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation) CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG) Lexware financial office pro 2011 (HKLM-x32\...\{32273D9C-3867-4CDA-839F-B097B5C7AFA6}) (Version: 11.11.00.0122 - Haufe-Lexware GmbH & Co.KG) Lexware financial office pro 2011 (x32 Version: 11.00.00.0089 - ) Hidden Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lexware professional Datenbank 2011 (HKLM-x32\...\{92A9A692-E26D-4CC1-B2D3-0674963241D8}) (Version: 11.00.00.0070 - Haufe-Lexware GmbH & Co.KG) LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 5 Toolkit December 2011 (HKLM-x32\...\{EC35EE8E-87D1-4E3E-B5CC-D8B1544615F5}) (Version: 5.0.51209.1124 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden ÖBB Sommer 2014 (HKLM-x32\...\ÖBB Sommer 2014) (Version: - ) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.9.1 - Shark007) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann) Zusi 3.0.6 (Demo) (HKLM-x32\...\www.zusi.de/zusi3/demo_is1) (Version: 3 - Carsten Hölscher) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-10-2014 17:58:27 Removed PriceSparrow ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019A992C-ADEF-4375-A69C-0BF4A0011683} - System32\Tasks\Abelssoft\Updater scan => D:\Programme\CHIP Updater\CHIPUpdater.exe Task: {0CC42FDD-1A23-4B51-80E2-1275826F9FB6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {3BA01D17-B43E-4CA0-8E81-4EBB3A1165CD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {4EB53C01-3007-43F9-AB5A-B967ECF90184} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation) Task: {5EBE8C1D-A54B-4FC1-8409-598E1C2DB129} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2014-08-15] (Sun Microsystems, Inc.) Task: {7A1BD737-9848-4755-8CC5-F0A0432A21C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe Task: {7AE7BC72-65C3-4239-B4C2-675035744D42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe Task: {A77BD2F7-F586-4A3A-AFC7-85AC5C4C7786} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {F07F1EB2-CDA5-42ED-8BFF-DFDB796B0EAF} - System32\Tasks\AdobeAAMUpdater-1.0-Airsoft-Sicherungssoldat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\SparkUpdater.job => D:\Programme\baidu\Spark\sparkupdate.exe Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013.job => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-14 23:22 - 2014-07-02 20:55 - 00116568 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-22 04:24 - 2013-03-22 04:24 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-08-16 00:05 - 2014-08-16 00:05 - 00075064 ____C () C:\Windows\SysWOW64\PnkBstrA.exe 2014-09-17 22:44 - 2010-08-24 19:06 - 00085840 ____C () C:\Program Files (x86)\Trend Micro\RUBotted\hc_help.dll 2014-09-11 11:20 - 2014-09-11 11:20 - 16825520 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00835584 ____C () D:\Programme\Opera12.16\gstreamer\gstreamer.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00093696 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstaudioconvert.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00094208 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstaudioresample.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00057344 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstautodetect.dll 2014-08-14 20:27 - 2013-09-16 07:33 - 00106496 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstcoreelements.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00096256 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstcoreplugins.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00062976 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstdecodebin2.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00067072 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstdirectsound.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00158208 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstffmpegcolorspace.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00312832 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstoggdec.dll 2014-08-14 20:27 - 2013-09-16 07:33 - 00045568 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gsttypefindfunctions.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00038912 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstwaveform.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00073728 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstwavparse.dll 2014-08-14 20:27 - 2014-08-06 09:53 - 00101888 ____C () D:\Programme\Opera12.16\gstreamer\plugins\gstwebmdec.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3175981096-3180708583-1335833889-500 - Administrator - Disabled) Gast (S-1-5-21-3175981096-3180708583-1335833889-501 - Limited - Disabled) Sicherungssoldat (S-1-5-21-3175981096-3180708583-1335833889-1000 - Administrator - Enabled) => C:\Users\Sicherungssoldat Soldat ******* (S-1-5-21-3175981096-3180708583-1335833889-1002 - Limited - Enabled) => C:\Users\Soldat ******* ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/06/2014 09:43:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/06/2014 03:42:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/06/2014 03:39:45 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/06/2014 03:34:05 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/06/2014 03:26:28 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/06/2014 02:30:32 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Ungültige XML-Syntax. Error: (10/06/2014 00:19:18 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/05/2014 10:35:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/05/2014 10:26:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2014-10-12T20:05:36Z. Fehlercode: 0x80070032. Error: (10/05/2014 10:17:37 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (10/05/2014 09:59:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/05/2014 09:59:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht. Error: (10/05/2014 09:52:23 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Microsoft Office Sessions: ========================= Error: (10/06/2014 09:43:05 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *******\Desktop\esetsmartinstaller_enu.exe Error: (10/06/2014 03:42:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *******\Desktop\esetsmartinstaller_enu.exe Error: (10/06/2014 03:39:45 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: K:\Strecken\install_jaszk-nagyb_3.exeK:\Strecken\install_jaszk-nagyb_3.exe0 Error: (10/06/2014 03:34:05 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: K:\Strecken\install_jaszk-nagyb_3.exeK:\Strecken\install_jaszk-nagyb_3.exe0 Error: (10/06/2014 03:26:28 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: K:\Strecken\install_jaszk-nagyb_3.exeK:\Strecken\install_jaszk-nagyb_3.exe0 Error: (10/06/2014 02:30:32 PM) (Source: SideBySide) (EventID: 59) (User: ) Description: K:\Strecken\install_jaszk-nagyb_3.exeK:\Strecken\install_jaszk-nagyb_3.exe0 Error: (10/06/2014 00:19:18 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *******\Desktop\esetsmartinstaller_enu.exe Error: (10/05/2014 10:35:28 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *******\Desktop\esetsmartinstaller_enu.exe Error: (10/05/2014 10:26:36 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x800700322014-10-12T20:05:36Z Error: (10/05/2014 10:17:37 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *******\Desktop\esetsmartinstaller_enu.exe CodeIntegrity Errors: =================================== Date: 2014-08-14 22:18:53.770 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:53.739 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:51.680 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:51.649 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics Percentage of memory in use: 64% Total physical RAM: 4044.37 MB Available physical RAM: 1440.8 MB Total Pagefile: 10108.55 MB Available Pagefile: 7191.06 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:99.9 GB) (Free:48.04 GB) NTFS Drive d: (Programme) (Fixed) (Total:100 GB) (Free:60.82 GB) NTFS Drive e: (Privat) (Fixed) (Total:100 GB) (Free:71.42 GB) NTFS Drive f: (Bilder) (Fixed) (Total:100 GB) (Free:79.35 GB) NTFS Drive g: (Eisenbahnsim) (Fixed) (Total:65.76 GB) (Free:55.69 GB) NTFS Drive h: (Train Simulator) (Fixed) (Total:863.15 GB) (Free:739.66 GB) NTFS Drive j: (Windows 8.1) (Fixed) (Total:68.36 GB) (Free:37.76 GB) NTFS Drive k: (MSTS-Eingänge) (Fixed) (Total:600 GB) (Free:263.49 GB) NTFS Drive l: (Video) (Fixed) (Total:600 GB) (Free:86.79 GB) NTFS Drive m: (BackUp) (Fixed) (Total:197.26 GB) (Free:115.49 GB) NTFS Drive n: (Airsoft_Steppenwolf) (Fixed) (Total:465.76 GB) (Free:79.54 GB) NTFS Drive p: (MSTS-BackUp) (Fixed) (Total:232.88 GB) (Free:218.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01FB6B10) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=265.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=863.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (Size: 1397.3 GB) (Disk ID: 0003B4F9) Partition 1: (Not Active) - (Size=600 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=600 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=197.3 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BEF6F73E) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 5 (Size: 232.9 GB) (Disk ID: 36B69625) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 05/10/2014 um 20:55:47 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Sicherungssoldat # Gestartet von : C:\Users\Soldat *******\Desktop\AdwCleaner_3.311.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : SearchAnonymizer ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\b97w12gl.default\foxydeal.sqlite Datei Gefunden : C:\Users\Soldat *******\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\foxydeal.sqlite Ordner Gefunden : C:\Program Files (x86)\baidu Ordner Gefunden : C:\ProgramData\baidu Ordner Gefunden : C:\Users\Public\Documents\baidu Ordner Gefunden : C:\Users\SICHER~1\AppData\Local\Temp\baidu Ordner Gefunden : C:\Users\SICHER~1\AppData\Local\Temp\OCS Ordner Gefunden : C:\Users\Sicherungssoldat\AppData\Roaming\baidu Ordner Gefunden : C:\Users\Sicherungssoldat\AppData\Roaming\dvdvideosoftiehelpers Ordner Gefunden : C:\Users\Sicherungssoldat\AppData\Roaming\OCS Ordner Gefunden : C:\Users\Soldat ******\AppData\Roaming\baidu ***** [ Tasks ] ***** Task Gefunden : pricesparrowSWU ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\Ciuvo Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\Ciuvo Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v [ Datei : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\b97w12gl.default\prefs.js ] [ Datei : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\prefs.js ] [ Datei : C:\Users\Soldat ******\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3305 octets] - [05/10/2014 20:55:47] ########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [3365 octets] ########## Code:
ATTFilter # AdwCleaner v3.311 - Bericht erstellt am 05/10/2014 um 20:57:23 # Aktualisiert 30/09/2014 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Sicherungssoldat - AIRSOFT # Gestartet von : C:\Users\Soldat ******\Desktop\AdwCleaner_3.311.exe # Option : Löschen ***** [ Dienste ] ***** Dienst Gelöscht : SearchAnonymizer ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\ProgramData\baidu Ordner Gelöscht : C:\Program Files (x86)\baidu Ordner Gelöscht : C:\Users\SICHER~1\AppData\Local\Temp\baidu Ordner Gelöscht : C:\Users\SICHER~1\AppData\Local\Temp\OCS Ordner Gelöscht : C:\Users\Public\Documents\baidu Ordner Gelöscht : C:\Users\Sicherungssoldat\AppData\Roaming\baidu Ordner Gelöscht : C:\Users\Sicherungssoldat\AppData\Roaming\dvdvideosoftiehelpers Ordner Gelöscht : C:\Users\Sicherungssoldat\AppData\Roaming\OCS Ordner Gelöscht : C:\Users\Soldat ******\AppData\Roaming\baidu Datei Gelöscht : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\b97w12gl.default\foxydeal.sqlite Datei Gelöscht : C:\Users\Soldat ******\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\foxydeal.sqlite ***** [ Tasks ] ***** Task Gelöscht : pricesparrowSWU ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3F2DC1E7-A56F-49D8-B0CF-DB2300594497} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gelöscht : HKCU\Software\Ciuvo Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchAnonymizer ***** [ Browser ] ***** -\\ Internet Explorer v11.0.9600.17280 -\\ Mozilla Firefox v [ Datei : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\b97w12gl.default\prefs.js ] [ Datei : C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\prefs.js ] [ Datei : C:\Users\Soldat ******\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default\prefs.js ] ************************* AdwCleaner[R0].txt - [3459 octets] - [05/10/2014 20:55:47] AdwCleaner[S0].txt - [3280 octets] - [05/10/2014 20:57:23] ########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [3340 octets] ########## Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 21:53 on 06/10/2014 (Sicherungssoldat) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Sicherungssoldat (administrator) on AIRSOFT on 06-10-2014 21:55:43 Running from C:\Users\Soldat ******\Desktop Loaded Profiles: Sicherungssoldat & Soldat ****** (Available profiles: Sicherungssoldat & Soldat ******) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe (Baidu Inc.) D:\Programme\baidu\Spark\sparkservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Elaborate Bytes AG) D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Opera Software) D:\Programme\Opera12.16\opera.exe (Microsoft Corporation) C:\Windows\System32\taskmgr.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7018568 2013-02-22] (Realtek Semiconductor) HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-06-12] (CyberGhost S.R.L.) HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\MountPoints2: {e473a940-23ed-11e4-b718-806e6f6e6963} - A:\DVDSetup.exe HKU\S-1-5-21-3175981096-3180708583-1335833889-1002\...\MountPoints2: {d575754e-23f2-11e4-8793-806e6f6e6963} - I:\Setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) Startup: C:\Users\Soldat ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> D:\Programme\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Programme\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.) [File not signed] S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.) R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-08-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L) R2 SparkSvc; D:\Programme\baidu\Spark\sparkservice.exe [80576 2014-08-04] (Baidu Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.) S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.) R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R2 WiseFS; D:\Programme\Wise\WiseFs64.sys [10280 2014-03-14] () S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [X] S3 MSICDSetup; \??\G:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-06 21:55 - 2014-10-06 21:56 - 00017140 ____C () C:\Users\Soldat ******\Desktop\FRST.txt 2014-10-06 21:55 - 2014-10-06 21:55 - 00000000 ___DC () C:\FRST 2014-10-06 21:54 - 2014-10-06 21:55 - 02109952 ____C (Farbar) C:\Users\Soldat ******\Desktop\FRST64.exe 2014-10-06 21:52 - 2014-10-06 21:52 - 00000000 ____C () C:\Users\Sicherungssoldat\defogger_reenable 2014-10-06 21:50 - 2014-10-06 21:53 - 00000000 ___DC () C:\Users\Soldat ******\Desktop\Sicherungen 2014-10-06 21:44 - 2014-10-06 21:52 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\360safe 2014-10-06 21:44 - 2014-10-06 21:44 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\360SD 2014-10-05 22:09 - 2014-10-05 22:09 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-10-05 22:07 - 2014-10-05 22:07 - 00001862 ____C () C:\sc-cleaner.txt 2014-10-05 21:05 - 2014-10-05 21:05 - 00000000 ___DC () C:\Windows\ERUNT 2014-10-05 20:59 - 2014-10-05 20:59 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\Baidu 2014-10-05 20:59 - 2014-10-05 20:59 - 00000000 ___DC () C:\Users\Public\Documents\Baidu 2014-10-05 20:00 - 2014-10-05 20:00 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-05 20:00 - 2014-10-05 20:00 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-05 20:00 - 2014-10-05 20:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-10-05 20:00 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-05 20:00 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-05 20:00 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-04 22:26 - 2014-10-04 22:26 - 00000329 ____C () C:\Users\Sicherungssoldat\Desktop\HP Druckerdiagnosetools.url 2014-10-04 22:11 - 2014-10-04 22:23 - 00000000 ____C () C:\Users\Soldat ******\AppData\Roaming\FileOut.cns 2014-10-04 22:11 - 2014-10-04 22:23 - 00000000 ____C () C:\Users\Soldat ******\AppData\Roaming\FileIn.cns 2014-10-03 16:59 - 2014-10-03 16:59 - 00000724 ____C () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2014-10-03 16:59 - 2014-10-03 16:59 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2014-10-03 16:59 - 2014-09-09 17:29 - 00910920 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2014-10-03 16:59 - 2014-09-09 17:27 - 00129168 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2014-10-02 19:51 - 2014-10-02 19:51 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\Adobe 2014-10-02 10:40 - 2014-10-02 10:40 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\Canneverbe Limited 2014-10-02 10:40 - 2014-10-02 10:40 - 00000000 ___DC () C:\ProgramData\Canneverbe Limited 2014-10-02 10:39 - 2014-10-02 10:39 - 00000805 ____C () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-10-02 10:39 - 2014-10-02 10:39 - 00000743 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-10-02 10:39 - 2014-10-02 10:39 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\Canneverbe Limited 2014-10-02 00:36 - 2014-10-02 00:36 - 00000000 RSHDC () C:\360SANDBOX 2014-10-01 20:17 - 2014-10-01 20:25 - 00000000 ___DC () C:\Users\Sicherungssoldat\VirtualBox VMs 2014-10-01 19:58 - 2014-10-05 17:26 - 00000000 ___DC () C:\Users\Soldat ******\VirtualBox VMs 2014-10-01 18:35 - 2014-10-01 18:35 - 00000000 ___DC () C:\Users\Public\Documents\sun 2014-10-01 08:47 - 2014-10-01 11:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-01 08:47 - 2014-10-01 11:25 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 21:18 - 2014-09-30 21:18 - 00001183 ____C () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-30 21:18 - 2014-09-30 21:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-30 20:33 - 2014-09-30 20:36 - 220827648 ____C () C:\Users\Soldat ******\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-28 14:16 - 2014-09-28 16:28 - 00000709 ____C () C:\Users\Soldat ******\Desktop\Kommentar zu FB.txt 2014-09-28 02:07 - 2014-09-28 02:07 - 00001250 ____C () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-09-28 02:07 - 2014-09-28 02:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-09-28 01:58 - 2014-09-28 02:10 - 00000000 ___DC () C:\Users\Soldat ******\Documents\DVDVideoSoft 2014-09-28 01:58 - 2014-09-28 02:10 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\DVDVideoSoft 2014-09-25 12:14 - 2014-09-25 12:14 - 00000478 ____C () C:\Users\Sicherungssoldat\Documents\OEBBPN.CFG 2014-09-25 11:59 - 2014-09-25 11:59 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\HaCon 2014-09-25 11:57 - 2014-09-25 11:59 - 00000432 ____C () C:\Users\Soldat ******\Documents\OEBBPN.CFG 2014-09-25 11:57 - 2014-09-25 11:57 - 00000674 ____C () C:\Users\Soldat ******\Desktop\ÖBB Sommer 2014.lnk 2014-09-25 11:57 - 2014-09-25 11:57 - 00000674 ____C () C:\Users\Sicherungssoldat\Desktop\ÖBB Sommer 2014.lnk 2014-09-25 11:57 - 2014-09-25 11:57 - 00000021 ____C () C:\Windows\progman.ini 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\HaCon 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\HaCon 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÖBB 2014-09-25 11:55 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\HaCon 2014-09-25 11:55 - 2014-09-25 11:57 - 00000000 ___DC () C:\ProgramData\HaCon 2014-09-25 11:48 - 2014-09-25 11:48 - 00001058 ____C () C:\Users\Soldat ******\Desktop\WinHTTrack.lnk 2014-09-24 10:19 - 2014-09-25 00:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-24 10:19 - 2014-09-25 00:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 08:31 - 2014-09-23 08:31 - 00000970 ____C () C:\Users\Soldat ******\Desktop\Steam.lnk 2014-09-22 17:29 - 2014-09-30 20:31 - 00000416 ____C () C:\Windows\Tasks\SparkUpdater.job 2014-09-22 17:29 - 2014-09-22 17:29 - 00000925 ____C () C:\Users\Public\Desktop\Baidu Spark Browser.lnk 2014-09-22 17:29 - 2014-09-22 17:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser 2014-09-20 22:38 - 2014-09-20 22:41 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\Deployment 2014-09-20 22:38 - 2014-09-20 22:38 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\Apps\2.0 2014-09-19 11:52 - 2014-09-04 21:14 - 00038048 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 11:52 - 2014-09-04 21:14 - 00032416 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-19 00:05 - 2014-10-05 10:28 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\TeamViewer 2014-09-18 15:20 - 2014-09-18 15:20 - 00001312 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-18 15:20 - 2014-09-18 15:20 - 00000000 ___DC () C:\Windows\de 2014-09-18 15:05 - 2014-09-18 18:08 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\Windows Live 2014-09-18 15:04 - 2014-09-18 15:19 - 00001381 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-09-18 15:03 - 2014-09-18 15:18 - 00000000 ___DC () C:\Program Files (x86)\Windows Live 2014-09-18 15:03 - 2014-09-18 15:03 - 00000000 ___DC () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-18 15:01 - 2010-06-02 04:55 - 00527192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00518488 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00077656 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00074072 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-09-18 15:01 - 2010-05-26 11:41 - 02526056 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-09-18 15:00 - 2009-09-04 17:29 - 00523088 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-09-18 15:00 - 2009-09-04 17:29 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-09-18 14:57 - 2014-09-18 14:57 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\Windows Live 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\Program Files (x86)\WinPcap 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\Program Files (x86)\Trend Micro 2014-09-17 22:43 - 2014-09-17 22:43 - 06229392 ____C (Trend Micro, Inc. ) C:\Users\Soldat ******\Downloads\RUBottedSetup.exe 2014-09-15 17:29 - 2014-09-15 17:29 - 00000743 ____C () C:\Users\Sicherungssoldat\Desktop\Z-defrag.lnk 2014-09-15 17:29 - 2014-09-15 17:29 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM 2014-09-15 16:27 - 2014-07-24 13:01 - 00028672 ____C () C:\Users\Soldat ******\Desktop\memtest.exe 2014-09-13 15:08 - 2014-09-13 15:08 - 00000848 ____C () C:\Users\Soldat ******\Desktop\BAHN 4.00 BETA 3.lnk 2014-09-13 15:08 - 2014-09-13 15:08 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BAHN 4.00 2014-09-11 17:22 - 2014-09-11 17:22 - 00000000 ___DC () C:\Users\Soldat ******\Documents\Adobe 2014-09-11 03:09 - 2014-09-11 03:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:09 - 2014-09-11 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:09 - 2014-09-11 03:10 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:09 - 2014-09-11 03:10 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:09 - 2014-09-11 03:10 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:01 - 2014-09-11 03:01 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:01 - 2014-09-11 03:01 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 01:57 - 2014-09-11 03:14 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 01:57 - 2014-09-11 03:14 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 01:56 - 2014-09-11 03:08 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 01:56 - 2014-09-11 03:08 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 01:05 - 2014-09-29 21:09 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\.minecraft 2014-09-09 17:27 - 2014-09-09 17:27 - 00157448 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2014-09-09 17:27 - 2014-09-09 17:27 - 00142528 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2014-09-09 17:26 - 2014-09-09 17:26 - 00205352 ____C (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2014-09-09 02:42 - 2014-09-09 02:42 - 00001433 ____C () C:\Users\Soldat ******\Desktop\Zusi3 - DEMO.lnk 2014-09-08 22:06 - 2014-09-11 12:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zusi 3-Demo 2014-09-08 22:05 - 2014-09-11 12:50 - 00000000 ___DC () C:\Program Files (x86)\Zusi3Demo 2014-09-08 22:05 - 2014-09-08 22:06 - 00000000 ___DC () C:\Users\Public\Documents\Zusi3Demo 2014-09-08 01:22 - 2014-09-08 01:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 Toolkit December 2011 2014-09-08 01:22 - 2014-09-08 01:22 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2014-09-08 01:22 - 2014-09-08 01:22 - 00000000 ___DC () C:\Program Files (x86)\Microsoft SDKs 2014-09-07 23:57 - 2014-09-07 23:57 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\Sirrix AG 2014-09-07 23:54 - 2014-09-08 23:04 - 00000000 ___DC () C:\ProgramData\Sirrix AG 2014-09-07 12:17 - 2014-09-07 12:17 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 2014-09-07 12:17 - 2014-09-07 12:17 - 00000000 ___DC () C:\Program Files\Personal Backup 5 2014-09-07 12:16 - 2014-09-07 12:39 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\PersBackup5 2014-09-07 12:16 - 2014-09-07 12:16 - 00000000 ___DC () C:\Users\Soldat ******\Documents\PersBackup ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-06 21:55 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-06 21:55 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-06 21:52 - 2014-08-14 22:10 - 00000000 ___DC () C:\Users\Sicherungssoldat 2014-10-06 21:45 - 2014-08-14 22:05 - 01402437 ____C () C:\Windows\WindowsUpdate.log 2014-10-06 21:44 - 2014-08-14 22:52 - 00000000 ___DC () C:\ProgramData\360SD 2014-10-05 22:28 - 2014-08-20 18:42 - 00000000 ___DC () C:\Windows\Minidump 2014-10-05 21:58 - 2014-08-14 23:23 - 00000000 ___DC () C:\ProgramData\NVIDIA 2014-10-05 21:03 - 2014-08-14 22:52 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\360safe 2014-10-05 20:18 - 2014-08-16 15:50 - 00000000 ___DC () C:\Users\Sicherungssoldat\Desktop\sonstige Bilder 2014-10-05 20:01 - 2014-08-16 15:10 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\TuneUp Software 2014-10-05 19:47 - 2014-08-15 22:10 - 00000000 ___DC () C:\Windows\system32\appmgmt 2014-10-05 19:32 - 2014-08-16 16:59 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\MediaMonkey 2014-10-05 19:17 - 2014-08-15 22:48 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\TuneUp Software 2014-10-05 19:17 - 2014-08-15 22:47 - 00000000 ___DC () C:\ProgramData\TuneUp Software 2014-10-05 18:57 - 2014-08-15 22:47 - 00000000 _SHDC () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-10-05 18:53 - 2014-08-16 02:28 - 00000000 ___DC () C:\Program Files (x86)\Yahoo! 2014-10-05 18:32 - 2014-08-16 23:36 - 00000000 ___DC () C:\Users\Soldat ******\.VirtualBox 2014-10-05 01:05 - 2014-08-16 17:36 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\streamWriter 2014-10-04 22:26 - 2014-08-23 17:30 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\HpUpdate 2014-10-03 17:03 - 2014-08-16 01:22 - 00000000 ___DC () C:\Users\Sicherungssoldat\.VirtualBox 2014-10-02 19:51 - 2014-08-14 23:22 - 00220488 ____C () C:\Users\Sicherungssoldat\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-02 10:40 - 2014-08-27 00:33 - 00220488 ____C () C:\Users\Soldat ******\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-02 09:42 - 2014-08-14 22:10 - 00000000 _SHDC () C:\Recovery 2014-10-01 20:50 - 2014-08-17 22:10 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\vlc 2014-10-01 19:58 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ****** 2014-10-01 08:39 - 2009-07-14 06:45 - 05459024 ____C () C:\Windows\system32\FNTCACHE.DAT 2014-09-28 02:07 - 2014-08-15 22:46 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\DVDVideoSoft 2014-09-22 20:39 - 2014-08-16 15:11 - 00000000 ___DC () C:\Users\Soldat ******\Desktop\sonstige Bilder 2014-09-22 16:44 - 2014-08-23 22:29 - 00000866 ____C () C:\Users\Sicherungssoldat\Desktop\4K Video Downloader.lnk 2014-09-22 16:44 - 2014-08-23 22:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2014-09-19 11:57 - 2014-08-14 23:24 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\NVIDIA Corporation 2014-09-19 11:57 - 2014-08-14 23:24 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\NVIDIA 2014-09-19 11:56 - 2014-08-14 23:05 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation 2014-09-18 22:04 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Roaming\Adobe 2014-09-18 15:02 - 2009-07-14 05:20 - 00000000 ___DC () C:\Program Files\Common Files\Microsoft Shared 2014-09-17 04:13 - 2014-08-14 23:24 - 02193560 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:13 - 2014-08-14 23:24 - 01291280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-17 04:12 - 2014-08-14 23:24 - 02799784 ____C (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-17 04:12 - 2014-08-14 23:24 - 01715224 ____C (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-16 15:59 - 2011-04-12 09:43 - 00699416 ____C () C:\Windows\system32\perfh007.dat 2014-09-16 15:59 - 2011-04-12 09:43 - 00149556 ____C () C:\Windows\system32\perfc007.dat 2014-09-16 15:59 - 2009-07-14 07:13 - 01620612 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-09-16 08:06 - 2014-08-16 15:11 - 00000848 ____C () C:\Users\Soldat ******\Desktop\BAHN 3.88 R1.lnk 2014-09-15 16:51 - 2014-08-15 00:00 - 00001109 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-15 16:51 - 2014-08-15 00:00 - 00001097 ____C () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-15 16:22 - 2014-08-15 22:40 - 00000730 ____C () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-13 19:43 - 2014-08-16 15:47 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\Mozilla 2014-09-11 18:08 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\Adobe 2014-09-11 11:20 - 2014-08-17 15:14 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 11:20 - 2014-08-17 15:14 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 11:20 - 2014-08-17 15:14 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 03:07 - 2014-08-14 23:11 - 01593956 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:06 - 2014-08-15 12:20 - 00000000 ___DC () C:\Windows\system32\MRT 2014-09-11 03:02 - 2014-08-15 12:19 - 101694776 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 03:01 - 2014-08-15 02:31 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-09-09 02:00 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\NVIDIA 2014-09-09 01:59 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\NVIDIA Corporation 2014-09-07 13:41 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ******\AppData\Local\VirtualStore Some content of TEMP: ==================== C:\Users\Sicherungssoldat\AppData\Local\Temp\Quarantine.exe C:\Users\Sicherungssoldat\AppData\Local\Temp\TUUUninstallHelper.exe C:\Users\Soldat ******\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-14 22:02 ==================== End Of Log ============================ Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net Rootkit scan 2014-10-06 22:12:05 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006c HGST_HTS rev.GG2O 465,76GB Running: Gmer-19357.exe; Driver: C:\Users\SICHER~1\AppData\Local\Temp\uwddrpoc.sys ---- Kernel code sections - GMER 2.1 ---- INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80002ffd000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...] INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff80002ffd02f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...] ---- User code sections - GMER 2.1 ---- .text D:\Programme\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771b1465 2 bytes [1B, 77] .text D:\Programme\ Malwarebytes Anti-Malware \mbam.exe[1584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771b14bb 2 bytes [1B, 77] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771b1465 2 bytes [1B, 77] .text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3220] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771b14bb 2 bytes [1B, 77] .text ... * 2 .text C:\Program Files\360\360 Internet Security\360sdUpd.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771b1465 2 bytes [1B, 77] .text C:\Program Files\360\360 Internet Security\360sdUpd.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771b14bb 2 bytes [1B, 77] .text ... * 2 .text C:\Users\Soldat ******\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000771b1465 2 bytes [1B, 77] .text C:\Users\Soldat ******\Desktop\Gmer-19357.exe[5364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000771b14bb 2 bytes [1B, 77] .text ... * 2 ---- EOF - GMER 2.1 ---- Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.0 (10.05.2014:1) OS: Windows 7 Professional x64 Ran by Sicherungssoldat on 05.10.2014 at 21:48:11,89 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 05.10.2014 at 21:52:16,91 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 05.10.2014 Suchlauf-Zeit: 20:01:49 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.10.05.07 Rootkit Datenbank: v2014.09.19.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Sicherungssoldat Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 371141 Verstrichene Zeit: 13 Min, 14 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 1 PUP.Optional.Ciuvo.A, HKU\S-1-5-21-3175981096-3180708583-1335833889-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, In Quarantäne, [859668a908740f27be8648d8fa09de22], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 2 PUP.Optional.OpenCandy, C:\Users\Sicherungssoldat\AppData\Roaming\OpenCandy, In Quarantäne, [2cef71a0a0dcd95d0337845ec53d8977], PUP.Optional.OpenCandy, C:\Users\Sicherungssoldat\AppData\Roaming\OpenCandy\FD4A1AC3BF0041D8B255A3EC06C50B80, In Quarantäne, [2cef71a0a0dcd95d0337845ec53d8977], Dateien: 2 PUP.Optional.Somoto, C:\Users\Sicherungssoldat\AppData\Local\Temp\nsvAC0A.tmp, In Quarantäne, [ce4d27ea0a72b1854dcd03aaab5615eb], PUP.Optional.OpenCandy, C:\Users\Sicherungssoldat\AppData\Roaming\OpenCandy\FD4A1AC3BF0041D8B255A3EC06C50B80\TuneUp2014GER15day-de-DE-p4v1.exe, In Quarantäne, [2cef71a0a0dcd95d0337845ec53d8977], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Shortcut Cleaner 1.3.3 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 7 Professional Service Pack 1 Program started at: 10/05/2014 10:07:09 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Windows\Start Menu\ Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ Searching C:\Users\Public\Desktop\ Searching C:\Users\Sicherungssoldat\Desktop 0 bad shortcuts found. Program finished at: 10/05/2014 10:07:13 PM Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=baa4801414dd394fbb4aa2fd8ee213a8 # engine=20454 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-05 08:17:22 # local_time=2014-10-05 10:17:22 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1199 164170092 0 0 # compatibility_mode_1='360 Internet Security' # compatibility_mode=16386 16777213 100 100 0 51265649 0 0 # scanned=11228 # found=0 # cleaned=0 # scan_time=321 ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=baa4801414dd394fbb4aa2fd8ee213a8 # engine=20454 # end=stopped # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-05 08:31:44 # local_time=2014-10-05 10:31:44 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 1206 164170954 0 0 # compatibility_mode_1='360 Internet Security' # compatibility_mode=16386 16777213 100 100 0 51266511 0 0 # scanned=15142 # found=0 # cleaned=0 # scan_time=700 ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetesets_scanner_update returned -1 esets_gle=12 # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=baa4801414dd394fbb4aa2fd8ee213a8 # engine=20454 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-10-06 07:40:18 # local_time=2014-10-06 09:40:18 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 84520 164254268 0 0 # compatibility_mode_1='360 Internet Security' # compatibility_mode=16386 16777213 100 100 0 51349825 0 0 # scanned=2504028 # found=18 # cleaned=0 # scan_time=82915 sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="C:\Users\Soldat *******\Desktop\AdwCleaner\Quarantine\C\Users\SICHER~1\AppData\Local\Temp\OCS\ocs_v71.exe.vir" sh=057D9547C4437DE608217EDD89677F3A92096D3C ft=1 fh=dfbdf2a3096f94da vn="Win32/DownWare.L potentially unwanted application" ac=I fn="D:\Downloads\32bit_Standard_v191.exe" sh=19876B0C21073CE7AC4725124851FC36B7EA7301 ft=1 fh=31b372839de59c7b vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="D:\Downloads\cbsidlm-cbsi188-Wise_Folder_Hider-BP-75713475.exe" sh=EF4B8318F3918A9DD58601AB4C15C487AA96369C ft=1 fh=41fda79897570127 vn="a variant of Win32/ELEX.P potentially unwanted application" ac=I fn="D:\Downloads\FoxitReader611.1025_L10N_Setup.exe" sh=25743FBA2F85E189545A2E4450F8F3A8713F641B ft=1 fh=efa493b7e887d2d9 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="D:\Downloads\LicenseCrawler - CHIP-Downloader.exe" sh=2BE21C4D64689BA1D908AF950DAA6389D538FE16 ft=1 fh=ff54dd80b0e376c2 vn="a variant of Win32/DownloadGuide.A potentially unwanted application" ac=I fn="D:\Downloads\soft32_CPU-Z_1.0.exe" sh=887837EF98F416D96FA525721AC5B88B6EE179D8 ft=1 fh=a37f5c05b7c3e434 vn="Win32/DownloadAdmin.H potentially unwanted application" ac=I fn="D:\Downloads\Tools\Hotspot-Shield-649.exe" sh=9EB429BDEBD7BB1CC32C499D45A1AE1E96FADFD8 ft=1 fh=334ec3ddcb0d2c81 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="E:\Privat\Privat\Bewerbungsunterlagen\FAW\Privat\Downloads\Foxit Reader - CHIP-Downloader.exe" sh=83346C6DD9FC96D246CF9B2E236C2FF938F9CA1E ft=0 fh=0000000000000000 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\32bit_Standard_v191.exe.gz" sh=3837F99F00CDD33CBE853C86ACD6FDBF9034DDCB ft=0 fh=0000000000000000 vn="Win32/DownWare.L potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\AstroburnPro320-0197.exe.gz" sh=2BBED8F9A763E4DACB9F758532DA91B5D8904E05 ft=0 fh=0000000000000000 vn="a variant of Win32/CNETInstaller.B potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\cbsidlm-cbsi188-Wise_Folder_Hider-BP-75713475.exe.gz" sh=7B1308FF6DD32169FC92C88FD8F78C630A4E2A0C ft=0 fh=0000000000000000 vn="a variant of Win32/ELEX.P potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\FoxitReader611.1025_L10N_Setup.exe.gz" sh=B63AF664EDFFD95D8F55A6257401AA3930A014DE ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\LicenseCrawler - CHIP-Downloader.exe.gz" sh=0B4AB74986F0465AEE7CE11E6242BD7ADA71671F ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadGuide.A potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\soft32_CPU-Z_1.0.exe.gz" sh=B9DDA4720551B2ABBDC2C6E4DFDFCCA4A66E1598 ft=0 fh=0000000000000000 vn="Win32/DownloadAdmin.H potentially unwanted application" ac=I fn="M:\Backup\LwD\Downloads\Tools\Hotspot-Shield-649.exe.gz" sh=6D917CBC47269DADFA5912DA88BEDE6EAB22F7C5 ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="M:\Backup\LwE\Privat\Privat\Bewerbungsunterlagen\FAW\Privat\Downloads\Foxit Reader - CHIP-Downloader.exe.gz" sh=9B3ED3EF05FBE103AEA9FA4D3E2AA8289F14C0A2 ft=0 fh=0000000000000000 vn="a variant of Win32/SoftonicDownloader.F potentially unwanted application" ac=I fn="P:\BackUp_Laptop\LwE\Privat\Sicherung_FAW\*******P\Privat\SoftonicDownloader_fuer_keyfinder.exe.gz" sh=6D917CBC47269DADFA5912DA88BEDE6EAB22F7C5 ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadSponsor.A potentially unwanted application" ac=I fn="P:\BackUp_Laptop\LwE\Privat\Sicherung_FAW\Downloads\Foxit Reader - CHIP-Downloader.exe.gz" ESETSmartInstaller@High as downloader log: Can not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internetESETSmartInstaller@High as downloader log: Can not open internetCan not open internet Alle "Funde" sind Fehlalarme, denn die Dateien kenne ich und sind zum größten Teil für das Programm "TrainSimulator" und sind heruntergeladene und gepackte Fahrzeuge, Strecken. Einige Dateien sind aus anderen Programmen. Ich bedanke mich im Voraus für die Durchsicht meiner Logs. Viele Grüße Jeremiah |
07.10.2014, 19:13 | #2 |
/// the machine /// TB-Ausbilder | Windows 7: PriceSparrow gefunden hi,
__________________sind die FRST logs frisch nach all den Scans? Wenn nicht bitte neu scannen.
__________________ |
07.10.2014, 19:37 | #3 |
| Windows 7: PriceSparrow gefunden Der FRST-Log ist von gestern, heute habe ich nur den Antivirusscan gemacht, da ich diesen nicht gemacht hatte.
__________________Die FRST-Logs grade frisch rein: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01 Ran by Sicherungssoldat at 2014-10-07 20:29:39 Running from C:\Users\Soldat *****\Desktop\Sicherungen Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: 360 Internet Security (Enabled - Up to date) {2B66EE1E-E5C8-C2F7-648F-4E55AC68D37D} AS: 360 Internet Security (Enabled - Up to date) {90070FFA-C3F2-CD79-5E3F-7527D7EF99C0} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 360 Internet Security (HKLM-x32\...\360 Internet Security) (Version: 4.9.0.4900 - Qihu 360 Software Co., Ltd.) 4500_G510af_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510af (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510af_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden 4K Video Downloader 3.4 (HKLM-x32\...\4K Video Downloader_is1) (Version: 3.4.3.1485 - Open Media LLC) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden Adobe Flash Player 10 ActiveX (HKLM-x32\...\{922E8525-AC7E-4294-ACAA-43712D4423C0}) (Version: 10.0.22.87 - Adobe Systems, Inc.) Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM-x32\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.) AIDA64 Extreme v4.60 (HKLM-x32\...\AIDA64 Extreme_is1) (Version: 4.60 - FinalWire Ltd.) AMD Catalyst Install Manager (HKLM\...\{DD86C046-D5AB-954F-EBB7-592EB36BD196}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.) AMD Fuel (Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Baidu Spark Browser (HKLM-x32\...\Spark) (Version: 33.8 Preview - Baidu Inc.) BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden Catalyst Control Center (x32 Version: 2013.0322.413.5642 - Ihr Firmenname) Hidden Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5067 - CDBurnerXP) ClipGrab 3.4.7 (HKLM-x32\...\{8A1033B0-EF33-4FB5-97A1-C47A7DCDD7E6}_is1) (Version: - Philipp Schmieder Medien) CloudReading (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.0.27.1025 - Foxit Corporation) CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (x32 Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (x32 Version: 130.0.000.000 - Ihr Firmenname) Hidden DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.1.1025 - Foxit Corporation) Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.10.923 - DVDVideoSoft Ltd.) GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510a-f (HKLM\...\{C98517B6-DCE9-49B7-B19E-E384178D3986}) (Version: 13.0 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle) Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden Java(TM) 6 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416013FF}) (Version: 6.0.130 - Sun Microsystems, Inc.) Lexware Elster (HKLM-x32\...\{C8E00BC8-D619-4081-813A-6B5BCC846534}) (Version: 9.10.00.0041 - Lexware GmbH & Co. KG) Lexware financial office pro 2011 (HKLM-x32\...\{32273D9C-3867-4CDA-839F-B097B5C7AFA6}) (Version: 11.11.00.0122 - Haufe-Lexware GmbH & Co.KG) Lexware financial office pro 2011 (x32 Version: 11.00.00.0089 - ) Hidden Lexware Info Service (HKLM-x32\...\{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}) (Version: 2.70.00.0081 - Haufe-Lexware GmbH & Co.KG) Lexware professional Datenbank 2011 (HKLM-x32\...\{92A9A692-E26D-4CC1-B2D3-0674963241D8}) (Version: 11.00.00.0070 - Haufe-Lexware GmbH & Co.KG) LibreOffice 4.2.6.3 (HKLM-x32\...\{14DB1822-00B5-4820-86B5-EF893CA46B53}) (Version: 4.2.6.3 - The Document Foundation) Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft IntelliType Pro 8.2 (HKLM\...\Microsoft IntelliType Pro 8.2) (Version: 8.20.469.0 - Microsoft Corporation) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0 - Microsoft Corporation) Hidden Microsoft Mathematics (64-bit) (HKLM\...\{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}) (Version: 4.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft Silverlight 5 Toolkit December 2011 (HKLM-x32\...\{EC35EE8E-87D1-4E3E-B5CC-D8B1544615F5}) (Version: 5.0.51209.1124 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Train Simulator (HKLM-x32\...\Train Simulator 1.0) (Version: - ) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation) NVIDIA GeForce Experience 2.1.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.2 - NVIDIA Corporation) NVIDIA GeForce Experience Service (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.162.1274 - NVIDIA Corporation) Hidden NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden NVIDIA Network Service (Version: 2.0 - NVIDIA Corporation) Hidden NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation) NVIDIA ShadowPlay 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden NVIDIA Systemsteuerung 340.52 (Version: 340.52 - NVIDIA Corporation) Hidden NVIDIA Update 16.13.42 (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Update Core (Version: 16.13.42 - NVIDIA Corporation) Hidden NVIDIA Virtual Audio 1.2.25 (Version: 1.2.25 - NVIDIA Corporation) Hidden ÖBB Sommer 2014 (HKLM-x32\...\ÖBB Sommer 2014) (Version: - ) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Oracle VM VirtualBox 4.3.16 (HKLM\...\{D7FAEA32-7CE3-4D9F-9139-F7B87BCC50AF}) (Version: 4.3.16 - Oracle Corporation) PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Personal Backup 5.5 (HKLM\...\Personal Backup 5_is1) (Version: 5.3 - J. Rathlev) Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.67.1226.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6849 - Realtek Semiconductor Corp.) Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden Shark007 Standard Codecs (HKLM-x32\...\{898E81AD-6DB9-4750-866B-B8958C5DC7AA}) (Version: 1.9.1 - Shark007) SHIELD Streaming (Version: 3.1.200 - NVIDIA Corporation) Hidden SHIELD Wireless Controller Driver (Version: 16.13.42 - NVIDIA Corporation) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SmartWebPrinting (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden Status (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - ) TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer) Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (x32 Version: 130.0.376.000 - Hewlett-Packard) Hidden Trend Micro RUBotted 2.0 Beta (HKLM-x32\...\{54D4EAF5-4C80-4878-B4AC-5AE454A02E3C}_is1) (Version: 2.0.0.1034 - Trend Micro, Inc.) TuneUp Utilities 2012 (HKLM-x32\...\TuneUp Utilities 2012) (Version: 12.0.3010.8 - TuneUp Software) TuneUp Utilities 2012 (x32 Version: 12.0.3010.8 - TuneUp Software) Hidden TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3010.8 - TuneUp Software) Hidden VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes) WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.) Z-defragRAM (HKLM-x32\...\{0F9F096B-9EF0-43A2-91C8-4613835312F7}) (Version: 2.7 - IMU Andreas Baumann) Zusi 3.0.6 (Demo) (HKLM-x32\...\www.zusi.de/zusi3/demo_is1) (Version: 3 - Carsten Hölscher) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 05-10-2014 17:13:59 TuneUp Utilities 2012 wird installiert 05-10-2014 17:33:05 TuneUp Utilities 2012 wird entfernt 05-10-2014 17:33:28 TuneUp Utilities Language Pack (de-DE) wird entfernt 05-10-2014 17:36:11 TuneUp Utilities 2012 wird installiert 05-10-2014 17:58:27 Removed PriceSparrow 05-10-2014 20:22:11 TuneUp Utilities 2012 wird entfernt 05-10-2014 20:23:20 TuneUp Utilities Language Pack (de-DE) wird entfernt 07-10-2014 16:58:07 TuneUp Utilities 2012 wird installiert 07-10-2014 17:02:19 TuneUp Utilities Language Pack (de-DE) wird entfernt 07-10-2014 17:05:11 TuneUp Utilities 2012 wird installiert 07-10-2014 18:08:42 TuneUp Utilities 2012 wird entfernt 07-10-2014 18:09:26 TuneUp Utilities Language Pack (de-DE) wird entfernt 07-10-2014 18:14:02 TuneUp Utilities 2012 wird installiert ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {019A992C-ADEF-4375-A69C-0BF4A0011683} - System32\Tasks\Abelssoft\Updater scan => D:\Programme\CHIP Updater\CHIPUpdater.exe Task: {0CC42FDD-1A23-4B51-80E2-1275826F9FB6} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-08-10] (Microsoft Corporation) Task: {3BA01D17-B43E-4CA0-8E81-4EBB3A1165CD} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe Task: {4EB53C01-3007-43F9-AB5A-B967ECF90184} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-07-25] (Oracle Corporation) Task: {5EBE8C1D-A54B-4FC1-8409-598E1C2DB129} - System32\Tasks\Sun Microsystems-Online-Aktualisierungsprogramm => C:\Program Files\Java\jre6\bin\jusched.exe [2014-08-15] (Sun Microsystems, Inc.) Task: {7A1BD737-9848-4755-8CC5-F0A0432A21C5} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => D:\Programme\Microsoft Office\Office15\msoia.exe Task: {7AE7BC72-65C3-4239-B4C2-675035744D42} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => D:\Programme\Microsoft Office\Office15\msoia.exe Task: {A77BD2F7-F586-4A3A-AFC7-85AC5C4C7786} - System32\Tasks\Lexware-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [2010-09-15] (Haufe-Lexware GmbH & Co. KG) Task: {F07F1EB2-CDA5-42ED-8BFF-DFDB796B0EAF} - System32\Tasks\AdobeAAMUpdater-1.0-Airsoft-Sicherungssoldat => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\SparkUpdater.job => D:\Programme\baidu\Spark\sparkupdate.exe ==================== Loaded Modules (whitelisted) ============= 2014-08-14 23:22 - 2014-07-02 20:55 - 00116568 ____C () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-03-22 04:24 - 2013-03-22 04:24 - 00210944 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll 2012-09-23 13:53 - 2012-09-23 13:53 - 00748544 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll 2012-09-23 13:53 - 2012-09-23 13:53 - 03645952 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll 2014-08-16 00:05 - 2014-08-16 00:05 - 00075064 ____C () C:\Windows\SysWOW64\PnkBstrA.exe ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-3175981096-3180708583-1335833889-500 - Administrator - Disabled) Gast (S-1-5-21-3175981096-3180708583-1335833889-501 - Limited - Disabled) Sicherungssoldat (S-1-5-21-3175981096-3180708583-1335833889-1000 - Administrator - Enabled) => C:\Users\Sicherungssoldat Soldat ***** (S-1-5-21-3175981096-3180708583-1335833889-1002 - Limited - Enabled) => C:\Users\Soldat ***** ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (10/07/2014 08:19:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (10/07/2014 08:15:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2014-10-14T17:54:11Z. Fehlercode: 0x80070032. Error: (10/07/2014 08:00:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: Fehler beim Planen des Softwareschutzdiensts für den erneuten Start bei 2014-10-14T17:54:13Z. Fehlercode: 0x80070032. Error: (10/07/2014 07:48:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 - Update "TuneUp Utilities 12.0.3600.193" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 - Update "TuneUp Utilities 12.0.3600.129" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 - Update "TuneUp Utilities 12.0.3600.77" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 - Update "TuneUp Utilities 12.0.3500.16" konnte nicht installiert werden. Fehlercode 1603. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127 Error: (10/07/2014 07:44:30 PM) (Source: MsiInstaller) (EventID: 11328) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 -- Fehler 1328. Fehler beim Anwenden eines Patches auf die Datei D:\Config.Msi\PTF4A9.tmp. Die Datei wurde wahrscheinlich bereits anderweitig aktualisiert und kann durch diesen Patch nicht modifiziert werden. Wenden Sie sich an den Hersteller des Patches, um weitere Informationen zu erhalten. Systemfehler: -1072807676 Error: (10/07/2014 07:44:30 PM) (Source: MsiInstaller) (EventID: 11328) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 -- Fehler 1328. Fehler beim Anwenden eines Patches auf die Datei D:\Config.Msi\PTF4A9.tmp. Die Datei wurde wahrscheinlich bereits anderweitig aktualisiert und kann durch diesen Patch nicht modifiziert werden. Wenden Sie sich an den Hersteller des Patches, um weitere Informationen zu erhalten. Systemfehler: -1072807676 System errors: ============= Error: (10/07/2014 07:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "TuneUp Utilities Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%3 Error: (10/07/2014 07:41:33 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 3TuneUp.UtilitiesSvc{5EF1CF5D-87A9-434B-8786-2A08E1C30F6C} Error: (10/07/2014 07:02:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/07/2014 07:02:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht. Error: (10/07/2014 07:01:55 AM) (Source: EventLog) (EventID: 6008) (User: ) Description: Das System wurde zuvor am 07.10.2014 um 00:41:09 unerwartet heruntergefahren. Error: (10/05/2014 09:59:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "CyberGhost 5 Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (10/05/2014 09:59:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst CyberGhost 5 Client Service erreicht. Error: (10/05/2014 09:52:23 PM) (Source: DCOM) (EventID: 10010) (User: ) Description: {3EEF301F-B596-4C0B-BD92-013BEAFCE793} Microsoft Office Sessions: ========================= Error: (10/07/2014 08:19:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Soldat *****\Desktop\Sicherungen\esetsmartinstaller_enu.exe Error: (10/07/2014 08:15:11 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x800700322014-10-14T17:54:11Z Error: (10/07/2014 08:00:13 PM) (Source: Software Protection Platform Service) (EventID: 16385) (User: ) Description: 0x800700322014-10-14T17:54:13Z Error: (10/07/2014 07:48:45 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: TuneUp Utilities 2012TuneUp Utilities 12.0.3600.1931603(NULL)(NULL)(NULL) Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: TuneUp Utilities 2012TuneUp Utilities 12.0.3600.1291603(NULL)(NULL)(NULL) Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: TuneUp Utilities 2012TuneUp Utilities 12.0.3600.771603(NULL)(NULL)(NULL) Error: (10/07/2014 07:44:33 PM) (Source: MsiInstaller) (EventID: 1024) (User: Airsoft) Description: TuneUp Utilities 2012TuneUp Utilities 12.0.3500.161603(NULL)(NULL)(NULL) Error: (10/07/2014 07:44:30 PM) (Source: MsiInstaller) (EventID: 11328) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 -- Fehler 1328. Fehler beim Anwenden eines Patches auf die Datei D:\Config.Msi\PTF4A9.tmp. Die Datei wurde wahrscheinlich bereits anderweitig aktualisiert und kann durch diesen Patch nicht modifiziert werden. Wenden Sie sich an den Hersteller des Patches, um weitere Informationen zu erhalten. Systemfehler: -1072807676(NULL)(NULL)(NULL)(NULL)(NULL) Error: (10/07/2014 07:44:30 PM) (Source: MsiInstaller) (EventID: 11328) (User: Airsoft) Description: Produkt: TuneUp Utilities 2012 -- Fehler 1328. Fehler beim Anwenden eines Patches auf die Datei D:\Config.Msi\PTF4A9.tmp. Die Datei wurde wahrscheinlich bereits anderweitig aktualisiert und kann durch diesen Patch nicht modifiziert werden. Wenden Sie sich an den Hersteller des Patches, um weitere Informationen zu erhalten. Systemfehler: -1072807676(NULL)(NULL)(NULL)(NULL)(NULL) CodeIntegrity Errors: =================================== Date: 2014-08-14 22:18:53.770 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:53.739 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\NTGLM7X.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:51.680 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2014-08-14 22:18:51.649 Description: Windows konnte die Abbildintegrität der Datei "\Device\CdRom0\Install\GMSIPCI.SYS" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: AMD A6-6400K APU with Radeon(tm) HD Graphics Percentage of memory in use: 51% Total physical RAM: 4044.37 MB Available physical RAM: 1954.58 MB Total Pagefile: 10108.55 MB Available Pagefile: 7487 MB Total Virtual: 8192 MB Available Virtual: 8191.85 MB ==================== Drives ================================ Drive c: (Windows) (Fixed) (Total:99.9 GB) (Free:47.21 GB) NTFS Drive d: (Programme) (Fixed) (Total:100 GB) (Free:60.77 GB) NTFS Drive e: (Privat) (Fixed) (Total:100 GB) (Free:71.42 GB) NTFS Drive f: (Bilder) (Fixed) (Total:100 GB) (Free:79.35 GB) NTFS Drive g: (Eisenbahnsim) (Fixed) (Total:65.76 GB) (Free:55.68 GB) NTFS Drive h: (Train Simulator) (Fixed) (Total:863.15 GB) (Free:741.01 GB) NTFS Drive i: (TuneUp Utilities) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS Drive j: (Windows 8.1) (Fixed) (Total:68.36 GB) (Free:37.77 GB) NTFS Drive k: (MSTS-Eingänge) (Fixed) (Total:600 GB) (Free:263.24 GB) NTFS Drive l: (Video) (Fixed) (Total:600 GB) (Free:89.83 GB) NTFS Drive m: (BackUp) (Fixed) (Total:197.26 GB) (Free:115.49 GB) NTFS Drive n: (Airsoft_Steppenwolf) (Fixed) (Total:465.76 GB) (Free:79.93 GB) NTFS Drive p: (MSTS-BackUp) (Fixed) (Total:232.88 GB) (Free:218.52 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 01FB6B10) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=99.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=100 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=265.8 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 00000001) Partition 1: (Not Active) - (Size=863.2 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=68.4 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1397.3 GB) (Disk ID: 0003B4F9) Partition 1: (Not Active) - (Size=600 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=600 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=197.3 GB) - (Type=07 NTFS) ======================================================== Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: BEF6F73E) Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 4 (Size: 232.9 GB) (Disk ID: 36B69625) Partition 1: (Not Active) - (Size=232.9 GB) - (Type=07 NTFS) ==================== End Of Log ============================ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01 Ran by Sicherungssoldat (administrator) on AIRSOFT on 07-10-2014 20:29:10 Running from C:\Users\Soldat *****\Desktop\Sicherungen Loaded Profiles: Sicherungssoldat & Soldat ***** (Available profiles: Sicherungssoldat & Soldat *****) Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rps.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (iAnywhere Solutions, Inc.) C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe (Baidu Inc.) D:\Programme\baidu\Spark\sparkservice.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe (Malwarebytes Corporation) D:\Programme\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Elaborate Bytes AG) D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Trend Micro Inc.) C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe (Dr. J. Rathlev, D-24222 Schwentinental) C:\Program Files\Personal Backup 5\Persbackup.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360sd.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\safemon\360Tray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Opera Software) D:\Programme\Opera12.16\opera.exe (TuneUp Software) D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp64.exe (Qihu 360 Software Co., Ltd.) C:\Program Files\360\360 Internet Security\360rp.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7018568 2013-02-22] (Realtek Semiconductor) HKLM\...\Run: [360sd] => C:\Program Files\360\360 Internet Security\360sdrun.exe [287560 2014-04-16] (Qihu 360 Software Co., Ltd.) HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2460488 2014-09-17] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1873256 2011-08-10] (Microsoft Corporation) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-22] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated) HKLM-x32\...\Run: [VirtualCloneDrive] => D:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Trend Micro RUBotted V2.0 Beta] => C:\Program Files (x86)\Trend Micro\RUBotted\RUBottedGUI.exe [1102872 2013-07-25] (Trend Micro Inc.) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe [54072 2014-05-12] (Malwarebytes Corporation) HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.EXE [404080 2014-06-12] (CyberGhost S.R.L.) HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\Policies\Explorer: [NoInternetOpenWith] 1 HKU\S-1-5-21-3175981096-3180708583-1335833889-1000\...\MountPoints2: {e473a940-23ed-11e4-b718-806e6f6e6963} - A:\DVDSetup.exe HKU\S-1-5-21-3175981096-3180708583-1335833889-1002\...\MountPoints2: {d575754e-23f2-11e4-8793-806e6f6e6963} - I:\Setup.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> D:\Programme\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) Startup: C:\Users\Soldat *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Persbackup.lnk ShortcutTarget: Persbackup.lnk -> C:\Program Files\Personal Backup 5\Persbackup.exe (Dr. J. Rathlev, D-24222 Schwentinental) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: SafeMon Class -> {B69F34DD-F0F9-42DC-9EDD-957187DA688D} -> C:\Program Files\360\360 Internet Security\safemon\safemon64.dll (Qihu 360 Software Co., Ltd.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\Sicherungssoldat\AppData\Roaming\Mozilla\Firefox\Profiles\hcaew0xx.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin: adobe.com/AdobeExManDetect -> D:\Programme\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Programme\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin-x32: adobe.com/AdobeExManDetect -> D:\Programme\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-08-16] FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 360rp; C:\Program Files\360\360 Internet Security\360rps.exe [310352 2014-04-16] (Qihu 360 Software Co., Ltd.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-22] (Advanced Micro Devices, Inc.) [File not signed] R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-06-12] (CyberGhost S.R.L) R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-09-17] (NVIDIA Corporation) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed] R2 Lexware_Professional_Datenbank; C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.) R2 MBAMScheduler; D:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; D:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-09-17] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-09-17] (NVIDIA Corporation) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2014-08-16] () S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.) R2 RUBotSrv; C:\Program Files (x86)\Trend Micro\RUBotted\RUBotSrv.exe [443416 2013-07-25] (Trend Micro Inc.) S3 scan; C:\Program Files\360\360 Internet Security\scan.dll [423144 2013-02-20] (S.C. BitDefender S.R.L) R2 SparkSvc; D:\Programme\baidu\Spark\sparkservice.exe [80576 2014-08-04] (Baidu Inc.) S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] R2 TuneUp.UtilitiesSvc; D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2143552 2012-02-09] (TuneUp Software) R2 ZhuDongFangYu; C:\Program Files\360\360 Internet Security\deepscan\QHActiveDefense.exe [236360 2014-04-23] (Qihu 360 Software Co., Ltd.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [97872 2014-04-21] (Qihu 360 Software Co., Ltd.) R3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [67664 2014-04-23] (Qihu 360 Software Co., Ltd.) R1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305744 2014-04-29] (Qihu 360 Software Co., Ltd.) S3 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [41552 2014-04-29] (Qihu 360 Software Co., Ltd.) R1 360fsflt; C:\Windows\System32\DRIVERS\360FsFlt.sys [304208 2014-05-07] (Qihu 360 Software Co., Ltd.) R1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2014-04-18] (Qihu 360 Software Co., Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-10-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.) R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-09-17] (NVIDIA Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-09-04] (NVIDIA Corporation) R3 TuneUpUtilitiesDrv; D:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2012-02-09] (TuneUp Software) R2 WiseFS; D:\Programme\Wise\WiseFs64.sys [10280 2014-03-14] () S3 GMSIPCI; \??\G:\INSTALL\GMSIPCI.SYS [X] S3 MSICDSetup; \??\G:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\G:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 20:17 - 2014-10-07 20:17 - 00001015 ____C () C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk 2014-10-07 20:17 - 2014-10-07 20:17 - 00001015 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk 2014-10-07 20:17 - 2014-10-07 20:17 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012 2014-10-07 20:17 - 2012-02-09 17:44 - 00034624 ____C (TuneUp Software) C:\Windows\system32\TURegOpt.exe 2014-10-07 20:17 - 2012-02-09 17:44 - 00025920 ____C (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-10-07 20:17 - 2012-02-09 17:44 - 00021312 ____C (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 01257472 ____C (Lexware GmbH & Co. KG) C:\Windows\SysWOW64\LXTool70NSVC8.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 01245184 ____C (Lexware GmbH & Co. KG) C:\Windows\SysWOW64\LXTool70VC8.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 01196032 ____C (Lexware GmbH & Co. KG) C:\Windows\SysWOW64\LxTool65VC8.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 01138688 ____C (Lexware GmbH & Co. KG) C:\Windows\SysWOW64\LXtool60NSVC8.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 01130496 ____C (Lexware GmbH & Co. KG) C:\Windows\SysWOW64\LxTool60VC8.dll 2014-10-07 19:16 - 2014-10-07 19:16 - 00552960 ____C (Lexware GmbH & Co KG) C:\Windows\SysWOW64\zvkonline65VC8.dll 2014-10-07 07:01 - 2014-10-07 19:47 - 00000336 ____C () C:\Windows\setupact.log 2014-10-07 07:01 - 2014-10-07 19:46 - 00009560 ____C () C:\Windows\PFRO.log 2014-10-07 07:01 - 2014-10-07 07:01 - 00000000 ____C () C:\Windows\setuperr.log 2014-10-06 21:55 - 2014-10-07 20:29 - 00000000 ___DC () C:\FRST 2014-10-06 21:52 - 2014-10-06 21:52 - 00000000 ____C () C:\Users\Sicherungssoldat\defogger_reenable 2014-10-06 21:50 - 2014-10-07 20:29 - 00000000 ___DC () C:\Users\Soldat *****\Desktop\Sicherungen 2014-10-06 21:44 - 2014-10-06 21:52 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\360safe 2014-10-06 21:44 - 2014-10-06 21:44 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\360SD 2014-10-05 22:09 - 2014-10-05 22:09 - 00000000 ___DC () C:\Program Files (x86)\ESET 2014-10-05 22:07 - 2014-10-05 22:07 - 00001862 ____C () C:\sc-cleaner.txt 2014-10-05 21:05 - 2014-10-05 21:05 - 00000000 ___DC () C:\Windows\ERUNT 2014-10-05 20:59 - 2014-10-05 20:59 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\Baidu 2014-10-05 20:59 - 2014-10-05 20:59 - 00000000 ___DC () C:\Users\Public\Documents\Baidu 2014-10-05 20:00 - 2014-10-05 20:00 - 00122584 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-10-05 20:00 - 2014-10-05 20:00 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-10-05 20:00 - 2014-10-05 20:00 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-10-05 20:00 - 2014-05-12 07:26 - 00091352 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-10-05 20:00 - 2014-05-12 07:26 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-10-05 20:00 - 2014-05-12 07:25 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-10-04 22:26 - 2014-10-04 22:26 - 00000329 ____C () C:\Users\Sicherungssoldat\Desktop\HP Druckerdiagnosetools.url 2014-10-04 22:11 - 2014-10-04 22:23 - 00000000 ____C () C:\Users\Soldat *****\AppData\Roaming\FileOut.cns 2014-10-04 22:11 - 2014-10-04 22:23 - 00000000 ____C () C:\Users\Soldat *****\AppData\Roaming\FileIn.cns 2014-10-03 16:59 - 2014-10-03 16:59 - 00000724 ____C () C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk 2014-10-03 16:59 - 2014-10-03 16:59 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox 2014-10-03 16:59 - 2014-09-09 17:29 - 00910920 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys 2014-10-03 16:59 - 2014-09-09 17:27 - 00129168 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys 2014-10-02 19:51 - 2014-10-02 19:51 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\Adobe 2014-10-02 10:40 - 2014-10-02 10:40 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\Canneverbe Limited 2014-10-02 10:40 - 2014-10-02 10:40 - 00000000 ___DC () C:\ProgramData\Canneverbe Limited 2014-10-02 10:39 - 2014-10-02 10:39 - 00000805 ____C () C:\Users\Public\Desktop\CDBurnerXP.lnk 2014-10-02 10:39 - 2014-10-02 10:39 - 00000743 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk 2014-10-02 10:39 - 2014-10-02 10:39 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\Canneverbe Limited 2014-10-02 00:36 - 2014-10-07 07:01 - 00000000 RSHDC () C:\360SANDBOX 2014-10-01 20:17 - 2014-10-01 20:25 - 00000000 ___DC () C:\Users\Sicherungssoldat\VirtualBox VMs 2014-10-01 19:58 - 2014-10-05 17:26 - 00000000 ___DC () C:\Users\Soldat *****\VirtualBox VMs 2014-10-01 18:35 - 2014-10-01 18:35 - 00000000 ___DC () C:\Users\Public\Documents\sun 2014-10-01 08:47 - 2014-10-01 11:25 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-10-01 08:47 - 2014-10-01 11:25 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-09-30 21:18 - 2014-09-30 21:18 - 00001183 ____C () C:\Users\Public\Desktop\LibreOffice 4.2.lnk 2014-09-30 21:18 - 2014-09-30 21:18 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.2 2014-09-30 20:33 - 2014-09-30 20:36 - 220827648 ____C () C:\Users\Soldat *****\Downloads\LibreOffice_4.2.6-secfix_Win_x86.msi 2014-09-28 14:16 - 2014-09-28 16:28 - 00000709 ____C () C:\Users\Soldat *****\Desktop\Kommentar zu FB.txt 2014-09-28 02:07 - 2014-09-28 02:07 - 00001250 ____C () C:\Users\Public\Desktop\DVDVideoSoft Free Studio.lnk 2014-09-28 02:07 - 2014-09-28 02:07 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft 2014-09-28 01:58 - 2014-09-28 02:10 - 00000000 ___DC () C:\Users\Soldat *****\Documents\DVDVideoSoft 2014-09-28 01:58 - 2014-09-28 02:10 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\DVDVideoSoft 2014-09-25 12:14 - 2014-09-25 12:14 - 00000478 ____C () C:\Users\Sicherungssoldat\Documents\OEBBPN.CFG 2014-09-25 11:59 - 2014-09-25 11:59 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\HaCon 2014-09-25 11:57 - 2014-09-25 11:59 - 00000432 ____C () C:\Users\Soldat *****\Documents\OEBBPN.CFG 2014-09-25 11:57 - 2014-09-25 11:57 - 00000674 ____C () C:\Users\Soldat *****\Desktop\ÖBB Sommer 2014.lnk 2014-09-25 11:57 - 2014-09-25 11:57 - 00000674 ____C () C:\Users\Sicherungssoldat\Desktop\ÖBB Sommer 2014.lnk 2014-09-25 11:57 - 2014-09-25 11:57 - 00000021 ____C () C:\Windows\progman.ini 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\HaCon 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\HaCon 2014-09-25 11:57 - 2014-09-25 11:57 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ÖBB 2014-09-25 11:55 - 2014-09-25 11:57 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\HaCon 2014-09-25 11:55 - 2014-09-25 11:57 - 00000000 ___DC () C:\ProgramData\HaCon 2014-09-25 11:48 - 2014-09-25 11:48 - 00001058 ____C () C:\Users\Soldat *****\Desktop\WinHTTrack.lnk 2014-09-24 10:19 - 2014-09-25 00:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-09-24 10:19 - 2014-09-25 00:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-09-23 08:31 - 2014-09-23 08:31 - 00000970 ____C () C:\Users\Soldat *****\Desktop\Steam.lnk 2014-09-22 17:29 - 2014-09-30 20:31 - 00000416 ____C () C:\Windows\Tasks\SparkUpdater.job 2014-09-22 17:29 - 2014-09-22 17:29 - 00000925 ____C () C:\Users\Public\Desktop\Baidu Spark Browser.lnk 2014-09-22 17:29 - 2014-09-22 17:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Spark Browser 2014-09-20 22:38 - 2014-09-20 22:41 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\Deployment 2014-09-20 22:38 - 2014-09-20 22:38 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\Apps\2.0 2014-09-19 11:52 - 2014-09-04 21:14 - 00038048 ____C (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2014-09-19 11:52 - 2014-09-04 21:14 - 00032416 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2014-09-19 00:05 - 2014-10-05 10:28 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\TeamViewer 2014-09-18 15:20 - 2014-09-18 15:20 - 00001312 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2014-09-18 15:20 - 2014-09-18 15:20 - 00000000 ___DC () C:\Windows\de 2014-09-18 15:05 - 2014-09-18 18:08 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\Windows Live 2014-09-18 15:04 - 2014-09-18 15:19 - 00001381 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2014-09-18 15:03 - 2014-09-18 15:18 - 00000000 ___DC () C:\Program Files (x86)\Windows Live 2014-09-18 15:03 - 2014-09-18 15:03 - 00000000 ___DC () C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2014-09-18 15:01 - 2010-06-02 04:55 - 00527192 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00518488 ____C (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00077656 ____C (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll 2014-09-18 15:01 - 2010-06-02 04:55 - 00074072 ____C (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll 2014-09-18 15:01 - 2010-05-26 11:41 - 02526056 ____C (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll 2014-09-18 15:00 - 2009-09-04 17:29 - 00523088 ____C (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll 2014-09-18 15:00 - 2009-09-04 17:29 - 00453456 ____C (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll 2014-09-18 14:57 - 2014-09-18 14:57 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\Windows Live 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trend Micro RUBotted 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\Program Files (x86)\WinPcap 2014-09-17 22:44 - 2014-09-17 22:44 - 00000000 ___DC () C:\Program Files (x86)\Trend Micro 2014-09-17 22:43 - 2014-09-17 22:43 - 06229392 ____C (Trend Micro, Inc. ) C:\Users\Soldat *****\Downloads\RUBottedSetup.exe 2014-09-15 17:29 - 2014-09-15 17:29 - 00000743 ____C () C:\Users\Sicherungssoldat\Desktop\Z-defrag.lnk 2014-09-15 17:29 - 2014-09-15 17:29 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Z-defragRAM 2014-09-15 16:27 - 2014-07-24 13:01 - 00028672 ____C () C:\Users\Soldat *****\Desktop\memtest.exe 2014-09-13 15:08 - 2014-09-13 15:08 - 00000848 ____C () C:\Users\Soldat *****\Desktop\BAHN 4.00 BETA 3.lnk 2014-09-13 15:08 - 2014-09-13 15:08 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BAHN 4.00 2014-09-11 17:22 - 2014-09-11 17:22 - 00000000 ___DC () C:\Users\Soldat *****\Documents\Adobe 2014-09-11 03:09 - 2014-09-11 03:10 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-09-11 03:09 - 2014-09-11 03:10 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 03:09 - 2014-09-11 03:10 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 03:09 - 2014-09-11 03:10 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-09-11 03:09 - 2014-09-11 03:10 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-09-11 03:09 - 2014-09-11 03:10 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-09-11 03:09 - 2014-09-11 03:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-09-11 03:01 - 2014-09-11 03:01 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-09-11 03:01 - 2014-09-11 03:01 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-09-11 01:57 - 2014-09-11 03:14 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-09-11 01:57 - 2014-09-11 03:14 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-09-11 01:56 - 2014-09-11 03:08 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-09-11 01:56 - 2014-09-11 03:08 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-09-11 01:56 - 2014-09-11 03:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-09-11 01:05 - 2014-09-29 21:09 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\.minecraft 2014-09-09 17:27 - 2014-09-09 17:27 - 00157448 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetFlt.sys 2014-09-09 17:27 - 2014-09-09 17:27 - 00142528 ____C (Oracle Corporation) C:\Windows\system32\Drivers\VBoxNetAdp.sys 2014-09-09 17:26 - 2014-09-09 17:26 - 00205352 ____C (Oracle Corporation) C:\Windows\system32\VBoxNetFltNobj.dll 2014-09-09 02:42 - 2014-09-09 02:42 - 00001433 ____C () C:\Users\Soldat *****\Desktop\Zusi3 - DEMO.lnk 2014-09-08 22:06 - 2014-09-11 12:50 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zusi 3-Demo 2014-09-08 22:05 - 2014-09-11 12:50 - 00000000 ___DC () C:\Program Files (x86)\Zusi3Demo 2014-09-08 22:05 - 2014-09-08 22:06 - 00000000 ___DC () C:\Users\Public\Documents\Zusi3Demo 2014-09-08 01:22 - 2014-09-08 01:23 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight 5 Toolkit December 2011 2014-09-08 01:22 - 2014-09-08 01:22 - 00000000 ___DC () C:\Program Files (x86)\Microsoft Visual Studio 10.0 2014-09-08 01:22 - 2014-09-08 01:22 - 00000000 ___DC () C:\Program Files (x86)\Microsoft SDKs 2014-09-07 23:57 - 2014-09-07 23:57 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\Sirrix AG 2014-09-07 23:54 - 2014-09-08 23:04 - 00000000 ___DC () C:\ProgramData\Sirrix AG 2014-09-07 12:17 - 2014-09-07 12:17 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Personal Backup 2014-09-07 12:17 - 2014-09-07 12:17 - 00000000 ___DC () C:\Program Files\Personal Backup 5 2014-09-07 12:16 - 2014-09-07 12:39 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\PersBackup5 2014-09-07 12:16 - 2014-09-07 12:16 - 00000000 ___DC () C:\Users\Soldat *****\Documents\PersBackup ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-10-07 19:51 - 2014-08-14 22:05 - 01427775 ____C () C:\Windows\WindowsUpdate.log 2014-10-07 19:47 - 2014-08-14 23:23 - 00000000 ___DC () C:\ProgramData\NVIDIA 2014-10-07 19:45 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-10-07 19:45 - 2009-07-14 06:45 - 00022928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-10-07 18:31 - 2014-08-17 22:10 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\vlc 2014-10-07 12:12 - 2014-08-14 22:52 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\360safe 2014-10-06 21:52 - 2014-08-14 22:10 - 00000000 ___DC () C:\Users\Sicherungssoldat 2014-10-06 21:44 - 2014-08-14 22:52 - 00000000 ___DC () C:\ProgramData\360SD 2014-10-05 22:28 - 2014-08-20 18:42 - 00000000 ___DC () C:\Windows\Minidump 2014-10-05 20:18 - 2014-08-16 15:50 - 00000000 ___DC () C:\Users\Sicherungssoldat\Desktop\sonstige Bilder 2014-10-05 20:01 - 2014-08-16 15:10 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\TuneUp Software 2014-10-05 19:47 - 2014-08-15 22:10 - 00000000 ___DC () C:\Windows\system32\appmgmt 2014-10-05 19:32 - 2014-08-16 16:59 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\MediaMonkey 2014-10-05 19:17 - 2014-08-15 22:48 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\TuneUp Software 2014-10-05 19:17 - 2014-08-15 22:47 - 00000000 ___DC () C:\ProgramData\TuneUp Software 2014-10-05 18:57 - 2014-08-15 22:47 - 00000000 _SHDC () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C} 2014-10-05 18:53 - 2014-08-16 02:28 - 00000000 ___DC () C:\Program Files (x86)\Yahoo! 2014-10-05 18:32 - 2014-08-16 23:36 - 00000000 ___DC () C:\Users\Soldat *****\.VirtualBox 2014-10-05 01:05 - 2014-08-16 17:36 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\streamWriter 2014-10-04 22:26 - 2014-08-23 17:30 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\HpUpdate 2014-10-03 17:03 - 2014-08-16 01:22 - 00000000 ___DC () C:\Users\Sicherungssoldat\.VirtualBox 2014-10-02 19:51 - 2014-08-14 23:22 - 00220488 ____C () C:\Users\Sicherungssoldat\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-02 10:40 - 2014-08-27 00:33 - 00220488 ____C () C:\Users\Soldat *****\AppData\Local\GDIPFONTCACHEV1.DAT 2014-10-02 09:42 - 2014-08-14 22:10 - 00000000 _SHDC () C:\Recovery 2014-10-01 19:58 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat ***** 2014-10-01 08:39 - 2009-07-14 06:45 - 05459024 ____C () C:\Windows\system32\FNTCACHE.DAT 2014-09-28 02:07 - 2014-08-15 22:46 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Roaming\DVDVideoSoft 2014-09-22 20:39 - 2014-08-16 15:11 - 00000000 ___DC () C:\Users\Soldat *****\Desktop\sonstige Bilder 2014-09-22 16:44 - 2014-08-23 22:29 - 00000866 ____C () C:\Users\Sicherungssoldat\Desktop\4K Video Downloader.lnk 2014-09-22 16:44 - 2014-08-23 22:29 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download 2014-09-19 11:57 - 2014-08-14 23:24 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\NVIDIA Corporation 2014-09-19 11:57 - 2014-08-14 23:24 - 00000000 ___DC () C:\Users\Sicherungssoldat\AppData\Local\NVIDIA 2014-09-19 11:56 - 2014-08-14 23:05 - 00000000 ___DC () C:\Program Files\NVIDIA Corporation 2014-09-18 22:04 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Roaming\Adobe 2014-09-18 15:02 - 2009-07-14 05:20 - 00000000 ___DC () C:\Program Files\Common Files\Microsoft Shared 2014-09-17 04:13 - 2014-08-14 23:24 - 02193560 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll 2014-09-17 04:13 - 2014-08-14 23:24 - 01291280 ____C (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll 2014-09-17 04:12 - 2014-08-14 23:24 - 02799784 ____C (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll 2014-09-17 04:12 - 2014-08-14 23:24 - 01715224 ____C (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll 2014-09-16 15:59 - 2011-04-12 09:43 - 00699416 ____C () C:\Windows\system32\perfh007.dat 2014-09-16 15:59 - 2011-04-12 09:43 - 00149556 ____C () C:\Windows\system32\perfc007.dat 2014-09-16 15:59 - 2009-07-14 07:13 - 01620612 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-09-16 08:06 - 2014-08-16 15:11 - 00000848 ____C () C:\Users\Soldat *****\Desktop\BAHN 3.88 R1.lnk 2014-09-15 16:51 - 2014-08-15 00:00 - 00001109 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk 2014-09-15 16:51 - 2014-08-15 00:00 - 00001097 ____C () C:\Users\Public\Desktop\TeamViewer 9.lnk 2014-09-15 16:22 - 2014-08-15 22:40 - 00000730 ____C () C:\Users\Public\Desktop\CPUID CPU-Z.lnk 2014-09-15 09:06 - 2010-11-21 05:27 - 00278152 ____C (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-09-13 19:43 - 2014-08-16 15:47 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\Mozilla 2014-09-11 18:08 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\Adobe 2014-09-11 11:20 - 2014-08-17 15:14 - 00701104 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-09-11 11:20 - 2014-08-17 15:14 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-09-11 11:20 - 2014-08-17 15:14 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-11 03:07 - 2014-08-14 23:11 - 01593956 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-09-11 03:06 - 2014-08-15 12:20 - 00000000 ___DC () C:\Windows\system32\MRT 2014-09-11 03:02 - 2014-08-15 12:19 - 101694776 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-09-11 03:01 - 2014-08-15 02:31 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-09-09 02:00 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\NVIDIA 2014-09-09 01:59 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\NVIDIA Corporation 2014-09-07 13:41 - 2014-08-16 15:05 - 00000000 ___DC () C:\Users\Soldat *****\AppData\Local\VirtualStore Some content of TEMP: ==================== C:\Users\Sicherungssoldat\AppData\Local\Temp\Quarantine.exe C:\Users\Soldat *****\AppData\Local\Temp\Foxit Reader Updater.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-14 22:02 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- |
08.10.2014, 12:53 | #4 |
/// the machine /// TB-Ausbilder | Windows 7: PriceSparrow gefunden Sieht gut aus. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
08.10.2014, 13:36 | #5 |
| Windows 7: PriceSparrow gefunden Hallo Schrauber, nein, keine weiteren Probleme. Wollte nur sichergehen, dass nichts von diesem Dreck zurückgeblieben ist. Gruß Jeremiah |
09.10.2014, 10:16 | #6 |
/// the machine /// TB-Ausbilder | Windows 7: PriceSparrow gefunden Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 7: PriceSparrow gefunden |
09.10.2014, 10:37 | #7 |
| Windows 7: PriceSparrow gefunden Hallo Schrauber, Danke für die Tipps. Alles in Ordnung bei mir. Viele Grüße Jeremiah |
09.10.2014, 19:59 | #8 |
/// the machine /// TB-Ausbilder | Windows 7: PriceSparrow gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
Themen zu Windows 7: PriceSparrow gefunden |
abelssoft, adware, browser, cpu-z, defender, desktop, dvdvideosoft ltd., error, explorer, fehler, firefox, flash player, help, internet, internet explorer, launch, mozilla, officejet, photoshop, programm, rootkit, rundll, scan, security, server, services.exe, software, spark, temp, virtualbox, vista, win32/downloadadmin.h, windows |