|
Plagegeister aller Art und deren Bekämpfung: Internet: Seitenladefehler und Objekte werden nicht komplett geladenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.11.2014, 12:23 | #1 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Hallo liebes Trojaner- Board Team! Ich habe mich hier registriert weil ich vor einem Problem ( und mir auch nicht ganz 100%ig sicher bin ob es ein virus ist ) stehe und erhoffe mir hiermit eure Hilfe. Am Anfang diesen Monats kam ich von der Arbeit heim und mir ist aufgefallen, dass wenn ich Seiten lade, die mehr oder weniger funktionieren, nicht komplett geladen wurden sprich: Manche Bilder wurden nicht geladen, Videos - Objekte eben. Desweiteren bekam ich Seiteladefehler bei anderen Seiten. Das Problem lässt sich also grob folgendermaßen beschreiben: Seiteladefehler entstehen und bei funktionierenden Seiten werden manche Objekte nicht richtig geladen, allerdings geschieht dies in einem bestimmten Zeitintervall: Bekomm ich bei facebook z.B. einen Ladefehler, funktioniert die Seite nach ca. 10 Minuten wieder, dafür funktionieren wiederrum andere Seiten nicht mehr usw. Ich kam auf die Theorie, dass dies ein Virus sei, weil ich bei meinen Avira Scan Viren entdeckte, die zu dem Benutzer meines Bruders am PC zurückzuführen sind. Dieser installierte z.B. die Ask Toolbar und anderes dummes Zeug, die als Viren erkannt wurden. Natürlich habe ich erstmals das Internet nach einer Lösung durchgestöbert um herauszufinden, woran das Problem denn liegt. Es könnte laut diverser Quellen natürlich auch ein DNS- Problem sein, aber nach deren Verbesserungsvorschläge hatte sich mein Problem nicht wirklich gelöst. Dann bin ich zu euch gekommen, habe ein Thread gefunden mit einem ähnlichen Problem: http://www.trojaner-board.de/143845-...-probleme.html Ich bin sozusagen die Anleitung des Threads gefolgt und wurde auch mehrere Male Fündig, aber am Ende hatte sich mein Problem nicht gebessert. Nun habe ich meinen inneren Schweinehund überwunden und poste hier selbst und hoffe, dass ihr mir Helfen könnt. SYSTEM: Betriebssystem: Windows 7 Home Premium SP 1 Systemtyp: 64 Bit Prozessor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2,50GHz 2,50 GHz RAM: 4 GB Browser: Mozilla Firefox Antiviren/Malewareprogramme: Avira, Ad- Aware Antivirus (seit dem Problem nachinstalliert), Malewarebytes Anti Maleware (Premium) |
22.11.2014, 13:41 | #2 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
22.11.2014, 14:19 | #3 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen FRST
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 Ran by Stephan (administrator) on PC-STEPHAN on 22-11-2014 13:48:16 Running from C:\Users\Stephan\Desktop Loaded Profiles: Stephan & UpdatusUser & Pierre (Available profiles: Stephan & UpdatusUser & Pierre) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () D:\Keylogger\Spyrix Free Keylogger\spkl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () D:\Path of Exile\PathOfExile.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [kbdsprt] => [X] HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [localSPM] => D:\Keylogger\Spyrix Free Keylogger\spkl.exe [1766912 2013-04-26] ( ()) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {6959f9b8-2229-11df-956d-00199951e8bc} - K:\pushinst.exe HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {7e82c6e3-2a55-11e1-9e0e-001f3f0a5645} - K:\AutoRun.exe HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) GroupPolicyUsers\S-1-5-21-2345911831-2396610291-3317746240-1008\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> DefaultScope {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {FF15E18D-2F34-45CD-B8B7-755445E26158} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> DefaultScope {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> {666B74EC-A504-47E4-9BEE-40C390123597} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) Toolbar: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{43B9A6FC-9182-464A-B140-40FCF7D66AE8}: [NameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default FF Homepage: google.de FF NetworkProxy: "backup.ftp", "217.216.162.213" FF NetworkProxy: "backup.ftp_port", 19317 FF NetworkProxy: "backup.socks", "217.216.162.213" FF NetworkProxy: "backup.socks_port", 19317 FF NetworkProxy: "backup.ssl", "217.216.162.213" FF NetworkProxy: "backup.ssl_port", 19317 FF NetworkProxy: "ftp", "62.243.224.180" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "62.243.224.180" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.243.224.180" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "ssl", "62.243.224.180" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2345911831-2396610291-3317746240-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\searchplugins\icq-search.xml FF Extension: German Dictionary - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-10-26] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-12-07] FF Extension: Download YouTube Videos as MP4 - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-01-08] FF Extension: JavaScript Debugger - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-11-09] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG) R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S4 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [111904 2009-12-04] (Novatel Wireless Inc.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions) S4 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] () S4 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-03-18] (Mobile Connector) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-21] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation) S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation) S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation) S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation) S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [23552 2007-03-26] (Sierra Wireless Inc.) [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 GGSAFERDriver; \??\D:\Garena\plugins\UI\safedrv.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 13:48 - 2014-11-22 13:48 - 00020713 _____ () C:\Users\Stephan\Desktop\FRST.txt 2014-11-22 13:46 - 2014-11-22 13:47 - 02118144 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe 2014-11-22 13:46 - 2014-11-22 13:47 - 00000000 ____D () C:\Users\Stephan\Desktop\zjkz 2014-11-21 21:58 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-21 21:58 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-21 21:58 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-21 21:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-21 21:57 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-11-21 21:57 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-11-21 21:57 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-11-21 21:57 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-11-21 21:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 21:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-21 21:56 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-21 21:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-21 21:56 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-21 21:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-21 21:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-21 21:56 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-21 21:56 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-21 21:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-21 21:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-21 21:56 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-21 21:55 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-11-21 21:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-11-21 21:55 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-11-21 21:55 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-11-21 21:54 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-11-21 21:54 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-21 21:54 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-21 21:54 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-21 21:54 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-11-21 21:54 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-11-21 21:54 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-11-21 21:54 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-11-21 21:54 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-11-21 21:54 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-11-21 21:53 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-11-21 21:53 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-21 21:53 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-11-21 21:53 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-11-21 21:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-11-21 21:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-11-21 21:53 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-21 21:53 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-21 20:17 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-11-21 20:17 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-11-21 20:14 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-11-21 20:14 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-11-21 20:14 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-11-21 20:14 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-11-21 20:14 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-11-21 19:30 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-21 19:30 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-21 19:30 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-21 19:30 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-11-21 19:30 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-21 19:30 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-21 19:30 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-21 19:27 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-21 19:27 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-21 19:25 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-21 19:25 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-21 19:25 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-21 19:25 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-21 19:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-21 19:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-11-20 16:22 - 2014-11-20 16:22 - 00001024 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2014-11-20 16:22 - 2014-11-20 16:22 - 00000000 ____D () C:\Program Files\Tracker Software 2014-11-20 16:10 - 2014-11-20 16:20 - 17072512 _____ () C:\Users\Stephan\Downloads\PDFXVwer2.5.311.zip 2014-11-20 16:00 - 2014-11-20 16:00 - 00000000 ____D () C:\Windows\ERUNT 2014-11-20 15:39 - 2014-11-20 15:49 - 00000000 ____D () C:\AdwCleaner 2014-11-20 15:04 - 2014-11-20 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-20 14:59 - 2014-11-20 14:59 - 00000000 ____D () C:\Program Files (x86)\mbar 2014-11-20 14:40 - 2014-11-22 13:48 - 00000000 ____D () C:\FRST 2014-11-19 16:32 - 2014-11-19 16:32 - 00027667 _____ () C:\Users\Pierre\Desktop\hs_err_pid3824.log 2014-11-18 18:07 - 2014-11-18 18:07 - 00030431 _____ () C:\Users\Pierre\Desktop\hs_err_pid4084.log 2014-11-18 14:21 - 2014-11-18 14:25 - 00001143 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-17 14:33 - 2014-11-17 14:33 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Lavasoft 2014-11-12 06:35 - 2014-11-21 22:59 - 00002311 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\LavasoftStatistics 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-11-12 06:21 - 2014-11-12 06:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-11-12 02:07 - 2014-11-12 02:07 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Lavasoft 2014-11-12 02:06 - 2014-11-12 02:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-11-12 01:59 - 2014-11-12 01:59 - 01754248 _____ () C:\Users\Stephan\Downloads\Adaware_Installer.exe 2014-11-12 00:11 - 2014-11-12 00:11 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-11-10 15:03 - 2014-11-10 15:03 - 00029136 _____ () C:\Users\Pierre\Desktop\hs_err_pid2168.log 2014-11-10 14:47 - 2014-11-10 14:54 - 04884687 _____ () C:\Users\Pierre\Desktop\FTB_cracked_1.4.3.jar 2014-10-28 12:05 - 2014-10-28 12:05 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\NVIDIA 2014-10-28 11:27 - 2014-10-28 11:28 - 02295368 _____ () C:\Users\Pierre\Desktop\Technic Launcher.exe 2014-10-28 10:50 - 2014-10-28 10:50 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Macromedia 2014-10-26 20:01 - 2014-10-26 20:01 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Macromedia 2014-10-26 18:14 - 2014-10-26 18:14 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-26 18:00 - 2014-10-26 18:00 - 00244032 _____ () C:\Users\Stephan\Downloads\Firefox Setup Stub 33.0.exe 2014-10-26 17:55 - 2014-10-26 17:55 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-26 17:09 - 2014-10-26 17:43 - 92658088 _____ (Oracle Corporation) C:\Users\Stephan\Downloads\jre-8u25-windows-x64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-22 12:31 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-22 12:31 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-22 04:41 - 2010-02-24 19:43 - 02012639 _____ () C:\Windows\WindowsUpdate.log 2014-11-22 03:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-22 00:21 - 2010-03-13 19:15 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\TS3Client 2014-11-21 23:06 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-11-21 23:06 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-11-21 23:06 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 23:03 - 2014-10-11 15:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-21 23:01 - 2012-09-12 18:47 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-21 22:58 - 2012-03-08 13:02 - 00158245 _____ () C:\Windows\setupact.log 2014-11-21 22:58 - 2012-01-04 18:00 - 00000000 ____D () C:\ProgramData\Kodak 2014-11-21 22:58 - 2010-02-24 19:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-21 22:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-21 22:52 - 2014-06-18 02:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-21 22:51 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-11-21 21:43 - 2009-07-14 05:45 - 04997600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-21 20:24 - 2014-06-17 23:18 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-21 20:23 - 2014-06-17 23:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-21 19:20 - 2012-01-05 04:03 - 00007601 _____ () C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg 2014-11-21 19:03 - 2013-11-17 10:37 - 00095610 _____ () C:\Windows\PFRO.log 2014-11-21 18:46 - 2010-02-24 19:45 - 00000000 ____D () C:\Users\Stephan 2014-11-20 16:12 - 2010-04-13 21:40 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Adobe 2014-11-20 16:12 - 2009-12-09 10:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-20 15:49 - 2011-05-08 14:52 - 00000000 ____D () C:\ProgramData\ICQ 2014-11-20 14:59 - 2014-10-11 15:42 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-11-18 23:52 - 2012-11-18 01:46 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\vlc 2014-11-18 14:25 - 2014-06-18 02:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 14:25 - 2013-11-17 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-18 14:25 - 2013-11-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-18 14:21 - 2013-11-17 10:39 - 00000000 ____D () C:\ProgramData\Avira 2014-11-16 01:22 - 2013-03-24 20:05 - 00000000 ____D () C:\Users\Stephan\Desktop\bilder und vids 2014-11-16 01:22 - 2010-02-24 20:10 - 00000000 ____D () C:\Users\Stephan\Desktop\Bääm 2014-11-16 01:05 - 2014-10-10 00:51 - 00000000 ____D () C:\Users\Stephan\Desktop\Vids 2014-11-15 22:51 - 2010-05-08 22:08 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-15 12:32 - 2014-06-07 17:18 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Skype 2014-11-14 19:49 - 2010-03-10 18:30 - 00473088 ___SH () C:\Users\Stephan\Thumbs.db 2014-11-14 19:07 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-13 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-12 06:03 - 2011-02-26 01:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-11-12 02:10 - 2012-02-05 14:24 - 00003626 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-11-12 01:48 - 2011-04-23 00:39 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-11-12 01:48 - 2011-04-23 00:39 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-11-10 16:10 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Local\ftblauncher 2014-11-10 14:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\ftblauncher 2014-11-07 13:04 - 2012-01-27 13:45 - 00053248 ___SH () C:\Users\Stephan\Documents\Thumbs.db 2014-11-04 14:30 - 2010-02-24 23:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-31 23:26 - 2010-02-25 17:52 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-28 11:30 - 2014-08-08 11:32 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\.technic 2014-10-28 10:48 - 2013-02-16 18:29 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Mozilla 2014-10-26 18:28 - 2010-02-25 17:39 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Mozilla 2014-10-26 18:14 - 2010-02-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-26 17:58 - 2011-10-18 10:21 - 00000000 ____D () C:\Program Files\Java 2014-10-26 17:56 - 2014-06-11 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-26 17:55 - 2014-06-11 00:41 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-10-26 17:55 - 2011-10-18 10:21 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-26 15:23 - 2012-10-22 01:30 - 00000397 _____ () C:\Users\Stephan\Desktop\linkas.txt 2014-10-24 19:04 - 2011-10-17 20:57 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\.minecraft 2014-10-24 19:03 - 2011-12-06 13:03 - 00004671 _____ () C:\Users\Stephan\Downloads\server.log 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 ____D () C:\Users\Stephan\Downloads\world 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\white-list.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\ops.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\banned-players.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\banned-ips.txt 2014-10-23 22:08 - 2012-12-27 03:27 - 00000000 ____D () C:\Users\Stephan\AppData\Local\LogMeIn Hamachi Some content of TEMP: ==================== C:\Users\Stephan\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 16:47 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014 Ran by Stephan at 2014-11-22 13:49:18 Running from C:\Users\Stephan\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe InDesign CS5.5 (HKLM-x32\...\{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated) aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AutoClickExtreme 6.18.01 (HKLM-x32\...\{9119A44D-E936-4BD3-B973-26152118876F}_is1) (Version: - AutoClicker Lab) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version: - Ubisoft) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - ) Dungeon Defenders Eternity (HKLM-x32\...\Steam App 302270) (Version: - Nom Nom Games) essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.) Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Graph 4.3 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen) HUAWEI DataCard Driver 4.05.00.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.05.00.00 - Huawei technologies Co., Ltd.) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company) Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2) (Version: version 2.0a - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.362 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation) Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.10.002.25 - Novatel Wireless) Mobile Broadband Generic Drivers (x32 Version: 2.03.10.002.25 - Novatel Wireless) Hidden Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager) Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PerfectSphere (HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\ce2965ae71956536) (Version: 1.0.0.0 - Cameron MacFarland) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spyrix Free Keylogger 3.1 (HKLM-x32\...\Spyrix Free Keylogger_is1) (Version: 3.1 - Spyrix Security Inc.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.4.24540 - Blizzard Entertainment) Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Web Diashow (HKLM-x32\...\Web Diashow_is1) (Version: 3.3.1 - Benjamin Mussler) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment) XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode) XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.27_TME - ZTE Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 12-11-2014 03:53:34 Windows Update 12-11-2014 05:07:18 AA11 20-11-2014 00:33:23 Geplanter Prüfpunkt 20-11-2014 03:19:13 Windows Update 20-11-2014 15:11:14 Removed Adobe Reader 9.4.6 - Deutsch. 21-11-2014 19:13:30 Windows Update 21-11-2014 20:58:48 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-10-13 21:50 - 2014-10-13 21:50 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1348D5A7-67E3-4B92-A59F-0D0D10F36305} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMLMJJIMMJPMNJNJKJCNMMHMJJKMCNLMPMNMMJCNNJNMKMIMCNKJJJOJHMOMOJIMPMLMNJIMKMJNJICMIMCNJMCNIMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMEKMICNJJCKJNBJCMMKLIKJPIHJOJBJJNKJCMJNNICMJNDJCMLJKJ" Task: {27B719FE-74F2-498D-B9C0-E780E02C1D03} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {651523B9-6BDB-4B16-9836-1A3DEC451465} - System32\Tasks\{BBE7AB4E-0E96-4516-87E0-D6D8101FBE64} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {7565D10A-B342-493F-AF37-3A4D7C57E3A1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {7651A606-39CC-4BBE-B5B4-E34F0F096A3F} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Stephan-Stephan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {7D3DCC93-C8F2-4BB2-97C1-7A6D1DFCD95E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {8C112D12-64A7-498A-8F31-45E0CD584F90} - System32\Tasks\{7F7CFC0B-E05B-44EB-B19F-1BE3AA0F21B1} => C:\Users\Stephan\Desktop\emu+\pkemu.exe Task: {AF8A11A5-096B-4BB6-995C-8BD659D8458A} - System32\Tasks\{552E358A-49F6-46FB-94F5-0148018FC212} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.) Task: {FE77A3AF-5E77-4435-8B4F-EA69F49526E3} - System32\Tasks\{70F7B80D-8FD2-4CD7-B801-50F9C9E6FA21} => C:\Users\Stephan\Desktop\emu+\pkemu.exe ==================== Loaded Modules (whitelisted) ============= 2014-10-15 13:37 - 2014-10-15 13:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll 2014-10-15 14:04 - 2014-10-15 14:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll 2010-04-24 12:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2013-01-04 16:32 - 2013-04-26 15:19 - 01766912 _____ () D:\Keylogger\Spyrix Free Keylogger\spkl.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll 2013-12-22 17:09 - 2014-06-21 22:15 - 09580320 _____ () D:\Path of Exile\PathOfExile.exe 2012-03-08 13:04 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-01-04 16:32 - 2012-09-03 10:34 - 00175616 _____ () D:\Keylogger\Spyrix Free Keylogger\vtm.dll 2009-10-13 14:41 - 2011-05-26 18:42 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\_old_qgif4.dll 2009-10-13 14:41 - 2011-05-26 18:42 - 00195584 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00230376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00237032 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00159208 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll 2010-09-09 16:47 - 2013-09-14 15:07 - 00431080 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-09-14 15:07 - 2013-09-14 15:07 - 00555496 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-10-26 18:14 - 2014-10-11 13:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: NWHelper => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: TeamViewer8 => 2 MSCONFIG\Services: TestHandler => 2 MSCONFIG\Services: TGCM_ImportWiFiSvc => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WTGService => 2 MSCONFIG\Services: XS Stick Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Stephan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Questler Bonusfinder => C:\Users\Stephan\Downloads\Bonusfinder2.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: starter4g => C:\Windows\starter4g.exe MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2345911831-2396610291-3317746240-500 - Administrator - Disabled) Gast (S-1-5-21-2345911831-2396610291-3317746240-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2345911831-2396610291-3317746240-1006 - Limited - Enabled) Pierre (S-1-5-21-2345911831-2396610291-3317746240-1008 - Limited - Enabled) => C:\Users\Pierre Stephan (S-1-5-21-2345911831-2396610291-3317746240-1000 - Administrator - Enabled) => C:\Users\Stephan UpdatusUser (S-1-5-21-2345911831-2396610291-3317746240-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Hamachi Network Interface Description: Hamachi Network Interface Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn, Inc. Service: hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/21/2014 06:43:42 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/21/2014 06:06:59 AM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/21/2014 06:04:29 AM) (Source: SideBySide) (EventID: 75) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig. Error: (11/20/2014 04:29:50 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/20/2014 04:29:49 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/20/2014 04:29:43 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (11/21/2014 11:03:08 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "UPnP-Gerätehost" ist vom Dienst "SSDP-Suche" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1053 Error: (11/21/2014 11:03:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SSDP-Suche" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/21/2014 11:03:08 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst SSDP-Suche erreicht. Error: (11/21/2014 11:03:08 PM) (Source: DCOM) (EventID: 10005) (User: ) Description: 1068upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56} Error: (11/21/2014 11:02:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/21/2014 11:02:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst IPsec-Richtlinien-Agent erreicht. Error: (11/21/2014 11:02:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht. Error: (11/21/2014 11:01:45 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Netman erreicht. Error: (11/21/2014 11:01:05 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1070 Error: (11/21/2014 11:01:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde nicht richtig gestartet. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2011-01-12 23:41:43.136 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:41:43.116 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 57% Total physical RAM: 4094.42 MB Available physical RAM: 1749.42 MB Total Pagefile: 8187.02 MB Available Pagefile: 5504.92 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:200 GB) (Free:51.52 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Datenträger) (Fixed) (Total:931.51 GB) (Free:821.35 GB) NTFS Drive e: (Data) (Fixed) (Total:729.5 GB) (Free:440.98 GB) NTFS Drive l: () (Fixed) (Total:1397.26 GB) (Free:641.13 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=729.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 881A16BB) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 1397.3 GB) (Disk ID: 72AADC51) Partition 1: (Not Active) - (Size=1397.3 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Randnotz: Der Keylogger ist gewollt, da ich (Stephan) die Aktivitäten meines Bruders (Pierre) überwachen will. Zudem hab ich ab und an den Browserschutz ausgeschaltet um zu checken, ob das Problem an der Firewall liegt. |
23.11.2014, 08:09 | #4 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen Proxy in FF ist gewollt? Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
23.11.2014, 15:48 | #5 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Ich hatte mal ein Proxy eingetragen und habe nochmal nachgeschaut, ist ausgeschaltet, ist aber halt noch eingetragen. Zudem ist mein INternetexplorer nicht auf den neusten Stand, benutze ihn jedoch nie, hoffe das ist kein Sicherheitsrisiko. Die LOGS sind auch ein bisschen leer, da ich wie gesagt das Tutorial ( http://www.trojaner-board.de/143845-...-probleme.html ) durchlaufen lassen habe. Hier die LOGS: Malewarebytes Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.11.2014 Suchlauf-Zeit: 14:41:18 Logdatei: mbam.txt Administrator: Ja Version: 2.00.3.1025 Malware Datenbank: v2014.11.23.04 Rootkit Datenbank: v2014.11.22.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Stephan Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 412910 Verstrichene Zeit: 21 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) AdwCleaner: Code:
ATTFilter # AdwCleaner v4.101 - Bericht erstellt am 23/11/2014 um 15:24:17 # Aktualisiert 09/11/2014 von Xplode # Database : 2014-11-23.2 [Live] # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzername : Stephan - PC-STEPHAN # Gestartet von : C:\Users\Stephan\Desktop\AdwCleaner_4.101.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** ***** [ Tasks ] ***** ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search] [#] Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56FDF344-FD6D-11D0-958A-006097C9A090} Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp ***** [ Browser ] ***** -\\ Internet Explorer v8.0.7601.18472 -\\ Mozilla Firefox v33.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [22533 octets] - [20/11/2014 15:41:15] AdwCleaner[R1].txt - [22594 octets] - [20/11/2014 15:46:14] AdwCleaner[R2].txt - [22655 octets] - [20/11/2014 15:48:26] AdwCleaner[R3].txt - [1358 octets] - [23/11/2014 15:22:16] AdwCleaner[S0].txt - [22899 octets] - [20/11/2014 15:49:35] AdwCleaner[S1].txt - [1188 octets] - [23/11/2014 15:24:17] ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1248 octets] ########## Junkware Removal Tool: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.3.9 (11.15.2014:2) OS: Windows 7 Home Premium x64 Ran by Stephan on 23.11.2014 at 15:32:43,75 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 23.11.2014 at 15:36:30,30 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Frisches FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 Ran by Stephan (administrator) on PC-STEPHAN on 23-11-2014 15:38:42 Running from C:\Users\Stephan\Desktop Loaded Profiles: Stephan & UpdatusUser (Available profiles: Stephan & UpdatusUser & Pierre) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () D:\Keylogger\Spyrix Free Keylogger\spkl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [kbdsprt] => [X] HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [localSPM] => D:\Keylogger\Spyrix Free Keylogger\spkl.exe [1766912 2013-04-26] ( ()) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {6959f9b8-2229-11df-956d-00199951e8bc} - K:\pushinst.exe HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {7e82c6e3-2a55-11e1-9e0e-001f3f0a5645} - K:\AutoRun.exe Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) GroupPolicyUsers\S-1-5-21-2345911831-2396610291-3317746240-1008\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> DefaultScope {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {FF15E18D-2F34-45CD-B8B7-755445E26158} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{43B9A6FC-9182-464A-B140-40FCF7D66AE8}: [NameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default FF Homepage: google.de FF NetworkProxy: "backup.ftp", "217.216.162.213" FF NetworkProxy: "backup.ftp_port", 19317 FF NetworkProxy: "backup.socks", "217.216.162.213" FF NetworkProxy: "backup.socks_port", 19317 FF NetworkProxy: "backup.ssl", "217.216.162.213" FF NetworkProxy: "backup.ssl_port", 19317 FF NetworkProxy: "ftp", "62.243.224.180" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "62.243.224.180" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.243.224.180" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "ssl", "62.243.224.180" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2345911831-2396610291-3317746240-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\searchplugins\icq-search.xml FF Extension: German Dictionary - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-10-26] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-12-07] FF Extension: Download YouTube Videos as MP4 - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-01-08] FF Extension: JavaScript Debugger - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-11-09] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S4 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [111904 2009-12-04] (Novatel Wireless Inc.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions) S4 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] () S4 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-03-18] (Mobile Connector) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-23] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation) S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation) S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation) S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation) S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [23552 2007-03-26] (Sierra Wireless Inc.) [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 GGSAFERDriver; \??\D:\Garena\plugins\UI\safedrv.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 15:38 - 2014-11-23 15:39 - 00018861 _____ () C:\Users\Stephan\Desktop\FRST.txt 2014-11-23 15:36 - 2014-11-23 15:36 - 00000627 _____ () C:\Users\Stephan\Desktop\JRT.txt 2014-11-23 15:29 - 2014-11-23 15:29 - 01707532 _____ (Thisisu) C:\Users\Stephan\Desktop\JRT.exe 2014-11-23 15:27 - 2014-11-23 15:27 - 00001328 _____ () C:\Users\Stephan\Desktop\AdwCleaner[S1].txt 2014-11-23 15:19 - 2014-11-23 15:21 - 02140160 _____ () C:\Users\Stephan\Desktop\AdwCleaner_4.101.exe 2014-11-23 15:18 - 2014-11-23 15:18 - 00001196 _____ () C:\Users\Stephan\Desktop\mbam.txt 2014-11-22 19:04 - 2014-11-22 19:07 - 00686619 _____ () C:\Users\Stephan\Downloads\metal_marines.7z 2014-11-22 13:46 - 2014-11-22 13:47 - 02118144 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe 2014-11-22 13:46 - 2014-11-22 13:47 - 00000000 ____D () C:\Users\Stephan\Desktop\zjkz 2014-11-21 21:58 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-21 21:58 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-21 21:58 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-21 21:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-21 21:57 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-11-21 21:57 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-11-21 21:57 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-11-21 21:57 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-11-21 21:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 21:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-21 21:56 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-21 21:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-21 21:56 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-21 21:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-21 21:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-21 21:56 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-21 21:56 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-21 21:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-21 21:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-21 21:56 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-21 21:55 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-11-21 21:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-11-21 21:55 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-11-21 21:55 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-11-21 21:54 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-11-21 21:54 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-21 21:54 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-21 21:54 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-21 21:54 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-11-21 21:54 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-11-21 21:54 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-11-21 21:54 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-11-21 21:54 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-11-21 21:54 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-11-21 21:53 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-11-21 21:53 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-21 21:53 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-11-21 21:53 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-11-21 21:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-11-21 21:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-11-21 21:53 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-21 21:53 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-21 20:17 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-11-21 20:17 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-11-21 20:14 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-11-21 20:14 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-11-21 20:14 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-11-21 20:14 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-11-21 20:14 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-11-21 19:30 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-21 19:30 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-21 19:30 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-21 19:30 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-11-21 19:30 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-21 19:30 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-21 19:30 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-21 19:27 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-21 19:27 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-21 19:25 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-21 19:25 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-21 19:25 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-21 19:25 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-21 19:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-21 19:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-11-20 16:22 - 2014-11-20 16:22 - 00001024 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2014-11-20 16:22 - 2014-11-20 16:22 - 00000000 ____D () C:\Program Files\Tracker Software 2014-11-20 16:10 - 2014-11-20 16:20 - 17072512 _____ () C:\Users\Stephan\Downloads\PDFXVwer2.5.311.zip 2014-11-20 16:00 - 2014-11-20 16:00 - 00000000 ____D () C:\Windows\ERUNT 2014-11-20 15:39 - 2014-11-23 15:24 - 00000000 ____D () C:\AdwCleaner 2014-11-20 15:04 - 2014-11-20 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-20 14:59 - 2014-11-20 14:59 - 00000000 ____D () C:\Program Files (x86)\mbar 2014-11-20 14:40 - 2014-11-23 15:38 - 00000000 ____D () C:\FRST 2014-11-19 16:32 - 2014-11-19 16:32 - 00027667 _____ () C:\Users\Pierre\Desktop\hs_err_pid3824.log 2014-11-18 18:07 - 2014-11-18 18:07 - 00030431 _____ () C:\Users\Pierre\Desktop\hs_err_pid4084.log 2014-11-18 14:21 - 2014-11-18 14:25 - 00001143 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-17 14:33 - 2014-11-17 14:33 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Lavasoft 2014-11-12 06:35 - 2014-11-23 15:27 - 00002311 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\LavasoftStatistics 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-11-12 06:21 - 2014-11-12 06:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-11-12 02:07 - 2014-11-12 02:07 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Lavasoft 2014-11-12 02:06 - 2014-11-12 02:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-11-12 01:59 - 2014-11-12 01:59 - 01754248 _____ () C:\Users\Stephan\Downloads\Adaware_Installer.exe 2014-11-12 00:11 - 2014-11-12 00:11 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-11-10 15:03 - 2014-11-10 15:03 - 00029136 _____ () C:\Users\Pierre\Desktop\hs_err_pid2168.log 2014-11-10 14:47 - 2014-11-10 14:54 - 04884687 _____ () C:\Users\Pierre\Desktop\FTB_cracked_1.4.3.jar 2014-10-28 12:05 - 2014-10-28 12:05 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\NVIDIA 2014-10-28 11:27 - 2014-10-28 11:28 - 02295368 _____ () C:\Users\Pierre\Desktop\Technic Launcher.exe 2014-10-28 10:50 - 2014-10-28 10:50 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Macromedia 2014-10-26 20:01 - 2014-10-26 20:01 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Macromedia 2014-10-26 18:14 - 2014-10-26 18:14 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-26 18:00 - 2014-10-26 18:00 - 00244032 _____ () C:\Users\Stephan\Downloads\Firefox Setup Stub 33.0.exe 2014-10-26 17:55 - 2014-10-26 17:55 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-26 17:09 - 2014-10-26 17:43 - 92658088 _____ (Oracle Corporation) C:\Users\Stephan\Downloads\jre-8u25-windows-x64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-23 15:37 - 2014-10-11 15:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-23 15:34 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-23 15:34 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-23 15:27 - 2012-09-12 18:47 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-23 15:26 - 2012-01-04 18:00 - 00000000 ____D () C:\ProgramData\Kodak 2014-11-23 15:25 - 2013-11-17 10:37 - 00095928 _____ () C:\Windows\PFRO.log 2014-11-23 15:25 - 2012-03-08 13:02 - 00158357 _____ () C:\Windows\setupact.log 2014-11-23 15:25 - 2010-02-24 19:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-23 15:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-23 15:24 - 2010-02-24 19:43 - 02087510 _____ () C:\Windows\WindowsUpdate.log 2014-11-23 14:36 - 2014-10-11 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-23 14:36 - 2014-10-11 15:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-23 14:36 - 2012-03-07 18:37 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-23 14:25 - 2010-03-13 19:15 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\TS3Client 2014-11-23 01:02 - 2012-01-05 04:03 - 00007601 _____ () C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg 2014-11-22 03:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-21 23:06 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-11-21 23:06 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-11-21 23:06 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 22:52 - 2014-06-18 02:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-21 22:51 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-11-21 21:43 - 2009-07-14 05:45 - 04997600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-21 20:24 - 2014-06-17 23:18 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-21 20:23 - 2014-06-17 23:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-21 18:46 - 2010-02-24 19:45 - 00000000 ____D () C:\Users\Stephan 2014-11-20 16:12 - 2010-04-13 21:40 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Adobe 2014-11-20 16:12 - 2009-12-09 10:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-20 15:49 - 2011-05-08 14:52 - 00000000 ____D () C:\ProgramData\ICQ 2014-11-18 23:52 - 2012-11-18 01:46 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\vlc 2014-11-18 14:25 - 2014-06-18 02:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 14:25 - 2013-11-17 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-18 14:25 - 2013-11-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-18 14:21 - 2013-11-17 10:39 - 00000000 ____D () C:\ProgramData\Avira 2014-11-16 01:22 - 2013-03-24 20:05 - 00000000 ____D () C:\Users\Stephan\Desktop\bilder und vids 2014-11-16 01:22 - 2010-02-24 20:10 - 00000000 ____D () C:\Users\Stephan\Desktop\Bääm 2014-11-16 01:05 - 2014-10-10 00:51 - 00000000 ____D () C:\Users\Stephan\Desktop\Vids 2014-11-15 22:51 - 2010-05-08 22:08 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-15 12:32 - 2014-06-07 17:18 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Skype 2014-11-14 19:49 - 2010-03-10 18:30 - 00473088 ___SH () C:\Users\Stephan\Thumbs.db 2014-11-14 19:07 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-13 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-12 06:03 - 2011-02-26 01:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-11-12 02:10 - 2012-02-05 14:24 - 00003626 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-11-12 01:48 - 2011-04-23 00:39 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-11-12 01:48 - 2011-04-23 00:39 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-11-10 16:10 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Local\ftblauncher 2014-11-10 14:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\ftblauncher 2014-11-07 13:04 - 2012-01-27 13:45 - 00053248 ___SH () C:\Users\Stephan\Documents\Thumbs.db 2014-11-04 14:30 - 2010-02-24 23:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-31 23:26 - 2010-02-25 17:52 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-28 11:30 - 2014-08-08 11:32 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\.technic 2014-10-28 10:48 - 2013-02-16 18:29 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Mozilla 2014-10-26 18:28 - 2010-02-25 17:39 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Mozilla 2014-10-26 18:14 - 2010-02-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-26 17:58 - 2011-10-18 10:21 - 00000000 ____D () C:\Program Files\Java 2014-10-26 17:56 - 2014-06-11 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-26 17:55 - 2014-06-11 00:41 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-10-26 17:55 - 2011-10-18 10:21 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-26 15:23 - 2012-10-22 01:30 - 00000397 _____ () C:\Users\Stephan\Desktop\linkas.txt 2014-10-24 19:04 - 2011-10-17 20:57 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\.minecraft 2014-10-24 19:03 - 2011-12-06 13:03 - 00004671 _____ () C:\Users\Stephan\Downloads\server.log 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 ____D () C:\Users\Stephan\Downloads\world 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\white-list.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\ops.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\banned-players.txt 2014-10-24 19:03 - 2011-12-06 13:03 - 00000000 _____ () C:\Users\Stephan\Downloads\banned-ips.txt Some content of TEMP: ==================== C:\Users\Stephan\AppData\Local\Temp\avgnt.exe C:\Users\Stephan\AppData\Local\Temp\Quarantine.exe C:\Users\Stephan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 16:47 ==================== End Of Log ============================ --- --- --- Frisches Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014 Ran by Stephan at 2014-11-23 15:39:37 Running from C:\Users\Stephan\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe InDesign CS5.5 (HKLM-x32\...\{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated) aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AutoClickExtreme 6.18.01 (HKLM-x32\...\{9119A44D-E936-4BD3-B973-26152118876F}_is1) (Version: - AutoClicker Lab) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version: - Ubisoft) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - ) Dungeon Defenders Eternity (HKLM-x32\...\Steam App 302270) (Version: - Nom Nom Games) essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.) Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Graph 4.3 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen) HUAWEI DataCard Driver 4.05.00.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.05.00.00 - Huawei technologies Co., Ltd.) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company) Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2) (Version: version 2.0a - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.362 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation) Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.10.002.25 - Novatel Wireless) Mobile Broadband Generic Drivers (x32 Version: 2.03.10.002.25 - Novatel Wireless) Hidden Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager) Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PerfectSphere (HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\ce2965ae71956536) (Version: 1.0.0.0 - Cameron MacFarland) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spyrix Free Keylogger 3.1 (HKLM-x32\...\Spyrix Free Keylogger_is1) (Version: 3.1 - Spyrix Security Inc.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.4.24540 - Blizzard Entertainment) Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Web Diashow (HKLM-x32\...\Web Diashow_is1) (Version: 3.3.1 - Benjamin Mussler) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment) XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode) XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.27_TME - ZTE Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 12-11-2014 03:53:34 Windows Update 12-11-2014 05:07:18 AA11 20-11-2014 00:33:23 Geplanter Prüfpunkt 20-11-2014 03:19:13 Windows Update 20-11-2014 15:11:14 Removed Adobe Reader 9.4.6 - Deutsch. 21-11-2014 19:13:30 Windows Update 21-11-2014 20:58:48 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-10-13 21:50 - 2014-10-13 21:50 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1348D5A7-67E3-4B92-A59F-0D0D10F36305} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMLMJJIMMJPMNJNJKJCNMMHMJJKMCNLMPMNMMJCNNJNMKMIMCNKJJJOJHMOMOJIMPMLMNJIMKMJNJICMIMCNJMCNIMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMEKMICNJJCKJNBJCMMKLIKJPIHJOJBJJNKJCMJNNICMJNDJCMLJKJ" Task: {27B719FE-74F2-498D-B9C0-E780E02C1D03} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {651523B9-6BDB-4B16-9836-1A3DEC451465} - System32\Tasks\{BBE7AB4E-0E96-4516-87E0-D6D8101FBE64} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {7565D10A-B342-493F-AF37-3A4D7C57E3A1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {7651A606-39CC-4BBE-B5B4-E34F0F096A3F} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Stephan-Stephan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {7D3DCC93-C8F2-4BB2-97C1-7A6D1DFCD95E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {8C112D12-64A7-498A-8F31-45E0CD584F90} - System32\Tasks\{7F7CFC0B-E05B-44EB-B19F-1BE3AA0F21B1} => C:\Users\Stephan\Desktop\emu+\pkemu.exe Task: {AF8A11A5-096B-4BB6-995C-8BD659D8458A} - System32\Tasks\{552E358A-49F6-46FB-94F5-0148018FC212} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.) Task: {FE77A3AF-5E77-4435-8B4F-EA69F49526E3} - System32\Tasks\{70F7B80D-8FD2-4CD7-B801-50F9C9E6FA21} => C:\Users\Stephan\Desktop\emu+\pkemu.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-08 13:04 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2013-01-04 16:32 - 2013-04-26 15:19 - 01766912 _____ () D:\Keylogger\Spyrix Free Keylogger\spkl.exe 2013-01-04 16:32 - 2012-09-03 10:34 - 00175616 _____ () D:\Keylogger\Spyrix Free Keylogger\vtm.dll 2014-10-26 18:14 - 2014-10-11 13:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: NWHelper => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: TeamViewer8 => 2 MSCONFIG\Services: TestHandler => 2 MSCONFIG\Services: TGCM_ImportWiFiSvc => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WTGService => 2 MSCONFIG\Services: XS Stick Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Stephan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Questler Bonusfinder => C:\Users\Stephan\Downloads\Bonusfinder2.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: starter4g => C:\Windows\starter4g.exe MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2345911831-2396610291-3317746240-500 - Administrator - Disabled) Gast (S-1-5-21-2345911831-2396610291-3317746240-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2345911831-2396610291-3317746240-1006 - Limited - Enabled) Pierre (S-1-5-21-2345911831-2396610291-3317746240-1008 - Limited - Enabled) => C:\Users\Pierre Stephan (S-1-5-21-2345911831-2396610291-3317746240-1000 - Administrator - Enabled) => C:\Users\Stephan UpdatusUser (S-1-5-21-2345911831-2396610291-3317746240-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Hamachi Network Interface Description: Hamachi Network Interface Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn, Inc. Service: hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2011-01-12 23:41:43.136 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:41:43.116 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 42% Total physical RAM: 4094.42 MB Available physical RAM: 2346.95 MB Total Pagefile: 8187.02 MB Available Pagefile: 6096.32 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:200 GB) (Free:51.31 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Datenträger) (Fixed) (Total:931.51 GB) (Free:821.29 GB) NTFS Drive e: (Data) (Fixed) (Total:729.5 GB) (Free:440.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=729.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 881A16BB) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Ich bedanke mich schonmal für deine Bemühungen |
24.11.2014, 11:55 | #6 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladenESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Internet: Seitenladefehler und Objekte werden nicht komplett geladen |
24.11.2014, 22:45 | #7 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen ESET LOG: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=6b4f069243825c489b0f61d7b091bec7 # engine=21239 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-11-24 05:17:22 # local_time=2014-11-24 06:17:22 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Avira Desktop' # compatibility_mode=1810 16777213 100 100 260050 33609124 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 18157 168479292 0 0 # scanned=431383 # found=0 # cleaned=0 # scan_time=13303 Security Check LOG: Code:
ATTFilter Results of screen317's Security Check version 0.99.90 Windows 7 Service Pack 1 x64 (UAC is enabled) ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Ad-Aware Antivirus Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Spyrix Free Keylogger 3.1 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.9.900.117 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (33.0) ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Naja, den Adobe Reader hab ich nicht mehr und java hab ich letztens denk ich erst geuptdatet O.o Ob ich Probleme hatte? Mehr oder weniger, manche Werbebanner wurden nicht geladen Aber nen Seitenladefehler hatte ich in Moment keinen. Ab und an wenn ich nen Game starten möchte, findet er aber keinen Patchserver. Edit: Bisher keinen Ladefehler (war aber heute nicht sonderlich viel unterwegs im Internet) aber Objekte wie Bilder werden immer noch nicht allesamt geladen Geändert von Creater (24.11.2014 um 22:51 Uhr) |
25.11.2014, 17:42 | #8 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen IN welchem Browser? Nur in einem oder allen? Frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
25.11.2014, 17:57 | #9 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Ich habe den Adobe Reader komplet in der Systemsteuerung entfernt und mir dafür einen anderen geladen (PDF- Viewer). Habe außerdem immer noch Seitenladefehler Hier die LOGS: FRST: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-11-2014 Ran by Stephan (administrator) on PC-STEPHAN on 25-11-2014 17:52:02 Running from C:\Users\Stephan\Desktop Loaded Profiles: Stephan & UpdatusUser & Pierre (Available profiles: Stephan & UpdatusUser & Pierre) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 8 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (AVM Berlin) C:\Program Files (x86)\avmwlanstick\WLanNetService.exe (Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Microsoft Corporation) C:\Windows\System32\alg.exe () D:\Keylogger\Spyrix Free Keylogger\spkl.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKAiO2MUI.exe () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe (InstallShield Software Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe () D:\Path of Exile\PathOfExile.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor) HKLM\...\Run: [IntelliPoint] => C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [EKAIO2StatusMonitor] => C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe [3240448 2011-12-10] (Eastman Kodak Company) HKLM\...\Run: [] => [X] HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] () HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [69632 2004-04-13] (InstallShield Software Corporation) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [kbdsprt] => [X] HKLM-x32\...\Run: [Conime] => %windir%\system32\conime.exe HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-18] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation) HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG) HKLM\...\Policies\Explorer\Run: [localSPM] => D:\Keylogger\Spyrix Free Keylogger\spkl.exe [1766912 2013-04-26] ( ()) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation) HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {6959f9b8-2229-11df-956d-00199951e8bc} - K:\pushinst.exe HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\MountPoints2: {7e82c6e3-2a55-11e1-9e0e-001f3f0a5645} - K:\AutoRun.exe HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) GroupPolicyUsers\S-1-5-21-2345911831-2396610291-3317746240-1008\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&bmod=EU01 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.ts.fujitsu.com/index2 HKU\S-1-5-21-2345911831-2396610291-3317746240-1008\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> DefaultScope {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1000 -> {FF15E18D-2F34-45CD-B8B7-755445E26158} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> DefaultScope {666B74EC-A504-47E4-9BEE-40C390123597} URL = SearchScopes: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> {666B74EC-A504-47E4-9BEE-40C390123597} URL = BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO-x32: Free Download Manager -> {CC59E0F9-7E43-44FA-9FAA-8377850BF205} -> C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) Toolbar: HKU\S-1-5-21-2345911831-2396610291-3317746240-1008 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1 Tcpip\..\Interfaces\{43B9A6FC-9182-464A-B140-40FCF7D66AE8}: [NameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default FF Homepage: google.de FF NetworkProxy: "backup.ftp", "217.216.162.213" FF NetworkProxy: "backup.ftp_port", 19317 FF NetworkProxy: "backup.socks", "217.216.162.213" FF NetworkProxy: "backup.socks_port", 19317 FF NetworkProxy: "backup.ssl", "217.216.162.213" FF NetworkProxy: "backup.ssl_port", 19317 FF NetworkProxy: "ftp", "62.243.224.180" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "62.243.224.180" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.243.224.180" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "ssl", "62.243.224.180" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre1.8.0_25\bin\new_plugin\npjp2.dll No File FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.0.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKU\S-1-5-21-2345911831-2396610291-3317746240-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\searchplugins\icq-search.xml FF Extension: German Dictionary - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\de-DE@dictionaries.addons.mozilla.org [2014-10-26] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2012-12-07] FF Extension: Download YouTube Videos as MP4 - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-01-08] FF Extension: JavaScript Debugger - C:\Users\Stephan\AppData\Roaming\Mozilla\Firefox\Profiles\6834mhwj.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-11-09] Chrome: ======= ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [995064 2014-11-18] (Avira Operations GmbH & Co. KG) S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG) R2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin) [File not signed] S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] () R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation) S4 NWHelper; C:\Program Files (x86)\Novatel Wireless\Drivers\NWHelper.exe [111904 2009-12-04] (Novatel Wireless Inc.) S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] S4 TestHandler; C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe [341264 2009-02-19] (Fujitsu Technology Solutions) S4 TGCM_ImportWiFiSvc; C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe [200624 2010-09-29] (Telefónica I+D) S4 WTGService; C:\Program Files (x86)\XSManager\WTGService.exe [329168 2010-04-12] () S4 XS Stick Service; C:\Windows\service4g.exe [145064 2010-04-30] (4G Systems GmbH & Co. KG) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-31] (Avira Operations GmbH & Co. KG) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2009-03-20] (AVM Berlin) S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2012-03-18] (Mobile Connector) U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [250368 2010-04-07] (Huawei Technologies Co., Ltd.) U5 ew_hwusbdev; C:\Windows\System32\Drivers\ew_hwusbdev.sys [114560 2010-03-20] (Huawei Technologies Co., Ltd.) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2009-03-20] (AVM GmbH) S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir3.sys [32768 2009-08-24] (Hauppauge Computer Works, Inc.) S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [12800 2009-02-03] (ZTE Incorporated) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation) S3 s115bus; C:\Windows\System32\DRIVERS\s115bus.sys [108296 2007-04-23] (MCCI Corporation) S3 s115mdfl; C:\Windows\System32\DRIVERS\s115mdfl.sys [19720 2007-04-23] (MCCI Corporation) S3 s115mdm; C:\Windows\System32\DRIVERS\s115mdm.sys [144648 2007-04-23] (MCCI Corporation) S3 s115mgmt; C:\Windows\System32\DRIVERS\s115mgmt.sys [126216 2007-04-23] (MCCI Corporation) S3 s115obex; C:\Windows\System32\DRIVERS\s115obex.sys [123656 2007-04-23] (MCCI Corporation) R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.) S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [23552 2007-03-26] (Sierra Wireless Inc.) [File not signed] S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.) S3 GGSAFERDriver; \??\D:\Garena\plugins\UI\safedrv.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-24 14:38 - 2014-11-24 14:38 - 00854414 _____ () C:\Users\Stephan\Desktop\SecurityCheck.exe 2014-11-24 14:12 - 2014-11-24 14:13 - 02347384 _____ (ESET) C:\Users\Stephan\Desktop\esetsmartinstaller_deu.exe 2014-11-23 15:38 - 2014-11-25 17:52 - 00020519 _____ () C:\Users\Stephan\Desktop\FRST.txt 2014-11-23 15:36 - 2014-11-23 15:36 - 00000627 _____ () C:\Users\Stephan\Desktop\JRT.txt 2014-11-23 15:29 - 2014-11-23 15:29 - 01707532 _____ (Thisisu) C:\Users\Stephan\Desktop\JRT.exe 2014-11-23 15:27 - 2014-11-23 15:27 - 00001328 _____ () C:\Users\Stephan\Desktop\AdwCleaner[S1].txt 2014-11-23 15:19 - 2014-11-23 15:21 - 02140160 _____ () C:\Users\Stephan\Desktop\AdwCleaner_4.101.exe 2014-11-23 15:18 - 2014-11-23 15:18 - 00001196 _____ () C:\Users\Stephan\Desktop\mbam.txt 2014-11-22 19:04 - 2014-11-22 19:07 - 00686619 _____ () C:\Users\Stephan\Downloads\metal_marines.7z 2014-11-22 13:46 - 2014-11-22 13:47 - 02118144 _____ (Farbar) C:\Users\Stephan\Desktop\FRST64.exe 2014-11-22 13:46 - 2014-11-22 13:47 - 00000000 ____D () C:\Users\Stephan\Desktop\zjkz 2014-11-21 21:58 - 2014-11-05 18:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2014-11-21 21:58 - 2014-11-05 18:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-11-21 21:58 - 2014-11-05 18:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-11-21 21:58 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe 2014-11-21 21:57 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll 2014-11-21 21:57 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll 2014-11-21 21:57 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll 2014-11-21 21:57 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys 2014-11-21 21:57 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2014-11-21 21:56 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2014-11-21 21:56 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2014-11-21 21:56 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll 2014-11-21 21:56 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2014-11-21 21:56 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll 2014-11-21 21:56 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2014-11-21 21:56 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2014-11-21 21:56 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2014-11-21 21:56 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2014-11-21 21:56 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2014-11-21 21:56 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2014-11-21 21:56 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2014-11-21 21:56 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll 2014-11-21 21:56 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll 2014-11-21 21:56 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll 2014-11-21 21:55 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll 2014-11-21 21:55 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll 2014-11-21 21:55 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe 2014-11-21 21:55 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe 2014-11-21 21:54 - 2014-09-25 03:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll 2014-11-21 21:54 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2014-11-21 21:54 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2014-11-21 21:54 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL 2014-11-21 21:54 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL 2014-11-21 21:54 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2014-11-21 21:54 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll 2014-11-21 21:54 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll 2014-11-21 21:54 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-11-21 21:54 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-11-21 21:54 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-11-21 21:54 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2014-11-21 21:53 - 2014-09-09 23:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-11-21 21:53 - 2014-09-09 22:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2014-11-21 21:53 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll 2014-11-21 21:53 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll 2014-11-21 21:53 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2014-11-21 21:53 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2014-11-21 21:53 - 2014-06-25 03:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll 2014-11-21 21:53 - 2014-06-25 02:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2014-11-21 20:17 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2014-11-21 20:17 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll 2014-11-21 20:14 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-11-21 20:14 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll 2014-11-21 20:14 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe 2014-11-21 20:14 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-11-21 20:14 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe 2014-11-21 20:14 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll 2014-11-21 19:30 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-11-21 19:30 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll 2014-11-21 19:30 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-11-21 19:30 - 2014-08-23 03:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-11-21 19:30 - 2014-08-23 02:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-11-21 19:30 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe 2014-11-21 19:30 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2014-11-21 19:30 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll 2014-11-21 19:27 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll 2014-11-21 19:27 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2014-11-21 19:27 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2014-11-21 19:25 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll 2014-11-21 19:25 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll 2014-11-21 19:25 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll 2014-11-21 19:25 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll 2014-11-21 19:23 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll 2014-11-21 19:23 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll 2014-11-20 16:22 - 2014-11-20 16:22 - 00001024 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk 2014-11-20 16:22 - 2014-11-20 16:22 - 00000000 ____D () C:\Program Files\Tracker Software 2014-11-20 16:10 - 2014-11-20 16:20 - 17072512 _____ () C:\Users\Stephan\Downloads\PDFXVwer2.5.311.zip 2014-11-20 16:00 - 2014-11-20 16:00 - 00000000 ____D () C:\Windows\ERUNT 2014-11-20 15:39 - 2014-11-23 15:24 - 00000000 ____D () C:\AdwCleaner 2014-11-20 15:04 - 2014-11-20 15:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-11-20 14:59 - 2014-11-20 14:59 - 00000000 ____D () C:\Program Files (x86)\mbar 2014-11-20 14:40 - 2014-11-25 17:52 - 00000000 ____D () C:\FRST 2014-11-19 16:32 - 2014-11-19 16:32 - 00027667 _____ () C:\Users\Pierre\Desktop\hs_err_pid3824.log 2014-11-18 18:07 - 2014-11-18 18:07 - 00030431 _____ () C:\Users\Pierre\Desktop\hs_err_pid4084.log 2014-11-18 14:21 - 2014-11-18 14:25 - 00001143 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-11-17 14:33 - 2014-11-17 14:33 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Lavasoft 2014-11-12 06:35 - 2014-11-25 16:01 - 00002311 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\LavasoftStatistics 2014-11-12 06:35 - 2014-11-12 06:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft 2014-11-12 06:21 - 2014-11-12 06:21 - 00000000 ____D () C:\Program Files\Lavasoft 2014-11-12 02:07 - 2014-11-12 02:07 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\Lavasoft 2014-11-12 02:06 - 2014-11-12 02:06 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft 2014-11-12 01:59 - 2014-11-12 01:59 - 01754248 _____ () C:\Users\Stephan\Downloads\Adaware_Installer.exe 2014-11-12 00:11 - 2014-11-12 00:11 - 00000000 ____D () C:\Program Files (x86)\Lavasoft 2014-11-10 15:03 - 2014-11-10 15:03 - 00029136 _____ () C:\Users\Pierre\Desktop\hs_err_pid2168.log 2014-11-10 14:47 - 2014-11-10 14:54 - 04884687 _____ () C:\Users\Pierre\Desktop\FTB_cracked_1.4.3.jar 2014-10-28 12:05 - 2014-10-28 12:05 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\NVIDIA 2014-10-28 11:27 - 2014-10-28 11:28 - 02295368 _____ () C:\Users\Pierre\Desktop\Technic Launcher.exe 2014-10-28 10:50 - 2014-10-28 10:50 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Macromedia 2014-10-26 20:01 - 2014-10-26 20:01 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Macromedia 2014-10-26 18:14 - 2014-10-26 18:14 - 00001169 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00001157 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\ProgramData\Mozilla 2014-10-26 18:14 - 2014-10-26 18:14 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-10-26 18:00 - 2014-10-26 18:00 - 00244032 _____ () C:\Users\Stephan\Downloads\Firefox Setup Stub 33.0.exe 2014-10-26 17:55 - 2014-10-26 17:55 - 00000000 ____D () C:\ProgramData\Oracle 2014-10-26 17:09 - 2014-10-26 17:43 - 92658088 _____ (Oracle Corporation) C:\Users\Stephan\Downloads\jre-8u25-windows-x64.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-25 17:51 - 2012-01-05 04:03 - 00007601 _____ () C:\Users\Stephan\AppData\Local\Resmon.ResmonCfg 2014-11-25 16:10 - 2010-03-13 19:15 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\TS3Client 2014-11-25 16:10 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-25 16:10 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-25 16:04 - 2014-10-11 15:42 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-11-25 16:03 - 2012-09-12 18:47 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics 2014-11-25 16:01 - 2012-01-04 18:00 - 00000000 ____D () C:\ProgramData\Kodak 2014-11-25 16:00 - 2012-03-08 13:02 - 00158637 _____ () C:\Windows\setupact.log 2014-11-25 16:00 - 2010-02-24 19:43 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-11-25 16:00 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-25 12:03 - 2010-02-24 19:43 - 01095182 _____ () C:\Windows\WindowsUpdate.log 2014-11-25 10:00 - 2013-11-17 10:37 - 00096762 _____ () C:\Windows\PFRO.log 2014-11-23 14:36 - 2014-10-11 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-11-23 14:36 - 2014-10-11 15:42 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-11-23 14:36 - 2012-03-07 18:37 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-11-22 03:03 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-11-21 23:06 - 2009-07-14 18:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat 2014-11-21 23:06 - 2009-07-14 18:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat 2014-11-21 23:06 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-11-21 22:52 - 2014-06-18 02:58 - 00000000 ___SD () C:\Windows\system32\CompatTel 2014-11-21 22:51 - 2009-07-14 19:18 - 00000000 ____D () C:\Program Files\Windows Journal 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism 2014-11-21 22:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism 2014-11-21 21:43 - 2009-07-14 05:45 - 04997600 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-11-21 20:24 - 2014-06-17 23:18 - 01594028 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-11-21 20:23 - 2014-06-17 23:27 - 00000000 ____D () C:\Windows\system32\MRT 2014-11-21 18:46 - 2010-02-24 19:45 - 00000000 ____D () C:\Users\Stephan 2014-11-20 16:12 - 2010-04-13 21:40 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Adobe 2014-11-20 16:12 - 2009-12-09 10:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-11-20 15:49 - 2011-05-08 14:52 - 00000000 ____D () C:\ProgramData\ICQ 2014-11-18 23:52 - 2012-11-18 01:46 - 00000000 ____D () C:\Users\Stephan\AppData\Roaming\vlc 2014-11-18 14:25 - 2014-06-18 02:19 - 00000000 ____D () C:\ProgramData\Package Cache 2014-11-18 14:25 - 2013-11-17 10:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-11-18 14:25 - 2013-11-17 10:39 - 00000000 ____D () C:\Program Files (x86)\Avira 2014-11-18 14:21 - 2013-11-17 10:39 - 00000000 ____D () C:\ProgramData\Avira 2014-11-16 01:22 - 2013-03-24 20:05 - 00000000 ____D () C:\Users\Stephan\Desktop\bilder und vids 2014-11-16 01:22 - 2010-02-24 20:10 - 00000000 ____D () C:\Users\Stephan\Desktop\Bääm 2014-11-16 01:05 - 2014-10-10 00:51 - 00000000 ____D () C:\Users\Stephan\Desktop\Vids 2014-11-15 22:51 - 2010-05-08 22:08 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-11-15 12:32 - 2014-06-07 17:18 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\Skype 2014-11-14 19:49 - 2010-03-10 18:30 - 00473088 ___SH () C:\Users\Stephan\Thumbs.db 2014-11-14 19:07 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-11-13 22:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF 2014-11-12 06:03 - 2011-02-26 01:05 - 00000000 ____D () C:\ProgramData\Lavasoft 2014-11-12 02:10 - 2012-02-05 14:24 - 00003626 _____ () C:\Windows\System32\Tasks\Ad-Aware Update (Weekly) 2014-11-12 01:48 - 2011-04-23 00:39 - 00000064 _____ () C:\Windows\SysWOW64\rp_stats.dat 2014-11-12 01:48 - 2011-04-23 00:39 - 00000044 _____ () C:\Windows\SysWOW64\rp_rules.dat 2014-11-10 16:10 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Local\ftblauncher 2014-11-10 14:54 - 2014-09-07 16:54 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\ftblauncher 2014-11-07 13:04 - 2012-01-27 13:45 - 00053248 ___SH () C:\Users\Stephan\Documents\Thumbs.db 2014-11-04 14:30 - 2010-02-24 23:40 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-10-31 23:26 - 2010-02-25 17:52 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-10-28 11:30 - 2014-08-08 11:32 - 00000000 ____D () C:\Users\Pierre\AppData\Roaming\.technic 2014-10-28 10:48 - 2013-02-16 18:29 - 00000000 ____D () C:\Users\Pierre\AppData\Local\Mozilla 2014-10-26 18:28 - 2010-02-25 17:39 - 00000000 ____D () C:\Users\Stephan\AppData\Local\Mozilla 2014-10-26 18:14 - 2010-02-25 17:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-10-26 17:58 - 2011-10-18 10:21 - 00000000 ____D () C:\Program Files\Java 2014-10-26 17:56 - 2014-06-11 00:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2014-10-26 17:55 - 2014-06-11 00:41 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll 2014-10-26 17:55 - 2011-10-18 10:21 - 00320936 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00191400 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2014-10-26 17:55 - 2011-10-18 10:21 - 00190888 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2014-10-26 15:23 - 2012-10-22 01:30 - 00000397 _____ () C:\Users\Stephan\Desktop\linkas.txt Some content of TEMP: ==================== C:\Users\Stephan\AppData\Local\Temp\avgnt.exe C:\Users\Stephan\AppData\Local\Temp\Quarantine.exe C:\Users\Stephan\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-11-16 16:47 ==================== End Of Log ============================ Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-11-2014 Ran by Stephan at 2014-11-25 17:53:32 Running from C:\Users\Stephan\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Desktop (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996} AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B} AS: Avira Desktop (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 2007 Microsoft Office system (HKLM-x32\...\PROHYBRIDR) (Version: 12.0.6612.1000 - Microsoft Corporation) Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft) AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated) Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated) Adobe Creative Suite 5 Master Collection (HKLM-x32\...\{1BBD8D70-721A-41AD-AC8F-7308A0C8FA92}) (Version: 5.0 - Adobe Systems Incorporated) Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.0.6 - Adobe Systems Incorporated) Adobe Flash Player 10 ActiveX (HKLM-x32\...\{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}) (Version: 10.1.52.14 - Adobe Systems, Inc.) Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.117 - Adobe Systems Incorporated) Adobe InDesign CS5.5 (HKLM-x32\...\{857CC5F0-040E-1016-A173-D55ADD80C260}) (Version: 7.5 - Adobe Systems Incorporated) aioscnnr (x32 Version: 7.3.4.0 - Your Company Name) Hidden AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden Apple Application Support (HKLM-x32\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E5C95CA5-4565-4B9D-97ED-05088D775614}) (Version: 3.3.1.3 - Apple Inc.) Apple Software Update (HKLM-x32\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.) AutoClickExtreme 6.18.01 (HKLM-x32\...\{9119A44D-E936-4BD3-B973-26152118876F}_is1) (Version: - AutoClicker Lab) Avira (HKLM-x32\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Avira (x32 Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira) AVM FRITZ!WLAN (HKLM-x32\...\AVMWLANCLI) (Version: - AVM Berlin) Awesomenauts (HKLM-x32\...\Steam App 204300) (Version: - Ronimo Games) C4USelfUpdater (x32 Version: 1.00.0000 - Your Company Name) Hidden CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform) Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve) Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve) Duel of Champions (HKLM-x32\...\MMDoC-PDCLive) (Version: - Ubisoft) Dungeon Defenders (HKLM-x32\...\Steam App 65800) (Version: - ) Dungeon Defenders Eternity (HKLM-x32\...\Steam App 302270) (Version: - Nom Nom Games) essentials (x32 Version: 6.0.14.0 - Eastman Kodak Company) Hidden Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger) Free Audio CD Burner version 1.4 (HKLM-x32\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.) Free Download Manager 3.9.4 (HKLM-x32\...\Free Download Manager_is1) (Version: - FreeDownloadManager.ORG) Free YouTube to MP3 Converter version 3.8 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: - DVDVideoSoft Limited.) Grand Theft Auto San Andreas (HKLM-x32\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games) Graph 4.3 (HKLM-x32\...\Graph_is1) (Version: - Ivan Johansen) HUAWEI DataCard Driver 4.05.00.00 (HKLM-x32\...\HUAWEI DataCard Driver) (Version: 4.05.00.00 - Huawei technologies Co., Ltd.) ICQ7.5 (HKLM-x32\...\{7578ADEA-D65F-4C89-A249-B1C88B6FFC20}) (Version: 7.5 - ICQ) iTunes (HKLM\...\{77B8B4A5-EE79-4907-A318-2DA86325B8D7}) (Version: 10.1.2.17 - Apple Inc.) Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle) Java 8 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418025F0}) (Version: 8.0.250 - Oracle Corporation) Kodak AIO Printer (Version: 7.3.4.0 - Eastman Kodak Company) Hidden KODAK All-in-One Software (HKLM-x32\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.3.8.20 - Eastman Kodak Company) Little Fighter 2 version 2.0a (HKLM-x32\...\Little Fighter 2) (Version: version 2.0a - ) LogMeIn Hamachi (HKLM-x32\...\LogMeIn Hamachi) (Version: 2.1.0.362 - LogMeIn, Inc.) LogMeIn Hamachi (x32 Version: 2.1.0.362 - LogMeIn, Inc.) Hidden Malwarebytes Anti-Malware Version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation) Microsoft IntelliPoint 8.2 (HKLM\...\Microsoft IntelliPoint 8.2) (Version: 8.20.468.0 - Microsoft Corporation) Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft) Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation) Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{3bcf8c72-b231-4d28-9f39-3405c22d8b5a}) (Version: 11.0.61030.0 - Microsoft Corporation) Mobile Broadband Generic Drivers (HKLM-x32\...\Mobile Broadband Generic Drivers) (Version: 2.03.10.002.25 - Novatel Wireless) Mobile Broadband Generic Drivers (x32 Version: 2.03.10.002.25 - Novatel Wireless) Hidden Mobile Connection Manager (HKLM-x32\...\o2DE) (Version: - Mobile Connection Manager) Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.0 - Mozilla) MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) Nero BurnLite 10 (HKLM-x32\...\{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}) (Version: 10.0.10600 - Nero AG) Nero BurnLite 10 (HKLM-x32\...\{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}) (Version: 10.0.10500.5.100 - Nero AG) Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG) NVIDIA 3D Vision Controller-Treiber 295.73 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 295.73 - NVIDIA Corporation) NVIDIA 3D Vision Treiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 331.65 - NVIDIA Corporation) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation) NVIDIA Grafiktreiber 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.12.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.12.0 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.12.0209 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0209 - NVIDIA Corporation) NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation) OpenOffice.org 3.3 (HKLM-x32\...\{4286716B-1287-48E7-9078-3DC8248DBA96}) (Version: 3.3.9567 - OpenOffice.org) PartyPoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming) Path of Exile (HKLM-x32\...\{90A4562F-D4A1-4B65-906D-41F236CF6902}) (Version: 1.0.4.30523 - Grinding Gear Games) PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd) PerfectSphere (HKU\S-1-5-21-2345911831-2396610291-3317746240-1000\...\ce2965ae71956536) (Version: 1.0.0.0 - Cameron MacFarland) PokerStars.eu (HKLM-x32\...\PokerStars.eu) (Version: - PokerStars.eu) PreReq (x32 Version: 6.2.3.0 - Eastman Kodak Company) Hidden PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5911 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.50 - Piriform) SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - ) Samsung Mobile Modem Device Software (HKLM\...\Samsung Mobile Modem Device) (Version: - ) SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - ) Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - ) SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - ) SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - ) SAMSUNG USB Mobile Device Software (HKLM\...\SAMSUNG USB Mobile Device) (Version: - ) Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.6.8442 - Skype Technologies S.A.) Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.) Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated) Spyrix Free Keylogger 3.1 (HKLM-x32\...\Spyrix Free Keylogger_is1) (Version: 3.1 - Spyrix Security Inc.) StarCraft II (HKLM-x32\...\StarCraft II) (Version: 1.5.4.24540 - Blizzard Entertainment) Steam(TM) (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve) SystemDiagnostics (HKLM-x32\...\{EF59DB7F-7426-426E-B862-7031F83ED304}) (Version: 2.04.0006 - Fujitsu Technology Solutions) TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.12 - TeamSpeak Systems GmbH) TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.16642 - TeamViewer) Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft) Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft) Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft) Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft) Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft) Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM-x32\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation) VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN) Web Diashow (HKLM-x32\...\Web Diashow_is1) (Version: 3.3.1 - Benjamin Mussler) Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation) WinRAR (HKLM\...\WinRAR archiver) (Version: - ) World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 3.3.5.12340 - Blizzard Entertainment) XMedia Recode Version 3.1.7.6 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.6 - XMedia Recode) XSManager (HKLM-x32\...\XSManager) (Version: 3.0 - XSManager) ZTE USB Driver (HKLM\...\ZTE USB Driver) (Version: 1.0.1.27_TME - ZTE Corporation) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) ==================== Restore Points ========================= 12-11-2014 03:53:34 Windows Update 12-11-2014 05:07:18 AA11 20-11-2014 00:33:23 Geplanter Prüfpunkt 20-11-2014 03:19:13 Windows Update 20-11-2014 15:11:14 Removed Adobe Reader 9.4.6 - Deutsch. 21-11-2014 19:13:30 Windows Update 21-11-2014 20:58:48 Windows Update ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-10-13 21:50 - 2014-10-13 21:50 - 00000883 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {1348D5A7-67E3-4B92-A59F-0D0D10F36305} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMLMJJIMMJPMNJNJKJCNMMHMJJKMCNLMPMNMMJCNNJNMKMIMCNKJJJOJHMOMOJIMPMLMNJIMKMJNJICMIMCNJMCNIMFMHMCNPMCNIMJMPMOMFMJMCNOMCNIMJMPMOMCNNMJNPICMPMFMFMPMJNHICMEKMICNJJCKJNBJCMMKLIKJPIHJOJBJJNKJCMJNNICMJNDJCMLJKJ" Task: {27B719FE-74F2-498D-B9C0-E780E02C1D03} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: {651523B9-6BDB-4B16-9836-1A3DEC451465} - System32\Tasks\{BBE7AB4E-0E96-4516-87E0-D6D8101FBE64} => Firefox.exe hxxp://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsMain Task: {7565D10A-B342-493F-AF37-3A4D7C57E3A1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => C:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-08-01] (Microsoft Corporation) Task: {7651A606-39CC-4BBE-B5B4-E34F0F096A3F} - System32\Tasks\AdobeAAMUpdater-1.0-PC-Stephan-Stephan => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15] (Adobe Systems Incorporated) Task: {7D3DCC93-C8F2-4BB2-97C1-7A6D1DFCD95E} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe Task: {8C112D12-64A7-498A-8F31-45E0CD584F90} - System32\Tasks\{7F7CFC0B-E05B-44EB-B19F-1BE3AA0F21B1} => C:\Users\Stephan\Desktop\emu+\pkemu.exe Task: {AF8A11A5-096B-4BB6-995C-8BD659D8458A} - System32\Tasks\{552E358A-49F6-46FB-94F5-0148018FC212} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2014-07-02] (Skype Technologies S.A.) Task: {FE77A3AF-5E77-4435-8B4F-EA69F49526E3} - System32\Tasks\{70F7B80D-8FD2-4CD7-B801-50F9C9E6FA21} => C:\Users\Stephan\Desktop\emu+\pkemu.exe ==================== Loaded Modules (whitelisted) ============= 2012-03-08 13:04 - 2013-10-23 09:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll 2010-04-24 12:38 - 2010-03-15 10:28 - 00166400 _____ () C:\Program Files\WinRAR\rarext.dll 2013-01-04 16:32 - 2013-04-26 15:19 - 01766912 _____ () D:\Keylogger\Spyrix Free Keylogger\spkl.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe 2014-10-15 14:03 - 2014-10-15 14:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll 2014-10-15 14:03 - 2014-10-15 14:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll 2013-12-22 17:09 - 2014-11-22 23:54 - 10067744 _____ () D:\Path of Exile\PathOfExile.exe 2013-01-04 16:32 - 2012-09-03 10:34 - 00175616 _____ () D:\Keylogger\Spyrix Free Keylogger\vtm.dll 2009-10-13 14:41 - 2011-05-26 18:42 - 00025600 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\_old_qgif4.dll 2009-10-13 14:41 - 2011-05-26 18:42 - 00195584 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\imageformats\_old_qjpeg4.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00230376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00237032 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll 2011-05-26 18:42 - 2013-09-14 15:07 - 00159208 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\appscanner_plugin.dll 2010-09-09 16:47 - 2013-09-14 15:07 - 00431080 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll 2013-09-14 15:07 - 2013-09-14 15:07 - 00555496 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll 2014-01-09 06:39 - 2014-01-09 06:39 - 00089600 _____ () D:\Path of Exile\vorbisfile.dll 2014-01-09 13:05 - 2014-01-09 13:05 - 00050688 _____ () D:\Path of Exile\ogg.dll 2014-01-09 05:22 - 2014-01-09 05:23 - 01237504 _____ () D:\Path of Exile\vorbis.dll 2014-10-26 18:14 - 2014-10-11 13:53 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: AVM WLAN Connection Service => 2 MSCONFIG\Services: Hamachi2Svc => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: NWHelper => 2 MSCONFIG\Services: SkypeUpdate => 2 MSCONFIG\Services: Steam Client Service => 3 MSCONFIG\Services: SwitchBoard => 3 MSCONFIG\Services: TeamViewer8 => 2 MSCONFIG\Services: TestHandler => 2 MSCONFIG\Services: TGCM_ImportWiFiSvc => 2 MSCONFIG\Services: WMPNetworkSvc => 2 MSCONFIG\Services: WTGService => 2 MSCONFIG\Services: XS Stick Service => 2 MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^LOLRecorder.lnk => C:\Windows\pss\LOLRecorder.lnk.CommonStartup MSCONFIG\startupfolder: C:^Users^Stephan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk => C:\Windows\pss\OpenOffice.org 3.3.lnk.Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" MSCONFIG\startupreg: AdobeCS5.5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: AdobeCS5ServiceManager => "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin MSCONFIG\startupreg: ApnUpdater => "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" MSCONFIG\startupreg: AVMWlanClient => C:\Program Files (x86)\avmwlanstick\wlangui.exe MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe MSCONFIG\startupreg: Facebook Update => "C:\Users\Stephan\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver MSCONFIG\startupreg: ICQ => "C:\Program Files (x86)\ICQ7.0\ICQ.exe" silent loginmode=4 MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: LogMeIn Hamachi Ui => "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background MSCONFIG\startupreg: Questler Bonusfinder => C:\Users\Stephan\Downloads\Bonusfinder2.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized MSCONFIG\startupreg: starter4g => C:\Windows\starter4g.exe MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe ========================= Accounts: ========================== Administrator (S-1-5-21-2345911831-2396610291-3317746240-500 - Administrator - Disabled) Gast (S-1-5-21-2345911831-2396610291-3317746240-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-2345911831-2396610291-3317746240-1006 - Limited - Enabled) Pierre (S-1-5-21-2345911831-2396610291-3317746240-1008 - Limited - Enabled) => C:\Users\Pierre Stephan (S-1-5-21-2345911831-2396610291-3317746240-1000 - Administrator - Enabled) => C:\Users\Stephan UpdatusUser (S-1-5-21-2345911831-2396610291-3317746240-1007 - Limited - Enabled) => C:\Users\UpdatusUser ==================== Faulty Device Manager Devices ============= Name: Hamachi Network Interface Description: Hamachi Network Interface Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: LogMeIn, Inc. Service: hamachi Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/24/2014 02:15:16 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:15:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:15:14 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:14:20 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:14:17 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:14:16 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:14:13 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. Error: (11/24/2014 02:14:08 PM) (Source: SideBySide) (EventID: 80) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest. System errors: ============= Error: (11/25/2014 05:03:06 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Ad-Aware Service 11" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert. Error: (11/25/2014 04:01:33 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht. Error: (11/24/2014 02:18:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (11/24/2014 02:18:12 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/24/2014 02:17:59 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 4 Mal passiert. Error: (11/24/2014 02:17:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Service Host" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/24/2014 02:17:59 PM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%0 Error: (11/24/2014 02:17:56 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Browser-Schutz" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (11/24/2014 02:17:54 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 3 Mal passiert. Error: (11/24/2014 02:17:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 2 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2011-01-12 23:41:43.136 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:41:43.116 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. Date: 2011-01-12 23:31:44.885 Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\System32\drivers\vrtaucbl.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert. ==================== Memory info =========================== Processor: Intel(R) Core(TM)2 Quad CPU Q8300 @ 2.50GHz Percentage of memory in use: 73% Total physical RAM: 4094.42 MB Available physical RAM: 1074.81 MB Total Pagefile: 8187.02 MB Available Pagefile: 4322.82 MB Total Virtual: 8192 MB Available Virtual: 8191.83 MB ==================== Drives ================================ Drive c: (System) (Fixed) (Total:200 GB) (Free:50.2 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Datenträger) (Fixed) (Total:931.51 GB) (Free:821.29 GB) NTFS Drive e: (Data) (Fixed) (Total:729.5 GB) (Free:440.96 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 241C6624) Partition 1: (Active) - (Size=2 GB) - (Type=27) Partition 2: (Not Active) - (Size=200 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=729.5 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 881A16BB) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
26.11.2014, 20:50 | #10 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [kbdsprt] => [X] FF NetworkProxy: "backup.ftp", "217.216.162.213" FF NetworkProxy: "backup.ftp_port", 19317 FF NetworkProxy: "backup.socks", "217.216.162.213" FF NetworkProxy: "backup.socks_port", 19317 FF NetworkProxy: "backup.ssl", "217.216.162.213" FF NetworkProxy: "backup.ssl_port", 19317 FF NetworkProxy: "ftp", "62.243.224.180" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "62.243.224.180" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.243.224.180" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "ssl", "62.243.224.180" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Ladefehler in allen Browsern?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
26.11.2014, 23:34 | #11 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Fixlist: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01 Ran by Stephan at 2014-11-26 23:25:39 Run:1 Running from C:\Users\Stephan\Desktop Loaded Profiles: Stephan & UpdatusUser (Available profiles: Stephan & UpdatusUser & Pierre) Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [kbdsprt] => [X] FF NetworkProxy: "backup.ftp", "217.216.162.213" FF NetworkProxy: "backup.ftp_port", 19317 FF NetworkProxy: "backup.socks", "217.216.162.213" FF NetworkProxy: "backup.socks_port", 19317 FF NetworkProxy: "backup.ssl", "217.216.162.213" FF NetworkProxy: "backup.ssl_port", 19317 FF NetworkProxy: "ftp", "62.243.224.180" FF NetworkProxy: "ftp_port", 1080 FF NetworkProxy: "http", "62.243.224.180" FF NetworkProxy: "http_port", 1080 FF NetworkProxy: "share_proxy_settings", true FF NetworkProxy: "socks", "62.243.224.180" FF NetworkProxy: "socks_port", 1080 FF NetworkProxy: "ssl", "62.243.224.180" FF NetworkProxy: "ssl_port", 1080 FF NetworkProxy: "type", 0 ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully. HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\kbdsprt => value deleted successfully. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. Firefox Proxy settings were reset. ==== End of Fixlog ==== Habe es mit dem Internetexplorer eben getestet, Objekte werden auch nicht anständig geladen, nen Seitenladefehler hatte ich noch nicht aber ich nutze diesen Browser auch kaum. Werde es morgen nochmal testen ob es sich in Firefox gebessert hat und werde nochmal alle Updates wie Java usw. durchchecken, aber das alles erst morgen, ist mir nun zu spät |
27.11.2014, 19:46 | #12 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
27.11.2014, 21:20 | #13 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Also Java ist auf den neusten Stand, Adobe Flash Player wurde geupdated, Probleme in Firefox bestehen weiterhin, das einzige was mir noch einfällt wäre der nicht aktuelle Internetexplorer (welcher ja nicht genutzt wird) und ein DNS- Server Problem. Ansonsten wäre ich zumindest mit meinem Latein am Ende |
28.11.2014, 18:17 | #14 |
/// the machine /// TB-Ausbilder | Internet: Seitenladefehler und Objekte werden nicht komplett geladen Schalte mal die Hardwarebeschleunigung ab in FF.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
29.11.2014, 01:32 | #15 |
| Internet: Seitenladefehler und Objekte werden nicht komplett geladen Objekte werden immer noch nicht richtig geladen |
Themen zu Internet: Seitenladefehler und Objekte werden nicht komplett geladen |
anleitung, antivirus, avira, aware, bestimmte, cpu, erkannt, folge, funktionieren, funktioniert, home, internet, lösung, mozilla, nicht geladen, nicht mehr, problem, scan, seite, seiten, seitenladefehler, viren, virus, windows, windows 7 |