| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MyStartSearch eingefangen und entfernen versuchtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.01.2015, 21:28
| #1 |
 |  MyStartSearch eingefangen und entfernen versucht MyStartSearch hatte sich sowohl im IE als auch im FIREFOX eingenistet. Leider war ich so blöd  und vertrauter der Google-Suche und nicht einem Forum, d.h. ich installierte zuerst SpyHunter4, um später festzustellen, dass das eine ganz üble Abzocke der Fa. ENIGMA wird, wollte ich über SpyHunter4 die Malware loswerden. Ich kaufte SpyHunter4 nicht und hoffe jetzt auf problemlose Deinstallation  Die weitere Google-Suche brachte mich zu AdwCleaner 4.107, der offenbar einen Teil der Installationen bereinigt hat. Zumindest tauchen die nervigen PopUp-Fenster im FIREFOX nicht mehr auf. Allerdings bekomme ich jetzt die Einstellung der Startseite im FIREFOX nicht korrigiert. Egal, was ich mache, beim nächsten Start ist immer folgende Adresse geöffnet "hxxp:///?type=hppp". Was muss ich jetzt machen? |
|
14.01.2015, 21:30
| #2 |
| /// the machine /// TB-Ausbilder    | MyStartSearch eingefangen und entfernen versucht hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
14.01.2015, 21:44
| #3 |
| | MyStartSearch eingefangen und entfernen versucht Hallo schrauber,
__________________danke für Deine prompte Antwort. FRST 64-Bit wurde gestartet, lief anfangs flott. Wie lange darf so ein Scan dauern? Steht zur Zeit bei "Listing Installed Programs..." PC-Neustart ermöglichte jetzt zumindest: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-01-2015 01
Ran by User (administrator) on USER-PC on 14-01-2015 21:58:40
Running from K:\Eigene Dokumente_neu\PC
Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Mozilla Corporation) K:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [976784 2009-12-15] (The Eraser Project)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [] => [X]
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\MountPoints2: {98d93448-d758-11e3-bce1-806e6f6e6963} - D:\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> {E9DC17BB-BAF4-4594-A618-EB86680E980D} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default
FF SelectedSearchEngine:
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\searchplugins\google-maps.xml
FF Extension: CHIP Best Deal - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\ciuvo-extension@chip.de [2014-12-25]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\donottrackplus@abine.com [2014-11-22]
FF Extension: Switch Private Browsing - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\manolo.estevez@gmail.com.xpi [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-26]
FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [{76D412EB-FEB4-A7C2-9ECC-AF02F0768665}] - C:\Program Files (x86)\ver5BlockAndSurf\186.xpi
FF StartMenuInternet: FIREFOX.EXE - firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-19] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-05-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-05-19] (Kaspersky Lab ZAO)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 21:33 - 2015-01-14 21:58 - 00000000 ____D () C:\FRST
2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:19 - 2015-01-14 21:53 - 00000168 _____ () C:\Windows\setupact.log
2015-01-14 16:19 - 2015-01-14 16:19 - 00000354 _____ () C:\Windows\PFRO.log
2015-01-14 16:19 - 2015-01-14 16:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-13 20:05 - 2015-01-13 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 20:00 - 2015-01-14 21:57 - 00329767 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 21:37 - 2015-01-12 21:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 _____ () C:\autoexec.bat
2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\Users\User\.android
2015-01-11 20:31 - 2015-01-11 22:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\MyPhoneExplorer
2015-01-11 20:29 - 2015-01-12 09:43 - 00001952 _____ () C:\Windows\patsearch.bin
2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\User\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files
2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\4.0
2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\.tfo4
2015-01-11 16:19 - 2015-01-11 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-12-26 09:32 - 2014-12-26 09:32 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 19:04 - 2014-06-16 07:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-12-25 19:04 - 2014-06-16 07:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-12-25 15:57 - 2014-12-25 15:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-25 07:11 - 2014-12-25 07:11 - 00000000 ____D () C:\Users\User\AppData\Local\Tools&More
2014-12-25 07:10 - 2014-12-25 07:10 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-25 07:09 - 2014-12-25 07:09 - 00003406 _____ () C:\Windows\System32\Tasks\chipSWU
2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files (x86)\chip
2014-12-25 07:09 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-12-25 07:09 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-12-23 09:26 - 2014-12-23 09:26 - 00000782 _____ () C:\Users\User\Desktop\Eigene Dokumente_neu - Verknüpfung.lnk
2014-12-21 14:39 - 2014-12-21 14:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-18 15:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 15:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 21:31 - 2015-01-12 19:23 - 00000000 ____D () C:\Users\User\Documents\ezTour_Workspace
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 21:55 - 2014-05-19 19:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-14 21:53 - 2014-07-16 16:57 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-01-14 21:53 - 2014-05-25 06:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-14 21:53 - 2014-05-16 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-14 21:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-14 21:38 - 2014-05-25 06:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-14 21:25 - 2014-05-16 17:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-14 20:43 - 2014-05-19 15:53 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE4AD280-21FC-437E-A115-9B066A00F009}
2015-01-14 19:04 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Samsung
2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-14 19:04 - 2014-05-09 11:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 18:54 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-14 18:54 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-14 16:47 - 2014-05-19 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:41 - 2014-05-19 17:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:25 - 2014-05-16 17:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:25 - 2014-05-16 17:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:25 - 2014-05-16 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 20:41 - 2014-05-25 06:17 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-13 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-13 20:02 - 2014-05-09 10:09 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-13 12:23 - 2009-07-14 06:08 - 00001638 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 19:46 - 2014-07-16 16:55 - 00000000 ____D () C:\Program Files (x86)\Samsung_MyFree Codec
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 21:10 - 2014-05-25 19:15 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-26 21:10 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-26 10:41 - 2014-06-12 19:26 - 00000000 ___RD () C:\Users\User\Desktop\Aufräumen
2014-12-25 19:30 - 2014-07-16 18:48 - 00000000 ____D () C:\Users\User\Documents\SelfMV
2014-12-23 13:31 - 2014-05-20 16:32 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird
2014-12-23 12:43 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 12:43 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 12:43 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-22 15:30 - 2014-05-19 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-20 21:00 - 2014-08-27 13:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 18:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 21:39 - 2014-05-25 20:09 - 00001127 _____ () C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\NEventMessages.dll
C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 00:21
==================== End Of Log ============================
Geändert von MARTFROH (14.01.2015 um 22:08 Uhr) |
|
15.01.2015, 07:09
| #4 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versucht FRST löschen udn neu laden, nochmal laufen lassen, setz aber nen Haken bei Addition.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
15.01.2015, 17:39
| #5 |
| | MyStartSearch eingefangen und entfernen versucht Hi schrauber, jetzt hats gefunzt. Danke fürs Erste FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015
Ran by User (administrator) on USER-PC on 15-01-2015 17:34:03
Running from K:\Eigene Dokumente_neu\PC
Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) K:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [976784 2009-12-15] (The Eraser Project)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [] => [X]
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\MountPoints2: {98d93448-d758-11e3-bce1-806e6f6e6963} - D:\Bin\ASSETUP.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> {E9DC17BB-BAF4-4594-A618-EB86680E980D} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll ()
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll ()
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default
FF SelectedSearchEngine:
FF Homepage: ?type=hppp
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\searchplugins\google-maps.xml
FF Extension: CHIP Best Deal - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\ciuvo-extension@chip.de [2014-12-25]
FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\donottrackplus@abine.com [2014-11-22]
FF Extension: Switch Private Browsing - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\manolo.estevez@gmail.com.xpi [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-19]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-26]
FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [{76D412EB-FEB4-A7C2-9ECC-AF02F0768665}] - C:\Program Files (x86)\ver5BlockAndSurf\186.xpi
FF StartMenuInternet: FIREFOX.EXE - K:\Program Files (x86)\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices)
R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-19] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-05-19] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-05-19] (Kaspersky Lab ZAO)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] ()
R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation)
R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation)
S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X]
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MSICDSetup; \??\D:\CDriver64.sys [X]
S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-14 21:33 - 2015-01-15 17:34 - 00000000 ____D () C:\FRST
2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 16:19 - 2015-01-15 12:36 - 00000280 _____ () C:\Windows\setupact.log
2015-01-14 16:19 - 2015-01-14 16:19 - 00000354 _____ () C:\Windows\PFRO.log
2015-01-14 16:19 - 2015-01-14 16:19 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-13 20:05 - 2015-01-13 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-13 20:00 - 2015-01-15 17:14 - 00371771 _____ () C:\Windows\WindowsUpdate.log
2015-01-12 21:37 - 2015-01-12 21:38 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Desktop\mbam-setup-2.0.4.1028.exe
2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 _____ () C:\autoexec.bat
2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf
2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\Users\User\.android
2015-01-11 20:31 - 2015-01-11 22:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\MyPhoneExplorer
2015-01-11 20:29 - 2015-01-12 09:43 - 00001952 _____ () C:\Windows\patsearch.bin
2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\User\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files
2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\4.0
2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\.tfo4
2015-01-11 16:19 - 2015-01-11 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen
2014-12-26 09:32 - 2014-12-26 09:32 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2014-12-25 19:04 - 2014-06-16 07:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-12-25 19:04 - 2014-06-16 07:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll
2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-12-25 15:57 - 2014-12-25 15:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Program Files\VideoLAN
2014-12-25 07:11 - 2014-12-25 07:11 - 00000000 ____D () C:\Users\User\AppData\Local\Tools&More
2014-12-25 07:10 - 2014-12-25 07:10 - 00000000 ____D () C:\Windows\Downloaded Installations
2014-12-25 07:09 - 2014-12-25 07:09 - 00003406 _____ () C:\Windows\System32\Tasks\chipSWU
2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files (x86)\chip
2014-12-25 07:09 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll
2014-12-25 07:09 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll
2014-12-23 09:26 - 2014-12-23 09:26 - 00000782 _____ () C:\Users\User\Desktop\Eigene Dokumente_neu - Verknüpfung.lnk
2014-12-21 14:39 - 2014-12-21 14:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-12-18 15:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 15:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-16 21:31 - 2015-01-12 19:23 - 00000000 ____D () C:\Users\User\Documents\ezTour_Workspace
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 17:25 - 2014-05-16 17:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-15 17:15 - 2014-05-19 19:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-15 16:38 - 2014-05-25 06:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 12:46 - 2014-05-19 15:53 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE4AD280-21FC-437E-A115-9B066A00F009}
2015-01-15 12:44 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:44 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 12:36 - 2014-05-25 06:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 12:36 - 2014-05-16 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 12:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 06:02 - 2014-05-19 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-14 21:53 - 2014-07-16 16:57 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-01-14 19:04 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Samsung
2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\ProgramData\Samsung
2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-01-14 19:04 - 2014-05-09 11:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-14 16:47 - 2014-05-19 17:44 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 16:41 - 2014-05-19 17:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 21:25 - 2014-05-16 17:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-13 21:25 - 2014-05-16 17:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-13 21:25 - 2014-05-16 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-13 20:41 - 2014-05-25 06:17 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2015-01-13 20:41 - 2014-05-25 06:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-01-13 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache
2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-01-13 20:02 - 2014-05-09 10:09 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-13 12:23 - 2009-07-14 06:08 - 00002142 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 19:46 - 2014-07-16 16:55 - 00000000 ____D () C:\Program Files (x86)\Samsung_MyFree Codec
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-26 21:10 - 2014-05-25 19:15 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-26 21:10 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-26 10:41 - 2014-06-12 19:26 - 00000000 ___RD () C:\Users\User\Desktop\Aufräumen
2014-12-25 19:30 - 2014-07-16 18:48 - 00000000 ____D () C:\Users\User\Documents\SelfMV
2014-12-23 13:31 - 2014-05-20 16:32 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird
2014-12-23 12:43 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2014-12-23 12:43 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2014-12-23 12:43 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 21:00 - 2014-08-27 13:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-18 18:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-12-16 21:39 - 2014-05-25 20:09 - 00001127 _____ () C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\NEventMessages.dll
C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-14 00:21
==================== End Of Log ============================
################### undFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by User at 2015-01-15 17:34:34
Running from K:\Eigene Dokumente_neu\PC
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
C7200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Eraser 6.0.6.1376 (HKLM\...\{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}) (Version: 6.0.1376 - The Eraser Project)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HOLUX ezTour for Logger v2.5 (HKLM-x32\...\HOLUX ezTour for Logger_HOLUX_DL) (Version: v2.5 - iTravel Tech, Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.3.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.3.0 (x86 de)) (Version: 31.3.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{B7B3668D-B908-427D-AC7C-97CE65792A4E}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-12-2014 09:37:23 Windows Update
30-12-2014 11:09:27 Windows Update
06-01-2015 16:00:46 Windows Update
11-01-2015 16:29:53 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
11-01-2015 16:30:52 Installed Sun ODF Plugin for Microsoft Office 3.2
12-01-2015 12:22:47 Windows Update
13-01-2015 20:26:45 Removed Sun ODF Plugin for Microsoft Office 3.2
13-01-2015 21:27:46 Joe wird entfernt
14-01-2015 16:41:09 Windows Update
14-01-2015 19:02:51 Removed Samsung Kies
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3029ADC9-DC6C-4991-8229-D60AD22F71B9} - System32\Tasks\{E1CA2CA5-A3E5-4AAD-9D09-4242F4E6302A} => pcalua.exe -a K:\PC\Download\Eraser\EraserSetup32_586a.exe -d K:\PC\Download\Eraser
Task: {50B1FA30-45E1-4861-B3E3-1891D573B546} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {BA2BC49D-390A-45F3-841B-8FFCA8B63F2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C77ED7DD-27B1-426D-9C0B-1117B6AB04A1} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {D297BE23-CE59-4973-B91F-EF2FE8E5109E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D7106B3F-38AA-4ABB-9175-B2BE17D521F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {E5DAFD0B-94B6-4A67-99F2-60F094188C37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {FD3AB4AE-3FF3-47C5-B957-F12112EEDA38} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-16 17:04 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-08-02 07:20 - 2014-04-08 08:13 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2012-08-17 20:39 - 2014-05-19 20:14 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00098816 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32api.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00110080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pywintypes27.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00364544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pythoncom27.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00045568 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_socket.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01160704 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_ssl.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00320512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32com.shell.shell.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00713216 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_hashlib.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01175040 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._core_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00805888 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._gdi_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00811008 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._windows_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01062400 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._controls_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00735232 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._misc_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00557056 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pysqlite2._sqlite.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00128512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_elementtree.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00127488 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pyexpat.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00087552 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_ctypes.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00119808 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32file.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00108544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32security.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00007168 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\hashobjs_ext.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00167936 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32gui.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00018432 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32event.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00038912 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32inet.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32crypt.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00070656 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._html2.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00027136 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_multiprocessing.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00035840 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32process.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00686080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\unicodedata.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00122368 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._wizard.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00024064 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32pipe.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00025600 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32pdh.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00525640 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\windows._lib_cacheinvalidation.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00010240 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\select.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00017408 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32profile.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00022528 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32ts.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00078336 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._animate.pyd
2013-10-02 19:29 - 2013-10-02 19:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 19:30 - 2013-10-02 19:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 19:28 - 2013-10-02 19:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 19:28 - 2013-10-02 19:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 19:30 - 2013-10-02 19:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-08-02 07:20 - 2014-04-08 08:08 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2015-01-14 22:03 - 2015-01-14 22:03 - 03925104 _____ () K:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3072690271-1386923378-2905418684-500 - Administrator - Disabled)
Gast (S-1-5-21-3072690271-1386923378-2905418684-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3072690271-1386923378-2905418684-1002 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-3072690271-1386923378-2905418684-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: ASInsHelp
Description: ASInsHelp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ASInsHelp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/15/2015 00:38:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2015 06:04:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 09:54:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 08:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 08:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (01/14/2015 06:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 04:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 08:57:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (01/13/2015 08:24:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 08:04:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Spyhunter4.exe, Version 4.18.9.4384 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 7f8
Startzeit: 01d02f62af10a4c1
Endzeit: 11
Anwendungspfad: C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
Berichts-ID: 09d85362-9b57-11e4-99c7-448a5b85246f
System errors:
=============
Error: (01/15/2015 00:36:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/15/2015 06:03:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/14/2015 09:53:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/14/2015 09:50:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (01/14/2015 09:50:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (01/14/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/14/2015 06:46:29 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "hpqcxs08" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/14/2015 06:46:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/14/2015 04:19:55 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "HP CUE DeviceDiscovery Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/14/2015 04:19:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/15/2015 00:38:19 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/15/2015 06:04:37 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 09:54:36 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 08:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/14/2015 08:33:03 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files\CCleaner\CCleaner64.exe
Error: (01/14/2015 06:47:43 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/14/2015 04:21:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 08:57:16 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files\CCleaner\ccleaner.exe
Error: (01/13/2015 08:24:46 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2015 08:04:53 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Spyhunter4.exe4.18.9.43847f801d02f62af10a4c111C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe09d85362-9b57-11e4-99c7-448a5b85246f
CodeIntegrity Errors:
===================================
Date: 2015-01-06 19:24:46.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.815
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.813
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.389
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.387
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.386
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.319
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-29 19:22:30.833
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-29 19:22:30.832
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 280 Processor
Percentage of memory in use: 47%
Total physical RAM: 4095.18 MB
Available physical RAM: 2166.21 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5560.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:241.5 GB) (Free:195.6 GB) NTFS
Drive e: (System) (Fixed) (Total:97.65 GB) (Free:65.42 GB) NTFS
Drive f: (Datenträger 2) (Fixed) (Total:498.51 GB) (Free:434.52 GB) NTFS
Drive k: (Festplatte_neu) (Fixed) (Total:224.16 GB) (Free:100.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A265A265)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=498.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9E07D443)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=241.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
15.01.2015, 18:39
| #6 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versucht Downloade Dir bitte  Malwarebytes Anti-Malware
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> MyStartSearch eingefangen und entfernen versucht |
|
15.01.2015, 20:37
| #7 |
| | MyStartSearch eingefangen und entfernen versucht Hi! Das lief ja fast wie bei der WM. Wenn Du jetzt noch ein gutes Clearing feststellen kannst, hat es sogar Spass gemacht :-)) Danke ####################### Malwarebytes Anti-Malware Malwarebytes | Free Anti-Malware & Internet Security Software Suchlauf Datum: 15.01.2015 Suchlauf-Zeit: 19:37:24 Logdatei: mbam.txt Administrator: Ja Version: 2.00.4.1028 Malware Datenbank: v2015.01.15.10 Rootkit Datenbank: v2015.01.14.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: User Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 371402 Verstrichene Zeit: 6 Min, 46 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente erkannt) Module: 0 (Keine schädliche Elemente erkannt) Registrierungsschlüssel: 0 (Keine schädliche Elemente erkannt) Registrierungswerte: 0 (Keine schädliche Elemente erkannt) Registrierungsdaten: 0 (Keine schädliche Elemente erkannt) Ordner: 0 (Keine schädliche Elemente erkannt) Dateien: 0 (Keine schädliche Elemente erkannt) Physische Sektoren: 0 (Keine schädliche Elemente erkannt) (end) ################################JRT Logfile: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by User on 15.01.2015 at 20:26:21,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2015 at 20:29:35,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
############################### FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 Ran by User (administrator) on USER-PC on 15-01-2015 20:31:38 Running from K:\Eigene Dokumente_neu\PC Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) K:\Program Files (x86)\Mozilla Firefox\firefox.exe (Farbar) K:\Eigene Dokumente_neu\PC\20150115FRST64.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [976784 2009-12-15] (The Eraser Project) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [] => [X] HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\MountPoints2: {98d93448-d758-11e3-bce1-806e6f6e6963} - D:\Bin\ASSETUP.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = Google HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = Google HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> {E9DC17BB-BAF4-4594-A618-EB86680E980D} URL = https://www.google.com/search?q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll () BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default FF SelectedSearchEngine: FF Homepage: ?type=hppp FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\user.js FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\searchplugins\google-maps.xml FF Extension: CHIP Best Deal - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\ciuvo-extension@chip.de [2014-12-25] FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\donottrackplus@abine.com [2014-11-22] FF Extension: Switch Private Browsing - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\manolo.estevez@gmail.com.xpi [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-26] FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [{76D412EB-FEB4-A7C2-9ECC-AF02F0768665}] - C:\Program Files (x86)\ver5BlockAndSurf\186.xpi FF StartMenuInternet: FIREFOX.EXE - K:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-19] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-19] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-05-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-05-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 20:29 - 2015-01-15 20:29 - 00000624 _____ () C:\Users\User\Desktop\JRT.txt 2015-01-15 20:26 - 2015-01-15 20:26 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 19:15 - 2015-01-15 19:15 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-15 19:14 - 2015-01-15 19:14 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 19:14 - 2015-01-15 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 19:14 - 2015-01-15 19:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-15 19:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-15 19:14 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-15 19:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-14 21:33 - 2015-01-15 20:31 - 00000000 ____D () C:\FRST 2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 16:19 - 2015-01-15 12:36 - 00000280 _____ () C:\Windows\setupact.log 2015-01-14 16:19 - 2015-01-14 16:19 - 00000354 _____ () C:\Windows\PFRO.log 2015-01-14 16:19 - 2015-01-14 16:19 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-13 20:05 - 2015-01-13 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-13 20:00 - 2015-01-15 20:31 - 00377296 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 _____ () C:\autoexec.bat 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\Users\User\.android 2015-01-11 20:31 - 2015-01-11 22:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\MyPhoneExplorer 2015-01-11 20:29 - 2015-01-12 09:43 - 00001952 _____ () C:\Windows\patsearch.bin 2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\User\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files 2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\4.0 2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\.tfo4 2015-01-11 16:19 - 2015-01-11 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen 2014-12-26 09:32 - 2014-12-26 09:32 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 19:04 - 2014-06-16 07:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2014-12-25 19:04 - 2014-06-16 07:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc 2014-12-25 15:57 - 2014-12-25 15:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Program Files\VideoLAN 2014-12-25 07:11 - 2014-12-25 07:11 - 00000000 ____D () C:\Users\User\AppData\Local\Tools&More 2014-12-25 07:10 - 2014-12-25 07:10 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-12-25 07:09 - 2014-12-25 07:09 - 00003406 _____ () C:\Windows\System32\Tasks\chipSWU 2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files (x86)\chip 2014-12-25 07:09 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-12-25 07:09 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-12-23 09:26 - 2014-12-23 09:26 - 00000782 _____ () C:\Users\User\Desktop\Eigene Dokumente_neu - Verknüpfung.lnk 2014-12-21 14:39 - 2014-12-21 14:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump 2014-12-18 15:27 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-12-18 15:27 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-12-16 21:31 - 2015-01-12 19:23 - 00000000 ____D () C:\Users\User\Documents\ezTour_Workspace ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-15 20:25 - 2014-05-16 17:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-15 19:38 - 2014-05-25 06:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-15 19:37 - 2014-05-19 19:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-15 18:55 - 2014-05-19 15:53 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE4AD280-21FC-437E-A115-9B066A00F009} 2015-01-15 18:30 - 2014-05-19 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-15 17:37 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-15 17:37 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-15 12:36 - 2014-05-25 06:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-15 12:36 - 2014-05-16 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-15 12:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-14 21:53 - 2014-07-16 16:57 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2015-01-14 19:04 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Samsung 2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-14 19:04 - 2014-05-09 11:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 16:47 - 2014-05-19 17:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:41 - 2014-05-19 17:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 21:25 - 2014-05-16 17:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 21:25 - 2014-05-16 17:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-13 21:25 - 2014-05-16 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-13 20:41 - 2014-05-25 06:17 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-13 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache 2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-13 20:02 - 2014-05-09 10:09 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-13 12:23 - 2009-07-14 06:08 - 00002142 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 19:46 - 2014-07-16 16:55 - 00000000 ____D () C:\Program Files (x86)\Samsung_MyFree Codec 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-26 21:10 - 2014-05-25 19:15 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-26 21:10 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-26 10:41 - 2014-06-12 19:26 - 00000000 ___RD () C:\Users\User\Desktop\Aufräumen 2014-12-25 19:30 - 2014-07-16 18:48 - 00000000 ____D () C:\Users\User\Documents\SelfMV 2014-12-23 13:31 - 2014-05-20 16:32 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird 2014-12-23 12:43 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-12-23 12:43 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-12-23 12:43 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-20 21:00 - 2014-08-27 13:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe 2014-12-18 18:28 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-12-16 21:39 - 2014-05-25 20:09 - 00001127 _____ () C:\Users\Public\Desktop\HOLUX ezTour for Logger.lnk Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\NEventMessages.dll C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 00:21 ==================== End Of Log ============================ FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015
Ran by User at 2015-01-15 20:32:08
Running from K:\Eigene Dokumente_neu\PC
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Disabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Disabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Disabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.257 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{DD562794-C098-A1E5-66ED-10E8BD1C84C5}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Bullzip PDF Printer 10.6.0.2267 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.6.0.2267 - Bullzip)
C7200 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
C7200_Help (x32 Version: 100.0.206.000 - Hewlett-Packard) Hidden
Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.7.0.11 - Canon Inc.)
Canon Utilities ImageBrowser EX (HKLM-x32\...\ImageBrowser EX) (Version: 1.5.0.6 - Canon Inc.)
Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.23.47 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM-x32\...\{909A791A-DBB0-432F-BC0E-D0C81925E340}) (Version: 4.5.3.4746 - Canneverbe Limited)
CHIP Best Deal (HKLM-x32\...\{7553EA3C-F8DA-4188-B7BC-956894EA54F5}) (Version: 1.4.21 - Ciuvo GmbH)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Eraser 6.0.6.1376 (HKLM\...\{FE041ADD-66F3-4B85-A0E2-9E85D0DCBB31}) (Version: 6.0.1376 - The Eraser Project)
Fax (x32 Version: 130.0.418.000 - Hewlett-Packard) Hidden
FreeCommander XE (HKLM-x32\...\FreeCommander XE_is1) (Version: Preview - Marek Jasinski)
Google Drive (HKLM-x32\...\{240D2B48-E06E-446F-A806-01CF36882EB7}) (Version: 1.19.8268.4572 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HOLUX ezTour for Logger v2.5 (HKLM-x32\...\HOLUX ezTour for Logger_HOLUX_DL) (Version: v2.5 - iTravel Tech, Inc.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart All-In-One Driver Software 13.0 Rel. 2 (HKLM\...\{988329F4-A1A1-4D51-803C-EF2725A97627}) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PaperLabel (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabel_PrintOnDisc (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
hpphotosmartdisclabelplugin (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.4.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 31.4.0 (x86 de)) (Version: 31.4.0 - Mozilla)
MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden
MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.572.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.48.0 - Nokia)
Nokia Suite (x32 Version: 3.8.48.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 314.22 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 314.22 - NVIDIA Corporation)
NVIDIA Grafiktreiber 314.22 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 314.22 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.23.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.23.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 1.12.12 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.12.12 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Paint.NET v3.5.11 (HKLM\...\{72EF03F5-0507-4861-9A44-D99FD4C41418}) (Version: 3.61.0 - dotPDN LLC)
PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
PS_AIO_02_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
PS_AIO_02_Software_Min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6959 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Silicon Laboratories CP210x USB to UART Bridge (Driver Removal) (HKLM-x32\...\SLABCOMM&10C4&EA60) (Version: - )
Silicon Laboratories CP210x VCP Drivers for Windows 7 (HKLM-x32\...\{B7B3668D-B908-427D-AC7C-97CE65792A4E}) (Version: 5.40.24 - Silicon Laboratories, Inc.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
Stellar Phoenix Windows Data Recovery - Home (HKLM-x32\...\Stellar Phoenix Windows Data Recovery - Home_is1) (Version: 6.0.0.1 - Stellar Information Technology Pvt Ltd.)
TomTom HOME (HKLM-x32\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia)
Windows-Treiberpaket - Silicon Laboratories (silabenm) Ports (03/19/2014 6.7.0.0) (HKLM\...\B97004A400E30DCF940971EFA7A0C13C6B0A4B66) (Version: 03/19/2014 6.7.0.0 - Silicon Laboratories)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
26-12-2014 09:37:23 Windows Update
30-12-2014 11:09:27 Windows Update
06-01-2015 16:00:46 Windows Update
11-01-2015 16:29:53 Installed Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
11-01-2015 16:30:52 Installed Sun ODF Plugin for Microsoft Office 3.2
12-01-2015 12:22:47 Windows Update
13-01-2015 20:26:45 Removed Sun ODF Plugin for Microsoft Office 3.2
13-01-2015 21:27:46 Joe wird entfernt
14-01-2015 16:41:09 Windows Update
14-01-2015 19:02:51 Removed Samsung Kies
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {3029ADC9-DC6C-4991-8229-D60AD22F71B9} - System32\Tasks\{E1CA2CA5-A3E5-4AAD-9D09-4242F4E6302A} => pcalua.exe -a K:\PC\Download\Eraser\EraserSetup32_586a.exe -d K:\PC\Download\Eraser
Task: {50B1FA30-45E1-4861-B3E3-1891D573B546} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {BA2BC49D-390A-45F3-841B-8FFCA8B63F2B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {C77ED7DD-27B1-426D-9C0B-1117B6AB04A1} - System32\Tasks\chipSWU => Cscript.exe "C:\Program Files (x86)\chip\Internet Explorer\swu.vbs"
Task: {D297BE23-CE59-4973-B91F-EF2FE8E5109E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D7106B3F-38AA-4ABB-9175-B2BE17D521F7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-13] (Adobe Systems Incorporated)
Task: {E5DAFD0B-94B6-4A67-99F2-60F094188C37} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-05-25] (Google Inc.)
Task: {FD3AB4AE-3FF3-47C5-B957-F12112EEDA38} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-05-16 17:04 - 2013-03-15 05:16 - 00086304 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-08-02 07:20 - 2014-04-08 08:13 - 00069120 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
2012-08-17 20:39 - 2014-05-19 20:14 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00098816 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32api.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00110080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pywintypes27.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00364544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pythoncom27.dll
2015-01-15 12:36 - 2015-01-15 12:36 - 00045568 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_socket.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01160704 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_ssl.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00320512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32com.shell.shell.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00713216 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_hashlib.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01175040 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._core_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00805888 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._gdi_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00811008 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._windows_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 01062400 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._controls_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00735232 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._misc_.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00557056 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pysqlite2._sqlite.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00128512 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_elementtree.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00127488 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\pyexpat.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00087552 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_ctypes.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00119808 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32file.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00108544 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32security.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00007168 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\hashobjs_ext.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00167936 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32gui.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00018432 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32event.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00038912 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32inet.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00011264 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32crypt.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00070656 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._html2.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00027136 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\_multiprocessing.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00035840 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32process.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00686080 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\unicodedata.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00122368 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._wizard.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00024064 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32pipe.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00025600 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32pdh.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00525640 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\windows._lib_cacheinvalidation.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00010240 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\select.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00017408 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32profile.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00022528 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\win32ts.pyd
2015-01-15 12:36 - 2015-01-15 12:36 - 00078336 _____ () C:\Users\User\AppData\Local\Temp\_MEI26362\wx._animate.pyd
2013-10-02 19:29 - 2013-10-02 19:29 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
2013-10-02 19:30 - 2013-10-02 19:30 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00391600 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
2013-04-15 12:26 - 2013-04-15 12:26 - 00059280 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
2013-10-02 19:28 - 2013-10-02 19:28 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
2013-10-02 19:29 - 2013-10-02 19:29 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
2013-10-02 19:28 - 2013-10-02 19:28 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
2013-10-02 19:30 - 2013-10-02 19:30 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
2014-08-02 07:20 - 2014-04-08 08:08 - 00112128 _____ () C:\Program Files (x86)\Canon\ImageBrowser EX\MFMFileSystemWatcher.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2014-05-08 14:48 - 2014-05-08 14:48 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2015-01-14 22:03 - 2015-01-14 22:03 - 03925104 _____ () K:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:FCA8C9CD
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-3072690271-1386923378-2905418684-500 - Administrator - Disabled)
Gast (S-1-5-21-3072690271-1386923378-2905418684-501 - Limited - Disabled)
UpdatusUser (S-1-5-21-3072690271-1386923378-2905418684-1002 - Limited - Enabled) => C:\Users\UpdatusUser
User (S-1-5-21-3072690271-1386923378-2905418684-1000 - Administrator - Enabled) => C:\Users\User
==================== Faulty Device Manager Devices =============
Name: ASInsHelp
Description: ASInsHelp
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ASInsHelp
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart C7200 series
Description: Photosmart C7200 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2015-01-06 19:24:46.816
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.815
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.813
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-06 19:24:46.746
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.389
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.387
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.386
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-01-05 19:13:39.319
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-29 19:22:30.833
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-12-29 19:22:30.832
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) II X2 280 Processor
Percentage of memory in use: 50%
Total physical RAM: 4095.18 MB
Available physical RAM: 2018.88 MB
Total Pagefile: 8188.54 MB
Available Pagefile: 5597.21 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:241.5 GB) (Free:195.5 GB) NTFS
Drive e: (System) (Fixed) (Total:97.65 GB) (Free:65.42 GB) NTFS
Drive f: (Datenträger 2) (Fixed) (Total:498.51 GB) (Free:434.52 GB) NTFS
Drive k: (Festplatte_neu) (Fixed) (Total:224.16 GB) (Free:100.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 596.2 GB) (Disk ID: A265A265)
Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=498.5 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 9E07D443)
Partition 1: (Active) - (Size=102 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=241.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=224.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.01.2015, 07:22
| #8 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versuchtESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.01.2015, 20:46
| #9 |
| | MyStartSearch eingefangen und entfernen versucht Hallo schrauber, vollen Respekt für Deinen Support, Danke. Werde wg diverser anderer Arbeiten/Aufgaben vermutlich erst am Wochenende deine Hinweise umsetzen können. Grüße |
|
17.01.2015, 12:30
| #10 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versucht ok
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 14:14
| #11 |
| | MyStartSearch eingefangen und entfernen versucht ESETSmartInstaller@High as downloader log: all ok # product=EOS # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7623 # api_version=3.0.2 # EOSSerial=63286b14516f7d4ea7ec54749224a6dc # engine=22022 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2015-01-18 12:39:47 # local_time=2015-01-18 01:39:47 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1031 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode_1='Kaspersky Internet Security' # compatibility_mode=1291 16777213 100 98 17036 76354709 0 0 # compatibility_mode_1='' # compatibility_mode=5893 16776573 100 94 194374 173214637 0 0 # scanned=288143 # found=46 # cleaned=46 # scan_time=4509 sh=B45806F85A8EFA8AA923A09B28B26EE1FCFD97BA ft=1 fh=021ef04e4af54844 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup309.exe" sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup310.exe" sh=A8A37E54DB53B64808D4DE3DDBB505859E9F4269 ft=1 fh=b799c6fdeb2be9bc vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup311.exe" sh=429FC48BC53BC454DBF9DD799994FD538DD2CD1C ft=1 fh=b14d744a763a52f9 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup312.exe" sh=3B38ECE8A1605F66D7FC38CC9BCC5FF325A2ED55 ft=1 fh=bc0c24e3a63c61a6 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup313.exe" sh=3FC75D7EC85B4B4766AE1195896F0C2C5FB3E6FE ft=1 fh=f3111313b4ad1f30 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup314.exe" sh=DC1FE696A24E0072BA7221FCB0DAFEDB9B3560B4 ft=1 fh=5aa7e24d05d642d5 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup315.exe" sh=9663CAB5F4802FDAD8C719864F2E390BB99F195C ft=1 fh=02a711254bf91c09 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup316.exe" sh=F39A1D9201D021180B9FC8543783D8CE69054DCE ft=1 fh=10783dd2892ae31b vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup317.exe" sh=2E9FC5EE22DDB3588857BAEB1EC51885EB3D3C27 ft=1 fh=78aa2c558c3526a3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup318.exe" sh=2C16CF7AF335A0943C5973070050474E2565691B ft=1 fh=dbab1590fe63551b vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup319.exe" sh=7EF1CA17E9835CBBA989D1F2CFEF4B794D928D13 ft=1 fh=c7fc25b20d8e6134 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup320.exe" sh=432E95C9B13671B563FDDECA6C408A763B4020F8 ft=1 fh=5a87b2eed39a59c6 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup321.exe" sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup322.exe" sh=03659459CF218748D115AB0EBD09E04AE43D9BC4 ft=1 fh=b7fea6e53bda36e3 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup323.exe" sh=9EBEEAD23C136B3C8E6CC0220B4F47C3D67B9B4D ft=1 fh=f7cfbc4528e170a2 vn="Win32/Bundled.Toolbar.Google.E potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup324.exe" sh=25CF9B7BB46B581ED8DE03DDC56E1574087CACAA ft=1 fh=10c5a1651be6049d vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup326.exe" sh=180C8ED7C81E3AE7B0507B26C927EA93584B017C ft=1 fh=b0b83453fcc7b480 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup327.exe" sh=3D84C7C0E316EAD02DD7A59E746EC798DAB8BC0C ft=1 fh=ce50a11e70bad71c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup328.exe" sh=60C77FF66F63F585FCE95C78FF44B513E2AAB9F9 ft=1 fh=17494879e4339ab3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup400.exe" sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup401.exe" sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup402.exe" sh=A4854C3C5A7277D3C02F88330D2023AAD3667533 ft=1 fh=818bd9cd8f0d2ffa vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup403.exe" sh=6525F85F423A8ACB9DE261FCE7C1BFDCAF0651EC ft=1 fh=e751b5239200023c vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup404.exe" sh=59C75B45AC46FAC8C4018205544938C46B1BA631 ft=1 fh=ab462a0af6e69b03 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup405.exe" sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup406.exe" sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup407.exe" sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup408.exe" sh=932E042070F1567ED5A116E98E3C04D7D07E0681 ft=1 fh=3bf8f6c29b1c29c3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup409.exe" sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup410.exe" sh=C662A89E2318810A6012EF702A9C39F6E0AC3B36 ft=1 fh=e8789dd77b481b56 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup411.exe" sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup412.exe" sh=DA0FB77CECB4247F067294DA5E54E0020844FECE ft=1 fh=96c9faddf1c23368 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download CCleaner Piriform\ccsetup413.exe" sh=E23B4F525376AABA667BCF69A173D1D983A735EE ft=1 fh=f831e0d1679ba3c1 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download Screenshot\ashampoo_snap_3_3.50_7383.exe" sh=08247662F495318938F8269FDB1D410EF8345148 ft=1 fh=2a97b12ab7f2ca45 vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="F:\_PC\Download VLC\DE_vlc-0.9.8a-win32.exe" sh=F83855D2F4CB2063085A6A66A6A1C7CB377C28CB ft=1 fh=bcd5e45444e76df6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup414.exe" sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup415.exe" sh=9AA5E59F80A95BDFC48FBB4DC9F4B7212749E67D ft=1 fh=2fe225811afcde6b vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup416.exe" sh=1DE5D70A411EBBF4441FD569E7427CC28A4D6B13 ft=1 fh=b572351b8a033ea9 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup417.exe" sh=F69F5B71A6FA94B71504EF184913BCF428D43899 ft=1 fh=6c8257ade2556f83 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup418.exe" sh=A601D7FA1AC943E7C513C18554B4963A7CC30777 ft=1 fh=24077ef6e95ea586 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup419.exe" sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup500.exe" sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CCLEANER\ccsetup501.exe" sh=071A623BAEE3FB3E3A961AE0C80E646C8CB6B092 ft=1 fh=f93cd8c4dfd71db1 vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CHIP Paint NET - CHIP-Installer\Paint NET - CHIP-Installer.exe" sh=2AD3D4FAE1930C072A7A87FFB4053209194C25CB ft=1 fh=9a50943bc80f21cc vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\CHIP Umbenennungstool\Joe letzte Freeware Version - CHIP-Installer.exe" sh=85C2E758DADB8A93064CA5CEDF96BC69C021B84C ft=1 fh=1f9bbc275addc6d3 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung (gelöscht - in Quarantäne kopiert)" ac=C fn="K:\Download PC Update\PCWELT RECUVA\rcsetup151.exe" Results of screen317's Security Check version 0.99.93 Windows 7 Service Pack 1 x64 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Kaspersky Internet Security Antivirus out of date! `````````Anti-malware/Other Utilities Check:````````` Java 7 Update 71 Adobe Flash Player 16.0.0.257 Adobe Reader XI Mozilla Firefox (35.0) Mozilla Thunderbird (31.4.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbam.exe Malwarebytes Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky Internet Security 2013 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
|
18.01.2015, 16:31
| #12 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versucht FRST Log fehlt noch. Und bitte bitte die Logs in Codetags posten.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 17:02
| #13 |
| | MyStartSearch eingefangen und entfernen versucht Code Tags ??? Zum Glück findet man die Erklärung bei Euch "gleich um die Ecke". FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-01-2015 Ran by User (administrator) on USER-PC on 18-01-2015 16:51:18 Running from K:\Download PC Update\#TROJANER MyStartSearch Loaded Profiles: User & UpdatusUser (Available profiles: User & UpdatusUser) Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (The Eraser Project) C:\Program Files\Eraser\Eraser.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe () C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Mozilla Corporation) K:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Mozilla Corporation) K:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (ESET) C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7191768 2013-06-27] (Realtek Semiconductor) HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [976784 2009-12-15] (The Eraser Project) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-05-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe [115048 2011-09-20] (Renesas Electronics Corporation) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO) HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23308616 2014-12-22] (Google) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\\TomTom HOME 2\TomTomHOMERunner.exe [248176 2014-06-05] (TomTom) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [] => [X] HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1090912 2013-10-02] (Nokia) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd) HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Run: [KiesPDLR.exe] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe Run HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\MountPoints2: {98d93448-d758-11e3-bce1-806e6f6e6963} - D:\Bin\ASSETUP.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe () ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKU\S-1-5-21-3072690271-1386923378-2905418684-1000 -> {E9DC17BB-BAF4-4594-A618-EB86680E980D} URL = https://www.google.com/search?q={searchTerms} BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip64.dll () BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: CHIP Best Deal BHO -> {7553EA3C-F8DA-4188-B7BC-956894EA54F5} -> C:\Program Files (x86)\chip\Internet Explorer\chip32.dll () BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default FF SelectedSearchEngine: FF Homepage: ?type=hppp FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_257.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_257.dll () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\user.js FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\searchplugins\google-maps.xml FF Extension: CHIP Best Deal - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\ciuvo-extension@chip.de [2014-12-25] FF Extension: Blur (Formerly DoNotTrackMe) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\donottrackplus@abine.com [2014-11-22] FF Extension: Switch Private Browsing - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\pnticso1.default\Extensions\manolo.estevez@gmail.com.xpi [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2014-05-19] FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-05-26] FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF HKU\S-1-5-21-3072690271-1386923378-2905418684-1000\...\Firefox\Extensions: [{76D412EB-FEB4-A7C2-9ECC-AF02F0768665}] - C:\Program Files (x86)\ver5BlockAndSurf\186.xpi FF StartMenuInternet: FIREFOX.EXE - K:\Program Files (x86)\Mozilla Firefox\firefox.exe Chrome: ======= CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-05-04] (Advanced Micro Devices, Inc.) [File not signed] R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2014-05-19] (Kaspersky Lab ZAO) R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed] R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55936 2011-11-13] (Advanced Micro Devices) R0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49048 2012-07-18] (Asmedia Technology) R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-19] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-19] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-19] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-19] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2014-05-19] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2014-05-19] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2014-05-19] (Kaspersky Lab ZAO) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-18] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-17] () R3 rusb3hub; C:\Windows\System32\DRIVERS\rusb3hub.sys [114568 2012-08-27] (Renesas Electronics Corporation) R3 rusb3xhc; C:\Windows\System32\DRIVERS\rusb3xhc.sys [230280 2012-08-27] (Renesas Electronics Corporation) S2 ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [X] S3 dgderdrv; System32\drivers\dgderdrv.sys [X] S3 MSICDSetup; \??\D:\CDriver64.sys [X] S3 NTIOLib_1_0_C; \??\D:\NTIOLib_X64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 16:14 - 2015-01-18 16:14 - 00000000 ____D () C:\Program Files (x86)\ESET 2015-01-18 12:12 - 2015-01-18 12:12 - 00000000 ____H () C:\Users\User\Documents\Default.rdp 2015-01-15 20:26 - 2015-01-15 20:26 - 00000000 ____D () C:\Windows\ERUNT 2015-01-15 19:15 - 2015-01-18 14:53 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-01-15 19:14 - 2015-01-15 19:14 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2015-01-15 19:14 - 2015-01-15 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2015-01-15 19:14 - 2015-01-15 19:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2015-01-15 19:14 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2015-01-15 19:14 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2015-01-15 19:14 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2015-01-14 21:33 - 2015-01-18 16:51 - 00000000 ____D () C:\FRST 2015-01-14 16:27 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll 2015-01-14 16:27 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2015-01-14 16:27 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-01-14 16:27 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-01-14 16:27 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-01-14 16:27 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-01-14 16:27 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-01-14 16:27 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-01-14 16:27 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe 2015-01-14 16:27 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll 2015-01-14 16:27 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll 2015-01-14 16:27 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll 2015-01-14 16:19 - 2015-01-18 09:55 - 00000672 _____ () C:\Windows\setupact.log 2015-01-14 16:19 - 2015-01-15 20:40 - 00000730 _____ () C:\Windows\PFRO.log 2015-01-14 16:19 - 2015-01-14 16:19 - 00000000 _____ () C:\Windows\setuperr.log 2015-01-13 20:05 - 2015-01-13 20:05 - 00000000 ____D () C:\ProgramData\Malwarebytes 2015-01-13 20:00 - 2015-01-18 15:26 - 00517665 _____ () C:\Windows\WindowsUpdate.log 2015-01-12 21:12 - 2015-01-12 21:12 - 00000000 _____ () C:\autoexec.bat 2015-01-12 21:10 - 2015-01-12 21:10 - 00000000 ____D () C:\Program Files\Enigma Software Group 2015-01-11 20:57 - 2015-01-11 20:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01009.Wdf 2015-01-11 20:32 - 2015-01-11 20:32 - 00000000 ____D () C:\Users\User\.android 2015-01-11 20:31 - 2015-01-11 22:11 - 00000000 ____D () C:\Users\User\AppData\Roaming\MyPhoneExplorer 2015-01-11 20:29 - 2015-01-12 09:43 - 00001952 _____ () C:\Windows\patsearch.bin 2015-01-11 16:28 - 2015-01-11 16:28 - 00000000 ____D () C:\Users\User\Desktop\Sun ODF Plugin for Microsoft Office 3.2 (en-US) Installation Files 2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\4.0 2015-01-11 16:22 - 2015-01-11 16:22 - 00000000 ____D () C:\Users\User\.tfo4 2015-01-11 16:19 - 2015-01-11 16:19 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf 2015-01-01 21:37 - 2015-01-01 21:37 - 00000000 ___SD () C:\Users\User\Documents\Meine Datenquellen 2014-12-26 09:32 - 2014-12-26 09:32 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2014-12-25 19:04 - 2014-06-16 07:01 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll 2014-12-25 19:04 - 2014-06-16 07:01 - 00708168 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller.dll 2014-12-25 15:57 - 2014-12-25 17:26 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc 2014-12-25 15:57 - 2014-12-25 15:57 - 00000871 _____ () C:\Users\Public\Desktop\VLC media player.lnk 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN 2014-12-25 15:57 - 2014-12-25 15:57 - 00000000 ____D () C:\Program Files\VideoLAN 2014-12-25 07:11 - 2014-12-25 07:11 - 00000000 ____D () C:\Users\User\AppData\Local\Tools&More 2014-12-25 07:10 - 2014-12-25 07:10 - 00000000 ____D () C:\Windows\Downloaded Installations 2014-12-25 07:09 - 2014-12-25 07:09 - 00003406 _____ () C:\Windows\System32\Tasks\chipSWU 2014-12-25 07:09 - 2014-12-25 07:09 - 00000000 ____D () C:\Program Files (x86)\chip 2014-12-25 07:09 - 2011-05-13 11:16 - 00493056 _____ ( datenhaus GmbH) C:\Windows\SysWOW64\dhRichClient3.dll 2014-12-25 07:09 - 2011-03-25 19:42 - 00338432 _____ () C:\Windows\SysWOW64\sqlite36_engine.dll 2014-12-23 09:26 - 2014-12-23 09:26 - 00000782 _____ () C:\Users\User\Desktop\Eigene Dokumente_neu - Verknüpfung.lnk 2014-12-21 14:39 - 2014-12-21 14:39 - 00000000 ____D () C:\Users\Public\Documents\CrashDump ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-01-18 16:38 - 2014-05-25 06:16 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-01-18 16:25 - 2014-05-16 17:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-01-18 16:10 - 2014-05-19 15:53 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{EE4AD280-21FC-437E-A115-9B066A00F009} 2015-01-18 14:54 - 2014-05-19 19:56 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2015-01-18 12:26 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-01-18 12:26 - 2009-07-14 05:45 - 00028912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-01-18 09:55 - 2014-05-25 06:16 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-01-18 09:55 - 2014-05-16 17:04 - 00000000 ____D () C:\ProgramData\NVIDIA 2015-01-18 09:55 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-01-15 20:40 - 2014-05-19 16:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-14 21:53 - 2014-07-16 16:57 - 00000000 ____D () C:\Program Files (x86)\MarkAny 2015-01-14 19:04 - 2014-07-16 16:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Samsung 2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\ProgramData\Samsung 2015-01-14 19:04 - 2014-07-16 16:54 - 00000000 ____D () C:\Program Files (x86)\Samsung 2015-01-14 19:04 - 2014-05-09 11:19 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2015-01-14 16:47 - 2014-05-19 17:44 - 00000000 ____D () C:\Windows\system32\MRT 2015-01-14 16:41 - 2014-05-19 17:44 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-01-13 21:25 - 2014-05-16 17:19 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-01-13 21:25 - 2014-05-16 17:18 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-01-13 21:25 - 2014-05-16 17:18 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-01-13 20:41 - 2014-05-25 06:17 - 00002042 _____ () C:\Users\Public\Desktop\Google Slides.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00002040 _____ () C:\Users\Public\Desktop\Google Sheets.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00002030 _____ () C:\Users\Public\Desktop\Google Docs.lnk 2015-01-13 20:41 - 2014-05-25 06:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2015-01-13 20:22 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SchCache 2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2015-01-13 20:02 - 2014-07-03 18:23 - 00000859 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2015-01-13 20:02 - 2014-05-09 10:09 - 00001425 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2015-01-13 12:23 - 2009-07-14 06:08 - 00003906 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2015-01-12 19:46 - 2014-07-16 16:55 - 00000000 ____D () C:\Program Files (x86)\Samsung_MyFree Codec 2015-01-12 19:23 - 2014-12-16 21:31 - 00000000 ____D () C:\Users\User\Documents\ezTour_Workspace 2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2014-12-26 21:10 - 2014-05-25 19:15 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk 2014-12-26 21:10 - 2014-05-25 19:15 - 00000000 ____D () C:\Program Files\CCleaner 2014-12-26 10:41 - 2014-06-12 19:26 - 00000000 ___RD () C:\Users\User\Desktop\Aufräumen 2014-12-25 19:30 - 2014-07-16 18:48 - 00000000 ____D () C:\Users\User\Documents\SelfMV 2014-12-23 13:31 - 2014-05-20 16:32 - 00000000 ____D () C:\Users\User\AppData\Local\Thunderbird 2014-12-23 12:43 - 2011-04-12 08:43 - 00698688 _____ () C:\Windows\system32\perfh007.dat 2014-12-23 12:43 - 2011-04-12 08:43 - 00148828 _____ () C:\Windows\system32\perfc007.dat 2014-12-23 12:43 - 2009-07-14 06:13 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-12-20 21:00 - 2014-08-27 13:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe ==================== Files in the root of some directories ======= 2014-05-26 14:12 - 2014-05-26 15:04 - 0001140 _____ () C:\ProgramData\hpzinstall.log Some content of TEMP: ==================== C:\Users\User\AppData\Local\Temp\NEventMessages.dll C:\Users\User\AppData\Local\Temp\NOSEventMessages.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-01-14 00:21 ==================== End Of Log ============================ |
|
18.01.2015, 19:10
| #14 |
| /// the machine /// TB-Ausbilder | MyStartSearch eingefangen und entfernen versucht Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
18.01.2015, 19:33
| #15 |
| | MyStartSearch eingefangen und entfernen versucht Hallo schrauber, ein wahrscheinlich kleines Problem blieb: Im FIREFOX kommt als Startseite unverändert >> hxxp:///?type=hppp <<, ich bekomme ich die Einstellung der Startseite im FIREFOX nicht korrigiert. Egal, was ich mache, beim nächsten Start ist immer folgende Adresse geöffnet "hxxp:///?type=hppp". FIREFOX neu installieren? |
|
| Themen zu MyStartSearch eingefangen und entfernen versucht |
| abzocke, adresse, bereinigt, blöd, deinstallation, eingefangen, einstellung, entferne, entfernen, firefox, folge, folgende, forum, gefangen, gen, hoffe, installationen, installierte, malware, nervige, nicht mehr, search, seite, startseite, versucht |
Linear-Darstellung
