Win7-64 Malwarebytes viele Funde, Snapdo
Hallo Leute,
ich habe mir gestern ein Programm zum Backup meiner DVD-Sammlung installiert. Leider war da auch diese Snapdo-Suchmaschine dabei. Habe ich gestern direkt gemerkt, Startseite im Firefox war verändert - einfach Rückgängig gemacht war kein Problem. Im Laufe des heutigen Tages erschien mir immer wieder diese snapdo-suche
--> Scan mit Malwarebytes: über 900 Funde (diese Log Datei wurde offensichtlich leider nicht gespeichert --> im Logdateiverzeichnis von MBAM ist nur die untenstehende Log-Datei).
--> neuerlicher Scan mit Malwarebytes noch 18 Funde (siehe unten);
--> im Anschluss von MBAM entfernt und neu gestartet
--> Backupsoftware deinstalliert Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.01.13.08
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Stefan :: CORE2DUO [limitiert]
Schutz: Aktiviert
13.01.2014 22:27:14
mbam-log-2014-01-13 (22-27-14).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 193267
Laufzeit: 4 Minute(n), 28 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 6
HKCR\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Löschen bei Neustart.
HKCR\IESmartBar.BHO (PUP.Optional.QuickShare.A) -> Löschen bei Neustart.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Löschen bei Neustart.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} (PUP.Optional.QuickShare.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Löschen bei Neustart.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=hp&installDate=12/01/2014) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 2
c:\users\admin\documents\optimizer pro (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
c:\users\admin\appdata\local\smartbar (PUP.Optional.SmartBar.A) -> Löschen bei Neustart.
Infizierte Dateien: 5
C:\Users\Stefan\Downloads\DVDShrink_downloader_by_DVDShrink.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stefan\Downloads\freefilesync_5.23_windows_setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Stefan\Downloads\FreeFileSync_6.0_Windows_Setup.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\19a7d8.msi (PUP.Optional.SmartBar.A) -> Löschen bei Neustart.
c:\users\admin\documents\optimizer pro\cookiesexception.txt (PUP.Optional.OptimizerPro.A) -> Löschen bei Neustart.
(Ende)
Zur Kontrolle habe ich auch gleich einen FRST-Scan gemacht, ich denke da sind noch Reste da...
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-01-2014 02
Ran by Stefan (ATTENTION: The logged in user is not administrator) on CORE2DUO on 13-01-2014 22:41:40
Running from C:\Users\Stefan\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\TouchControl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Users\Stefan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Flux Software LLC) C:\Users\Stefan\AppData\Local\FluxSoftware\Flux\flux.exe
(WIBU-SYSTEMS AG) C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Dropbox, Inc.) C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(AuthenTec Inc.) C:\Program Files\AuthenTec TrueSuite\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM-x32\...\Run: [OEM02Mon.exe] - C:\Windows\OEM02Mon.exe [36864 2007-05-09] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [703888 2013-03-26] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Runonce: [dvdshrinkpxql] - [x]
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [SkyDrive] - C:\Users\Stefan\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-10-13] (Microsoft Corporation)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1317256 2013-08-12] (Autodesk, Inc.)
HKCU\...\Run: [f.lux] - C:\Users\Stefan\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKCU\...\Run: [SteganosBankingFree] - "C:\Program Files (x86)\Steganos Online-Banking Free\SteganosBanking.exe" -Autostart 1
HKCU\...\Policies\Explorer: []
MountPoints2: {27f7353e-340f-11e3-a13a-001fe2d9d63a} - F:\LaunchU3.exe -a
AppInit_DLLs: [ ] ()
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Stefan\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x14A327B560C7CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Somoto&dpid=Somoto&co=AT&userid=3f69cfd8-ea73-4ff0-98e2-5b4521bb3895&searchtype=ds&q={searchTerms}&installDate=12/01/2014
BHO: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Snap.DoEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files (x86)\DIALux\DLXShellExtension.dll (DIAL GmbH, Germany)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH)
Toolbar: HKLM-x32 - Snap.Do - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.15.0.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - No File
Handler-x32: dialux - {8352FA4C-39C6-11D3-ADBA-00A0244FB1A2} - C:\Program Files (x86)\DIALux\DLXToolBox.dll (DIAL GmbH, Germany)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-2815468662-4028354378-3962469275-1003\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2013-10-13]
FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-07]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 DialComService; C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [1934608 2013-05-22] (DIAL GmbH)
R2 FPLService; C:\Program Files\AuthenTec TrueSuite\TrueSuiteService.exe [296808 2012-08-30] (AuthenTec, Inc)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [232192 2013-04-07] (NETGEAR)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-11-02] (Microsoft Corporation)
R2 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
==================== Drivers (Whitelisted) ====================
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [112224 2013-06-08] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [620640 2014-01-07] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-07] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R2 NPF; C:\Windows\system32\drivers\npf.sys [35344 2013-10-13] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-13 22:38 - 2014-01-13 22:41 - 00019031 _____ C:\Users\Stefan\Downloads\FRST.txt
2014-01-13 22:37 - 2014-01-13 22:37 - 00000000 ____H C:\ProgramData\cm-lock
2014-01-13 22:26 - 2014-01-13 22:26 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-01-13 22:19 - 2014-01-13 22:19 - 00000000 ____D C:\FRST
2014-01-13 22:18 - 2014-01-13 22:18 - 02075648 _____ (Farbar) C:\Users\Stefan\Downloads\FRST64.exe
2014-01-13 22:00 - 2014-01-13 22:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-13 21:59 - 2014-01-13 21:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-13 21:59 - 2014-01-13 21:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-13 21:59 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-13 21:51 - 2014-01-13 21:51 - 00000000 ____D C:\Users\Stefan\Desktop\TRData2.2
2014-01-13 14:11 - 2014-01-13 14:11 - 00000000 ____D C:\Users\Stefan\Documents\DIALux
2014-01-13 14:08 - 2014-01-13 14:08 - 00002125 _____ C:\Users\Stefan\Desktop\POV-Ray v3.6.lnk
2014-01-13 14:08 - 2014-01-13 14:08 - 00000000 ____D C:\Program Files (x86)\POV-Ray for Windows v3.6
2014-01-13 14:07 - 2014-01-13 14:07 - 00007444 _____ C:\DIALux Setup Information.txt
2014-01-13 14:07 - 2014-01-13 14:07 - 00001867 _____ C:\Users\Public\Desktop\DIALux 4.11 Light.lnk
2014-01-13 14:07 - 2014-01-13 14:07 - 00001853 _____ C:\Users\Public\Desktop\DIALux 4.11.lnk
2014-01-13 14:07 - 2014-01-13 14:07 - 00000000 ____D C:\ProgramData\DIAL GmbH
2014-01-13 14:07 - 2014-01-13 14:07 - 00000000 ____D C:\Program Files (x86)\DIAL GmbH
2014-01-13 14:06 - 2014-01-13 14:07 - 00000102 _____ C:\Windows\Dialux.ini
2014-01-13 14:06 - 2013-01-14 15:20 - 06525440 _____ (Amyuni Technologies
hxxp://www.amyuni.com) C:\Windows\system32\cdintf450_64.dll
2014-01-13 14:06 - 2013-01-14 15:20 - 04809728 _____ (Amyuni Technologies
hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf450.dll
2014-01-13 14:04 - 2014-01-13 14:11 - 00000000 ____D C:\ProgramData\DIALux
2014-01-13 14:03 - 2014-01-13 14:07 - 00000000 ____D C:\Program Files (x86)\DIALux
2014-01-13 14:03 - 2014-01-13 14:03 - 00000000 ____D C:\Windows\DIALux
2014-01-13 13:59 - 2014-01-13 13:59 - 01179085 _____ () C:\Users\Stefan\Downloads\DIALuxSetup41103.exe
2014-01-13 09:32 - 2014-01-13 09:37 - 00000000 ____D C:\Users\Stefan\Desktop\USB-Stick
2014-01-12 20:00 - 2014-01-12 20:00 - 00001996 _____ C:\Users\Public\Desktop\Philips_Cat.lnk
2014-01-12 19:56 - 2014-01-12 19:57 - 00000000 ____D C:\Users\Stefan\Desktop\Database
2014-01-12 19:55 - 2014-01-12 19:56 - 144314440 _____ C:\Users\Stefan\Desktop\PPS5270_emea_09122013.zip
2014-01-12 19:27 - 2014-01-13 22:26 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2014-01-12 19:19 - 2014-01-12 19:29 - 00000000 ____D C:\ProgramData\DVD Shrink
2014-01-12 19:18 - 2014-01-12 19:18 - 01258692 _____ (DVD Shrink ) C:\Users\Stefan\Downloads\dvdshrink_14236.exe
2014-01-08 10:37 - 2014-01-12 20:02 - 00000000 ____D C:\Program Files (x86)\Philips Lighting
2014-01-08 10:37 - 2014-01-08 10:37 - 00002095 _____ C:\Users\Public\Desktop\Road.lnk
2014-01-08 10:37 - 2014-01-08 10:37 - 00002083 _____ C:\Users\Public\Desktop\Area.lnk
2014-01-08 10:35 - 2014-01-08 10:35 - 00000000 ____D C:\Users\Stefan\Desktop\Philips Lichtplanungssoftware
2014-01-07 18:45 - 2014-01-07 18:45 - 00002334 _____ C:\Users\Stefan\Desktop\Sicherer Zahlungsverkehr.lnk
2014-01-07 18:45 - 2014-01-07 18:45 - 00001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-01-07 18:45 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-01-07 18:44 - 2014-01-13 22:37 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-07 18:44 - 2014-01-07 18:44 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-07 18:44 - 2014-01-07 18:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-07 18:43 - 2014-01-07 18:53 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-07 18:43 - 2013-06-08 20:18 - 00112224 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-01-07 09:40 - 2014-01-07 09:40 - 00287418 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-07 09:38 - 2014-01-07 09:39 - 00291220 _____ C:\Windows\msxml4-KB954430-enu.LOG
2014-01-06 23:51 - 2014-01-06 23:51 - 00000000 ____D C:\Users\Stefan\Documents\Relux Projects
2014-01-06 23:51 - 2014-01-06 23:51 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Relux Informatik AG
2014-01-06 23:50 - 2014-01-06 23:50 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\ProgramData\CodeMeter
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files\CodeMeter
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2014-01-06 23:47 - 2007-02-01 19:57 - 02134016 _____ (Amyuni Technologies
hxxp://www.amyuni.com) C:\Windows\SysWOW64\cdintf251.dll
2014-01-06 23:47 - 2004-03-02 13:19 - 01638400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2014-01-06 23:47 - 2003-03-19 05:44 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71loc.dll
2014-01-06 23:47 - 2001-02-12 16:53 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42loc.dll
2014-01-06 23:46 - 2014-01-06 23:47 - 00000000 ____D C:\Program Files (x86)\ReluxSuite
2014-01-06 13:57 - 2014-01-06 14:02 - 256314176 _____ C:\Users\Stefan\Downloads\kis14.0.0.4651abDE_5155.exe
2014-01-01 12:28 - 2014-01-01 12:28 - 00000000 ____D C:\Users\Stefan\AppData\Local\NVIDIA Corporation
2014-01-01 12:25 - 2013-12-10 03:13 - 01100248 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-01-01 12:25 - 2013-12-10 03:13 - 00982232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-01-01 12:25 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-01-01 12:24 - 2013-12-05 09:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-01-01 12:24 - 2013-12-05 09:42 - 00032544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-01-01 12:19 - 2014-01-01 12:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 12:19 - 2014-01-01 12:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 12:19 - 2014-01-01 12:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 12:19 - 2014-01-01 12:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 12:18 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 12:12 - 2014-01-01 12:20 - 00000000 ____D C:\Program Files\Recuva
2014-01-01 12:10 - 2014-01-01 12:10 - 03992416 _____ (Piriform Ltd) C:\Users\Stefan\Downloads\rcsetup149.exe
2013-12-30 15:29 - 2013-12-30 15:29 - 17694720 _____ C:\Users\Stefan\Downloads\Boxcryptor_v2.0.413.343_Setup.msi
2013-12-30 14:00 - 2013-12-30 14:00 - 00000000 ____D C:\Program Files\Microsoft Games
2013-12-29 21:49 - 2013-12-29 21:49 - 00003107 _____ C:\Users\Stefan\Desktop\Grand Theft Auto V - The Manual.lnk
2013-12-29 21:49 - 2013-12-29 21:49 - 00003067 _____ C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V - The Manual.lnk
2013-12-29 21:49 - 2013-12-29 21:49 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-12-29 21:14 - 2013-12-29 21:16 - 134658560 _____ C:\Users\Stefan\Downloads\GrandTheftAutoV-TheManual.msi
2013-12-21 15:57 - 2013-12-21 15:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 13:58 - 2013-12-19 13:58 - 00011603 _____ C:\Users\Stefan\Desktop\ams schlüssel.xlsx
2013-12-17 01:08 - 2013-12-17 01:08 - 00012839 _____ C:\Users\Stefan\Desktop\Kopfrechnen.xlsx
2013-12-17 00:41 - 2013-12-18 05:24 - 00000000 ____D C:\Users\Stefan\Desktop\LAND NÖ
2013-12-14 11:19 - 2013-12-15 12:49 - 00000628 _____ C:\Users\Stefan\Documents\Josef.txt
==================== One Month Modified Files and Folders =======
2014-01-13 22:41 - 2014-01-13 22:38 - 00019031 _____ C:\Users\Stefan\Downloads\FRST.txt
2014-01-13 22:41 - 2013-10-14 18:40 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\NetSpeedMonitor
2014-01-13 22:41 - 2013-10-11 21:05 - 01552226 _____ C:\Windows\WindowsUpdate.log
2014-01-13 22:38 - 2013-10-20 22:34 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Dropbox
2014-01-13 22:37 - 2014-01-13 22:37 - 00000000 ____H C:\ProgramData\cm-lock
2014-01-13 22:37 - 2014-01-07 18:44 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2014-01-13 22:37 - 2009-07-14 05:51 - 00064650 _____ C:\Windows\setupact.log
2014-01-13 22:36 - 2013-10-13 15:43 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-13 22:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-13 22:35 - 2013-10-13 21:15 - 00000000 ____D C:\Users\Stefan\Documents\Outlook-Dateien
2014-01-13 22:26 - 2014-01-13 22:26 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Malwarebytes
2014-01-13 22:26 - 2014-01-12 19:27 - 00000000 ____D C:\Program Files (x86)\DVD Shrink
2014-01-13 22:19 - 2014-01-13 22:19 - 00000000 ____D C:\FRST
2014-01-13 22:18 - 2014-01-13 22:18 - 02075648 _____ (Farbar) C:\Users\Stefan\Downloads\FRST64.exe
2014-01-13 22:00 - 2014-01-13 22:00 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Malwarebytes
2014-01-13 21:59 - 2014-01-13 21:59 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-13 21:59 - 2014-01-13 21:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-13 21:58 - 2013-10-12 10:38 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-13 21:51 - 2014-01-13 21:51 - 00000000 ____D C:\Users\Stefan\Desktop\TRData2.2
2014-01-13 21:51 - 2013-10-12 10:29 - 00000000 ____D C:\Users\Stefan
2014-01-13 19:44 - 2013-11-23 11:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Stefan\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-13 14:11 - 2014-01-13 14:11 - 00000000 ____D C:\Users\Stefan\Documents\DIALux
2014-01-13 14:11 - 2014-01-13 14:04 - 00000000 ____D C:\ProgramData\DIALux
2014-01-13 14:08 - 2014-01-13 14:08 - 00002125 _____ C:\Users\Stefan\Desktop\POV-Ray v3.6.lnk
2014-01-13 14:08 - 2014-01-13 14:08 - 00000000 ____D C:\Program Files (x86)\POV-Ray for Windows v3.6
2014-01-13 14:07 - 2014-01-13 14:07 - 00007444 _____ C:\DIALux Setup Information.txt
2014-01-13 14:07 - 2014-01-13 14:07 - 00001867 _____ C:\Users\Public\Desktop\DIALux 4.11 Light.lnk
2014-01-13 14:07 - 2014-01-13 14:07 - 00001853 _____ C:\Users\Public\Desktop\DIALux 4.11.lnk
2014-01-13 14:07 - 2014-01-13 14:07 - 00000000 ____D C:\ProgramData\DIAL GmbH
2014-01-13 14:07 - 2014-01-13 14:07 - 00000000 ____D C:\Program Files (x86)\DIAL GmbH
2014-01-13 14:07 - 2014-01-13 14:06 - 00000102 _____ C:\Windows\Dialux.ini
2014-01-13 14:07 - 2014-01-13 14:03 - 00000000 ____D C:\Program Files (x86)\DIALux
2014-01-13 14:03 - 2014-01-13 14:03 - 00000000 ____D C:\Windows\DIALux
2014-01-13 13:59 - 2014-01-13 13:59 - 01179085 _____ () C:\Users\Stefan\Downloads\DIALuxSetup41103.exe
2014-01-13 13:56 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-13 13:56 - 2009-07-14 05:45 - 00021904 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-13 09:37 - 2014-01-13 09:32 - 00000000 ____D C:\Users\Stefan\Desktop\USB-Stick
2014-01-13 09:35 - 2010-11-21 07:50 - 00699666 _____ C:\Windows\system32\perfh007.dat
2014-01-13 09:35 - 2010-11-21 07:50 - 00149774 _____ C:\Windows\system32\perfc007.dat
2014-01-13 09:35 - 2009-07-14 06:13 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-13 09:34 - 2013-10-13 15:55 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-01-13 09:34 - 2013-10-13 15:55 - 00001992 _____ C:\Windows\LkmdfCoInst.log
2014-01-12 20:04 - 2013-12-09 22:18 - 00000000 ____D C:\Users\Stefan\AppData\Local\CrashDumps
2014-01-12 20:02 - 2014-01-08 10:37 - 00000000 ____D C:\Program Files (x86)\Philips Lighting
2014-01-12 20:02 - 2013-10-12 18:24 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-12 20:00 - 2014-01-12 20:00 - 00001996 _____ C:\Users\Public\Desktop\Philips_Cat.lnk
2014-01-12 19:57 - 2014-01-12 19:56 - 00000000 ____D C:\Users\Stefan\Desktop\Database
2014-01-12 19:56 - 2014-01-12 19:55 - 144314440 _____ C:\Users\Stefan\Desktop\PPS5270_emea_09122013.zip
2014-01-12 19:29 - 2014-01-12 19:19 - 00000000 ____D C:\ProgramData\DVD Shrink
2014-01-12 19:18 - 2014-01-12 19:18 - 01258692 _____ (DVD Shrink ) C:\Users\Stefan\Downloads\dvdshrink_14236.exe
2014-01-09 17:09 - 2009-07-14 05:45 - 00519176 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-08 12:46 - 2013-10-12 12:08 - 00144312 _____ C:\Users\Stefan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-08 10:37 - 2014-01-08 10:37 - 00002095 _____ C:\Users\Public\Desktop\Road.lnk
2014-01-08 10:37 - 2014-01-08 10:37 - 00002083 _____ C:\Users\Public\Desktop\Area.lnk
2014-01-08 10:35 - 2014-01-08 10:35 - 00000000 ____D C:\Users\Stefan\Desktop\Philips Lichtplanungssoftware
2014-01-08 08:00 - 2010-11-21 04:47 - 00843066 _____ C:\Windows\PFRO.log
2014-01-07 18:53 - 2014-01-07 18:43 - 00620640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-01-07 18:53 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-01-07 18:53 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-01-07 18:45 - 2014-01-07 18:45 - 00002334 _____ C:\Users\Stefan\Desktop\Sicherer Zahlungsverkehr.lnk
2014-01-07 18:45 - 2014-01-07 18:45 - 00001124 _____ C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-01-07 18:44 - 2014-01-07 18:44 - 00000000 ____D C:\Windows\ELAMBKUP
2014-01-07 18:44 - 2014-01-07 18:44 - 00000000 ____D C:\Program Files (x86)\Kaspersky Lab
2014-01-07 18:40 - 2013-10-11 23:29 - 00000000 ____D C:\ProgramData\Norton
2014-01-07 09:40 - 2014-01-07 09:40 - 00287418 _____ C:\Windows\msxml4-KB973688-enu.LOG
2014-01-07 09:39 - 2014-01-07 09:38 - 00291220 _____ C:\Windows\msxml4-KB954430-enu.LOG
2014-01-07 08:00 - 2013-10-11 21:12 - 00000000 ____D C:\Users\Admin
2014-01-06 23:53 - 2013-10-15 16:33 - 00000000 ____D C:\Users\Stefan\AppData\Local\cache
2014-01-06 23:51 - 2014-01-06 23:51 - 00000000 ____D C:\Users\Stefan\Documents\Relux Projects
2014-01-06 23:51 - 2014-01-06 23:51 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Relux Informatik AG
2014-01-06 23:50 - 2014-01-06 23:50 - 00000000 ____D C:\Program Files (x86)\MSXML 4.0
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\ProgramData\CodeMeter
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files\WIBU-SYSTEMS
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files\CodeMeter
2014-01-06 23:48 - 2014-01-06 23:48 - 00000000 ____D C:\Program Files (x86)\CodeMeter
2014-01-06 23:47 - 2014-01-06 23:46 - 00000000 ____D C:\Program Files (x86)\ReluxSuite
2014-01-06 23:47 - 2009-07-14 03:34 - 00000544 _____ C:\Windows\win.ini
2014-01-06 14:02 - 2014-01-06 13:57 - 256314176 _____ C:\Users\Stefan\Downloads\kis14.0.0.4651abDE_5155.exe
2014-01-01 12:28 - 2014-01-01 12:28 - 00000000 ____D C:\Users\Stefan\AppData\Local\NVIDIA Corporation
2014-01-01 12:27 - 2013-10-22 18:25 - 00000000 ____D C:\Users\Stefan\AppData\Local\NVIDIA
2014-01-01 12:26 - 2013-10-11 22:36 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2014-01-01 12:25 - 2013-10-13 15:43 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2014-01-01 12:25 - 2013-10-11 22:36 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2014-01-01 12:20 - 2014-01-01 12:12 - 00000000 ____D C:\Program Files\Recuva
2014-01-01 12:20 - 2013-10-14 17:25 - 00000000 ____D C:\ProgramData\Oracle
2014-01-01 12:18 - 2014-01-01 12:19 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-01-01 12:18 - 2014-01-01 12:19 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-01-01 12:18 - 2014-01-01 12:19 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-01-01 12:18 - 2014-01-01 12:19 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-01 12:18 - 2014-01-01 12:18 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-01 12:17 - 2013-10-13 15:55 - 00000000 ____D C:\Users\Admin\AppData\Roaming\Logitech
2014-01-01 12:10 - 2014-01-01 12:10 - 03992416 _____ (Piriform Ltd) C:\Users\Stefan\Downloads\rcsetup149.exe
2013-12-30 20:41 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-30 15:29 - 2013-12-30 15:29 - 17694720 _____ C:\Users\Stefan\Downloads\Boxcryptor_v2.0.413.343_Setup.msi
2013-12-30 14:00 - 2013-12-30 14:00 - 00000000 ____D C:\Program Files\Microsoft Games
2013-12-29 22:56 - 2013-10-13 15:38 - 01594892 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-29 21:49 - 2013-12-29 21:49 - 00003107 _____ C:\Users\Stefan\Desktop\Grand Theft Auto V - The Manual.lnk
2013-12-29 21:49 - 2013-12-29 21:49 - 00003067 _____ C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V - The Manual.lnk
2013-12-29 21:49 - 2013-12-29 21:49 - 00000000 ____D C:\Program Files (x86)\Rockstar Games
2013-12-29 21:16 - 2013-12-29 21:14 - 134658560 _____ C:\Users\Stefan\Downloads\GrandTheftAutoV-TheManual.msi
2013-12-22 20:09 - 2013-10-14 19:02 - 00000000 ____D C:\Users\Stefan\Downloads\mp3
2013-12-22 17:36 - 2013-10-12 09:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-21 15:58 - 2013-12-21 15:57 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-20 07:31 - 2013-10-12 15:07 - 00000000 ____D C:\Program Files\Microsoft Office 15
2013-12-19 13:58 - 2013-12-19 13:58 - 00011603 _____ C:\Users\Stefan\Desktop\ams schlüssel.xlsx
2013-12-19 13:35 - 2009-07-14 06:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-19 12:59 - 2013-10-20 22:37 - 00001020 _____ C:\Users\Stefan\Desktop\Dropbox.lnk
2013-12-19 12:59 - 2013-10-20 22:35 - 00000000 ____D C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-12-19 12:59 - 2013-10-12 10:30 - 00000000 ___RD C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-18 05:24 - 2013-12-17 00:41 - 00000000 ____D C:\Users\Stefan\Desktop\LAND NÖ
2013-12-17 01:08 - 2013-12-17 01:08 - 00012839 _____ C:\Users\Stefan\Desktop\Kopfrechnen.xlsx
2013-12-15 14:11 - 2013-10-11 21:43 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 14:09 - 2013-10-11 21:43 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-15 12:49 - 2013-12-14 11:19 - 00000628 _____ C:\Users\Stefan\Documents\Josef.txt
Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\AutoCAD_2014_SP1_64bit[1].exe
C:\Users\Stefan\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Stefan\AppData\Local\Temp\install_flashplayer11x32_mssd_aaa_aih.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-01-2014 02
Ran by Stefan at 2014-01-13 22:42:17
Running from C:\Users\Stefan\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Audiograbber 1.83 SE (x32 Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (x32 Version: 1.0 - AG)
AuthenTec TrueSuite (Version: 5.1.100.49 - AuthenTec, Inc.)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.108.0 - Autodesk) Hidden
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (Version: 4.7.0.802 - Autodesk)
Autodesk App Manager (x32 Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) SP1 (Version: 1 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (x32 Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk)
Autodesk ReCap (Version: 1.0.43.13 - Autodesk) Hidden
Autodesk ReCap Language Pack-English (Version: 1.0.43.13 - Autodesk) Hidden
Calculux 7.7.0.1 (x32 Version: 7.7.0.1 - Philips)
Calculux 7.7.0.1 (x32 Version: 7.7.0.1 - Philips) Hidden
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.03103 - Cisco Systems, Inc.) Hidden
CodeMeter Runtime Kit v4.50c (Version: 4.50.906.503 - WIBU-SYSTEMS AG)
Dell Touchpad (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
DIAL Communication Framework (x32 Version: 1.2.0.200 - DIAL GmbH)
DIALux 4.11 (x32 Version: 4.11.0.3 - DIAL GmbH)
Dropbox (HKCU Version: 2.4.10 - Dropbox, Inc.)
EPSON Scan (x32 Version: - )
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
f.lux (HKCU Version: - )
FARO LS 1.1.501.0 (64bit) (x32 Version: 5.1.0.30630 - FARO Scanner Production)
FreeFileSync 6.0 (x32 Version: 6.0 - Zenju)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
GPL Ghostscript (Version: 9.10 - Artifex Software Inc.)
Grand Theft Auto V - The Manual (x32 Version: 1.0.0 - Rockstar Games)
GSview 5.0 (Version: 5.0 - Ghostgum Software Pty Ltd)
Java 7 Update 45 (64-bit) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Laptop Integrated Webcam Driver (1.04.01.1011) (Version: - )
Logitech SetPoint 6.61 (Version: 6.61.15 - Logitech)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1011 - Microsoft Corporation)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mp3tag v2.58 (x32 Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
NETGEAR Genie (x32 Version: 2.2.28.24.exe - NETGEAR Inc.)
NetSpeedMonitor 2.5.4.0 x64 (Version: 2.5.4.0 - Florian Gilles)
NVIDIA 3D Vision Treiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 327.23 (Version: 327.23 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2723 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (Version: 1.2.19 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1011 - Microsoft Corporation) Hidden
Panda USB Vaccine 1.0.1.4 (x32 Version: - Panda Security)
PDF Architect (x32 Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (x32 Version: 1.7.1 - pdfforge)
Philips Product Selector 5.2.7.0 (x32 Version: 5.2.7.0 - Philips Lighting)
Philips Product Selector 5.2.7.0 (x32 Version: 5.2.7.0 - Philips Lighting) Hidden
POV-Ray for Windows v3.6.0 (x32 Version: 3.6 - Persistence of Vision Raytracer Pty. Ltd.)
PPS max plugin 1.7.0 (x32 Version: 1.7.0.0 - Tree C Technology B.V.)
Recuva (Version: 1.49 - Piriform)
RICOH Media Driver ver.2.07.01.04 (x32 Version: 2.07.01.04 - RICOH)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
SketchUp Import for AutoCAD 2014 (x32 Version: 1.1.0 - Autodesk)
Snap.Do (x32 Version: 10.239.1.14117 - ReSoft Ltd.) <==== ATTENTION
Sparfuchs (x32 Version: 2014 - Abelssoft)
StarMoney (x32 Version: 4.0.2.34 - StarFinanz) Hidden
System Requirements Lab for Intel (x32 Version: 4.5.15.0 - Husdawg, LLC)
TrueCrypt (x32 Version: 7.1a - TrueCrypt Foundation)
==================== Restore Points =========================
Could not list Restore Points. Check WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
==================== Loaded Modules (whitelisted) =============
2012-08-30 12:09 - 2012-08-30 12:09 - 00516456 _____ () C:\Program Files\AuthenTec TrueSuite\DataManager.dll
2012-08-30 12:10 - 2012-08-30 12:10 - 00087912 _____ () C:\Program Files\AuthenTec TrueSuite\ssutil.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-04 23:21 - 2013-02-04 23:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/13/2014 10:37:47 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 02:11:10 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: DialComService.exe, Version: 1.2.0.200, Zeitstempel: 0x5196242c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x185c
Startzeit der fehlerhaften Anwendung: 0xDialComService.exe0
Pfad der fehlerhaften Anwendung: DialComService.exe1
Pfad des fehlerhaften Moduls: DialComService.exe2
Berichtskennung: DialComService.exe3
Error: (01/13/2014 01:50:54 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 10:45:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 09:39:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/13/2014 08:29:33 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 08:04:29 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: car.exe, Version: 7.7.0.1, Zeitstempel: 0x4fdb1abe
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0150010
Fehleroffset: 0x0008482b
ID des fehlerhaften Prozesses: 0x18e8
Startzeit der fehlerhaften Anwendung: 0xcar.exe0
Pfad der fehlerhaften Anwendung: car.exe1
Pfad des fehlerhaften Moduls: car.exe2
Berichtskennung: car.exe3
Error: (01/12/2014 08:04:22 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: car.exe, Version: 7.7.0.1, Zeitstempel: 0x4fdb1abe
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000810a
ID des fehlerhaften Prozesses: 0x18e8
Startzeit der fehlerhaften Anwendung: 0xcar.exe0
Pfad der fehlerhaften Anwendung: car.exe1
Pfad des fehlerhaften Moduls: car.exe2
Berichtskennung: car.exe3
Error: (01/12/2014 07:47:02 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung "Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (01/12/2014 07:32:59 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: update_checker.exe, Version: 4.3.0.0, Zeitstempel: 0x525d9c67
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000343e0
ID des fehlerhaften Prozesses: 0x1884
Startzeit der fehlerhaften Anwendung: 0xupdate_checker.exe0
Pfad der fehlerhaften Anwendung: update_checker.exe1
Pfad des fehlerhaften Moduls: update_checker.exe2
Berichtskennung: update_checker.exe3
System errors:
=============
Error: (01/13/2014 05:31:35 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/13/2014 05:31:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/13/2014 05:31:34 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/13/2014 02:11:12 PM) (Source: Service Control Manager) (User: )
Description: Dienst "DIAL Communication Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/13/2014 09:33:25 AM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR2 gefunden.
Error: (01/13/2014 08:29:33 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst AVP erreicht.
Error: (01/13/2014 08:28:00 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Microsoft Office-Dienst" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/13/2014 08:28:00 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Microsoft Office-Dienst erreicht.
Error: (01/12/2014 03:26:05 PM) (Source: Tcpip) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.2 mit dem Computer mit der
Netzwerkhardwareadresse E0-CA-94-84-11-0B ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Error: (01/12/2014 00:54:48 PM) (Source: Tcpip) (User: )
Description: Das System hat einen Adressenkonflikt der IP-Adresse 10.0.0.1 mit dem Computer mit der
Netzwerkhardwareadresse DC-71-44-5F-64-0C ermittelt. Netzwerkvorgänge könnten daher auf diesem
System unterbrochen werden.
Microsoft Office Sessions:
=========================
Error: (01/13/2014 10:37:47 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 02:11:10 PM) (Source: Application Error)(User: )
Description: DialComService.exe1.2.0.2005196242cntdll.dll6.1.7601.18247521ea8e7c0000374000ce753185c01cf1060ea78e384C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exeC:\Windows\SysWOW64\ntdll.dll2b342913-7c54-11e3-8d41-001fe2d9d63a
Error: (01/13/2014 01:50:54 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 10:45:02 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/13/2014 09:39:13 AM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe)(User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (01/13/2014 08:29:33 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/12/2014 08:04:29 PM) (Source: Application Error)(User: )
Description: car.exe7.7.0.14fdb1abentdll.dll6.1.7601.18247521ea8e7c01500100008482b18e801cf0fc8dd1ff98cC:\Program Files (x86)\Philips Lighting\Calculux\Clx\car.exeC:\Windows\SysWOW64\ntdll.dll5c8d0dbc-7bbc-11e3-bdeb-001fe2d9d63a
Error: (01/12/2014 08:04:22 PM) (Source: Application Error)(User: )
Description: car.exe7.7.0.14fdb1abeunknown0.0.0.000000000c00000050000810a18e801cf0fc8dd1ff98cC:\Program Files (x86)\Philips Lighting\Calculux\Clx\car.exeunknown5838be92-7bbc-11e3-bdeb-001fe2d9d63a
Error: (01/12/2014 07:47:02 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80.DLL
Error: (01/12/2014 07:32:59 PM) (Source: Application Error)(User: )
Description: update_checker.exe4.3.0.0525d9c67ntdll.dll6.1.7601.18247521ea8e7c0000005000343e0188401cf0fc3aece7656C:\Users\Admin\AppData\Local\FilesFrog Update Checker\update_checker.exeC:\Windows\SysWOW64\ntdll.dllf60af5e5-7bb7-11e3-bdeb-001fe2d9d63a
CodeIntegrity Errors:
===================================
Date: 2014-01-13 17:52:03.383
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-13 17:52:03.383
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-13 17:52:03.383
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-13 17:52:03.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-13 17:52:03.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-13 17:52:03.368
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-10 22:04:48.466
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-10 22:04:48.450
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-10 22:04:48.450
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-01-10 22:04:48.434
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 56%
Total physical RAM: 4094.06 MB
Available physical RAM: 1772.28 MB
Total Pagefile: 8186.3 MB
Available Pagefile: 5696.04 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:80.01 GB) (Free:31.28 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Fixed) (Total:216.03 GB) (Free:13.47 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:1.87 GB) (Free:1.46 GB) FAT32
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Wie soll ich weiter verfahren?
Vielen Dank schon jetzt für eure Hilfe,
lg steve-o |
AdwCleaner auf deinen Desktop.
SecurityCheck und:
