Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.3 (06.30.2015:1)
OS: Windows 7 Professional x86
Ran by Carina Bro on 30.06.2015 at 10:08:59,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
~~~ Files
~~~ Folders
~~~ FireFox
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.06.2015 at 10:13:48,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-06-2015 01
Ran by Carina Büro (administrator) on CARINABÜRO-HP on 30-06-2015 10:14:29
Running from C:\Users\Carina Büro\Desktop\Tools
Loaded Profiles: Carina Büro (Available Profiles: Carina Büro)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avpui.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TeamViewer GmbH) C:\Users\Carina Büro\AppData\Local\temp\TeamViewer\Version6\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Carina Büro\AppData\Local\temp\TeamViewer\Version6\TeamViewer_Desktop.exe
(TeamViewer GmbH) C:\Users\Carina Büro\AppData\Local\temp\TeamViewer\Version6\tv_w32.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11672208 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM\...\Run: [IMSS] => C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [112152 2011-01-17] (Intel Corporation)
HKLM\...\Run: [hpsysdrv] => c:\program files\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [BrMfcWnd] => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM\...\Run: [ControlCenter3] => C:\Program Files\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VR-NetWorld Auftragsprüfung.lnk [2014-02-21]
ShortcutTarget: VR-NetWorld Auftragsprüfung.lnk -> C:\Program Files\VR-NetWorld\vrtoolcheckorder.exe (VR-NetWorld Software)
Startup: C:\Users\Carina Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2012-02-05]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Carina Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - .lnk [2014-10-07]
ShortcutTarget: Tintenwarnungen überwachen - .lnk -> C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Carina Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk [2015-06-29]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet Pro 8600.lnk -> C:\Program Files\hp\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-154304431-3782028136-1068560525-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-154304431-3782028136-1068560525-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-154304431-3782028136-1068560525-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=ssl
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-154304431-3782028136-1068560525-1000 -> DefaultScope {49A9025C-2A1C-414B-ADC9-B52BA543699D} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-154304431-3782028136-1068560525-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-154304431-3782028136-1068560525-1000 -> {49A9025C-2A1C-414B-ADC9-B52BA543699D} URL = https://www.google.com/search?q={searchTerms}
BHO: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2012-09-23] (Adobe Systems Incorporated)
BHO: Virtual Keyboard Plugin -> {4A66AD60-A03D-4D01-86F0-5F0F7C0EF1AD} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre6\bin\ssv.dll [2012-03-07] (Sun Microsystems, Inc.)
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files\HP SimplePass 2011\IEBHO.dll [2011-09-26] (HP)
BHO: Content Blocker Plugin -> {93BC2EA7-2F17-4729-948A-D2E03FFB2412} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {AB379017-4C03-4E00-8EDF-E6D6AF7CCF82} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\IEExt\ie_plugin.dll [2014-12-23] (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-03-07] (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704 2011-08-30] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{B965F63E-85B3-4FEF-A17E-687189B2FC16}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{D2F25CC5-011D-4A23-882B-6898748EBCAA}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Carina Büro\AppData\Roaming\Mozilla\Firefox\Profiles\y2iky6u3.default
FF SelectedSearchEngine:
FF Homepage: www.web.de
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll [2012-03-07] (Sun Microsystems, Inc.)
FF Plugin: @kaspersky.com/content_blocker_663BE84DBCC949E88C7600F63CA7F098 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-08] ()
FF Plugin: @kaspersky.com/online_banking_08806E753BE44495B44E90AA2513BDC5 -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\online_banking@kaspersky.com [2015-04-08] ()
FF Plugin: @kaspersky.com/virtual_keyboard_07402848C2F6470194F131B0F3DE025E -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-08] ()
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: proGames Companion - C:\Users\Carina Büro\AppData\Roaming\Mozilla\Firefox\Profiles\y2iky6u3.default\Extensions\DF0Jp6KJA@gmail.com [2015-05-28]
FF Extension: flashstopperbyocoil - C:\Users\Carina Büro\AppData\Roaming\Mozilla\Firefox\Profiles\y2iky6u3.default\Extensions\flashstopper@byo.co.il [2015-04-07]
FF Extension: Winter Sports - C:\Users\Carina Büro\AppData\Roaming\Mozilla\Firefox\Profiles\y2iky6u3.default\Extensions\STRpEp5g@gmail.com [2015-05-28]
FF Extension: TrueSuite Website Logon - C:\Program Files\Mozilla Firefox\extensions\websitelogon@truesuite.com [2015-03-04]
FF HKLM\...\Firefox\Extensions: [content_blocker_663BE84DBCC949E88C7600F63CA7F098@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\content_blocker@kaspersky.com [2015-04-08]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard_07402848C2F6470194F131B0F3DE025E@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\FFExt\virtual_keyboard@kaspersky.com [2015-04-08]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [dfaldikcoaplhepekpbngkepfcoiihef] - C:\Program Files\HP SimplePass 2011\tschrome.crx [2011-08-22]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.2; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\avp.exe [194000 2015-06-24] (Kaspersky Lab ZAO)
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [279024 2013-06-24] (Intel Corporation)
S2 FPLService; C:\Program Files\HP SimplePass 2011\TrueSuiteService.exe [260424 2011-09-26] (HP)
S3 ICCS; C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [169752 2012-04-24] (Intel Corporation)
S2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [110752 2010-09-22] (Intel Corporation)
S2 jhi_service; C:\Program Files\Intel\Services\IPT\jhi_service.exe [212944 2011-02-24] (Intel Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService.exe [141968 2013-07-09] (Realtek Semiconductor)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [197864 2015-06-24] (Kaspersky Lab UK Ltd)
R3 e1cexpress; C:\Windows\System32\DRIVERS\e1c6232.sys [358224 2012-08-10] (Intel Corporation)
S3 eapihdrv; C:\Users\Carina Büro\AppData\Local\temp\ehdrv.sys [135760 2015-06-29] (ESET)
S3 HTCAND32; C:\Windows\System32\Drivers\ANDROIDUSB.sys [25088 2009-10-26] (HTC, Corporation) [File not signed]
S3 IFCoEMP; C:\Windows\system32\drivers\ifM52x32.sys [264464 2010-08-14] (Intel(R) Corporation)
S3 IFCoEVB; C:\Windows\system32\drivers\ifP52X32.sys [57616 2010-08-14] (Intel(R) Corporation)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [153784 2015-06-24] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [54640 2015-06-24] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [128728 2015-06-24] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [44216 2015-06-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [705208 2015-06-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [34160 2015-06-24] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [36208 2015-06-24] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [35696 2015-06-24] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [23920 2015-06-24] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54328 2015-06-24] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [72560 2015-06-24] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [157240 2015-06-24] (Kaspersky Lab ZAO)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-04-14] (Malwarebytes Corporation)
R3 MEI; C:\Windows\system32\drivers\HECI.sys [41088 2010-10-20] (Intel Corporation)
S3 NAL; C:\Windows\system32\Drivers\iqvw32.sys [30368 2010-09-17] (Intel Corporation )
S3 pmxdrv; C:\Windows\system32\drivers\pmxdrv.sys [816792 2012-01-15] () [File not signed]
R3 vpcbus; C:\Windows\system32\drivers\vpchbus.sys [165376 2012-01-15] (Microsoft Corporation)
R1 vpcnfltr; C:\Windows\System32\DRIVERS\vpcnfltr.sys [55040 2012-01-15] (Microsoft Corporation)
R3 vpcusb; C:\Windows\System32\DRIVERS\vpcusb.sys [78336 2012-01-15] (Microsoft Corporation)
R1 vpcvmm; C:\Windows\System32\drivers\vpcvmm.sys [295128 2012-01-15] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CARINA~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-30 10:14 - 2015-06-30 10:14 - 00000000 ____D C:\FRST
2015-06-30 10:13 - 2015-06-30 10:13 - 00000925 _____ C:\Users\Carina Büro\Desktop\JRT.txt
2015-06-30 10:09 - 2015-06-30 10:09 - 00000207 _____ C:\Windows\tweaking.com-regbackup-CARINABÜRO-HP-Windows-7-Professional-(32-bit).dat
2015-06-30 10:09 - 2015-06-30 10:09 - 00000000 ____D C:\RegBackup
2015-06-29 19:42 - 2015-06-29 19:42 - 00001210 _____ C:\Users\Carina Büro\Desktop\1942.txt
2015-06-29 19:28 - 2015-06-29 19:28 - 00000000 _____ C:\Users\Carina Büro\Desktop\Neues Textdokument.txt
2015-06-29 14:32 - 2015-06-29 14:32 - 00011172 _____ C:\Users\Carina Büro\Downloads\ESET.txt
2015-06-29 14:19 - 2015-06-29 14:19 - 00011172 _____ C:\Users\Carina Büro\Downloads\Stamplive1.txt
2015-06-29 12:06 - 2015-06-29 12:06 - 00012526 _____ C:\Users\Carina Büro\Downloads\Stamplive.txt
2015-06-29 10:30 - 2015-06-29 10:30 - 00002133 _____ C:\Users\Public\Desktop\NAS Starter Utility.lnk
2015-06-29 10:30 - 2015-06-29 10:30 - 00000000 ____D C:\Users\Carina Büro\AppData\Local\CrashDumps
2015-06-29 10:30 - 2015-06-29 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZyXEL
2015-06-29 10:30 - 2015-06-29 10:30 - 00000000 ____D C:\Program Files\ZyXEL
2015-06-29 10:22 - 2015-06-29 10:22 - 00001457 _____ C:\Users\Carina Büro\Desktop\iexplore.exe.lnk
2015-06-29 10:16 - 2015-06-29 10:16 - 02870984 _____ (ESET) C:\Users\Carina Büro\Downloads\esetsmartinstaller_deu.exe
2015-06-29 09:55 - 2015-06-29 09:55 - 02244096 _____ C:\Users\Carina Büro\Downloads\adwcleaner_4.207.exe
2015-06-29 09:52 - 2015-06-29 19:21 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-29 09:51 - 2015-06-29 19:21 - 00001062 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-29 09:51 - 2015-06-29 19:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-29 09:51 - 2015-06-29 19:21 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-06-29 09:51 - 2015-04-14 09:37 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-06-29 09:51 - 2015-04-14 09:37 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-06-29 09:51 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-06-24 14:57 - 2015-06-24 14:57 - 00000329 _____ C:\Users\Carina Büro\Desktop\HP Druckerdiagnosetools.url
2015-06-24 14:44 - 2015-06-30 08:34 - 00007272 _____ C:\Windows\PFRO.log
2015-06-24 14:44 - 2015-06-24 14:44 - 00001423 _____ C:\Users\Carina Büro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-06-23 19:41 - 2015-06-23 19:41 - 00012030 _____ C:\ComboFix.txt
2015-06-23 19:27 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-06-23 19:27 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-06-23 19:27 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-06-23 19:27 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-06-23 19:27 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-06-23 19:27 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-06-23 19:27 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-06-23 19:27 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-06-23 19:15 - 2015-06-23 19:15 - 00000000 ____D C:\Users\Carina Büro\AppData\Local\GWX
2015-06-23 15:15 - 2015-06-23 19:42 - 00000000 ____D C:\Qoobox
2015-06-23 15:14 - 2015-06-23 19:39 - 00000000 ____D C:\Windows\erdnt
2015-06-23 14:52 - 2015-06-29 10:08 - 00072440 _____ C:\Users\Carina Büro\AppData\Local\GDIPFONTCACHEV1.DAT
2015-06-23 14:52 - 2015-06-23 14:52 - 00001119 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-06-23 14:52 - 2015-06-23 14:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-23 12:38 - 2015-06-23 12:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\7A27174E.sys
2015-06-23 12:38 - 2015-06-23 12:38 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\6DE61788.sys
2015-06-23 12:34 - 2015-06-23 12:36 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Carina Büro\Downloads\mbam-setup-majorgeeks-2.1.6.1022.exe
2015-06-22 18:51 - 2015-06-30 08:34 - 00000504 _____ C:\Windows\setupact.log
2015-06-22 18:51 - 2015-06-22 18:51 - 00000000 _____ C:\Windows\setuperr.log
2015-06-22 17:54 - 2015-06-30 10:14 - 00000000 ____D C:\Users\Carina Büro\Desktop\Tools
2015-06-22 17:44 - 2015-06-22 17:44 - 00001354 _____ C:\Users\Carina Büro\Documents\cc_20150622_174357.reg
2015-06-10 17:37 - 2015-06-11 16:11 - 03734767 _____ C:\Users\Carina Büro\Documents\Natural disasters who is responsible.pptx
2015-06-10 10:38 - 2015-06-10 10:38 - 00002820 _____ C:\Users\Carina Büro\Downloads\Virus.txt
2015-06-10 10:18 - 2015-06-02 21:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-10 10:18 - 2015-05-27 16:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-10 10:18 - 2015-05-23 05:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-06-10 10:18 - 2015-05-23 05:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-06-10 10:18 - 2015-05-23 05:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-10 10:18 - 2015-05-23 05:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-06-10 10:18 - 2015-05-23 05:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-06-10 10:18 - 2015-05-23 05:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-10 10:18 - 2015-05-23 05:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-06-10 10:18 - 2015-05-23 05:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-10 10:18 - 2015-05-23 05:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-06-10 10:18 - 2015-05-23 05:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-06-10 10:18 - 2015-05-23 05:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-10 10:18 - 2015-05-23 05:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-10 10:18 - 2015-05-23 05:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-06-10 10:18 - 2015-05-23 05:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-06-10 10:18 - 2015-05-23 05:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-10 10:18 - 2015-05-23 05:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-06-10 10:18 - 2015-05-23 04:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-06-10 10:18 - 2015-05-23 04:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-06-10 10:18 - 2015-05-23 04:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-06-10 10:18 - 2015-05-23 04:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-10 10:18 - 2015-05-23 04:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-10 10:18 - 2015-05-23 04:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-10 10:18 - 2015-05-23 04:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-10 10:18 - 2015-05-23 04:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-06-10 10:18 - 2015-05-23 04:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-10 10:18 - 2015-05-23 04:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-06-10 10:18 - 2015-05-23 04:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-10 10:18 - 2015-05-23 04:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-10 10:18 - 2015-05-23 04:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-10 10:18 - 2015-05-23 04:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-10 10:18 - 2015-05-22 20:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-10 10:18 - 2015-05-22 20:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-10 10:18 - 2015-05-22 20:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-10 10:18 - 2015-05-22 20:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-10 10:18 - 2015-05-22 20:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-10 10:18 - 2015-05-22 20:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 10:18 - 2015-05-22 19:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-10 10:18 - 2015-05-21 15:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-10 10:17 - 2015-05-25 19:00 - 02384384 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-10 10:17 - 2015-04-11 05:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-06-10 10:12 - 2015-05-25 20:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-06-10 10:12 - 2015-05-25 20:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-06-10 10:12 - 2015-05-25 20:07 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-06-10 10:12 - 2015-05-25 20:07 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-06-10 10:12 - 2015-05-25 20:04 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-06-10 10:12 - 2015-05-25 20:01 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-06-10 10:12 - 2015-05-25 20:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-06-10 10:12 - 2015-05-25 20:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-06-10 10:12 - 2015-05-25 19:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-06-10 10:12 - 2015-05-25 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-06-10 10:12 - 2015-05-25 19:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-06-10 10:12 - 2015-05-25 19:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-06-10 10:12 - 2015-05-25 18:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 10:12 - 2015-05-09 05:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-06-10 10:12 - 2015-05-09 05:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-06-10 10:12 - 2015-05-09 05:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-06-10 10:12 - 2015-05-09 05:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-06-10 10:12 - 2015-05-09 05:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 05:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 03:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 03:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 03:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-06-10 10:12 - 2015-05-09 03:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-06-10 10:12 - 2015-04-29 20:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-06-10 10:12 - 2015-04-29 20:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-06-10 10:12 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-06-10 10:12 - 2015-04-29 20:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-06-10 10:12 - 2015-04-29 20:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-06-10 10:12 - 2015-04-24 19:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 11:16 - 2015-06-09 11:16 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-06-09 10:57 - 2015-06-29 19:20 - 00000000 ____D C:\AdwCleaner
2015-06-09 10:49 - 2015-06-09 10:49 - 00015672 _____ C:\Users\Carina Büro\Documents\cc_20150609_104923.reg
2015-06-02 12:51 - 2015-06-02 12:51 - 00349705 _____ C:\Users\Carina Büro\Downloads\Meine Website 2015-06-02 10-51-22.zip
2015-06-01 12:54 - 2015-06-01 12:54 - 07465834 _____ C:\Users\Carina Büro\Downloads\message-rfc822-attachment
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-30 10:09 - 2015-05-28 09:51 - 00000550 _____ C:\Windows\Tasks\progames_companion_helper_service.job
2015-06-30 10:09 - 2009-07-14 06:34 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-30 10:09 - 2009-07-14 06:34 - 00027344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-30 08:50 - 2015-04-08 14:19 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-06-30 08:38 - 2012-02-02 15:25 - 01466944 _____ C:\Windows\WindowsUpdate.log
2015-06-30 08:34 - 2012-01-15 11:54 - 00000000 ____D C:\ProgramData\PDFC
2015-06-30 08:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-30 08:34 - 2009-07-14 06:33 - 00305672 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-29 10:32 - 2015-03-04 10:21 - 00000000 ____D C:\Users\Carina Büro\NSU
2015-06-29 10:06 - 2013-05-07 20:49 - 00000000 ____D C:\ProgramData\Ulead Systems
2015-06-29 10:05 - 2013-05-07 20:53 - 00000204 _____ C:\Windows\ulead32.ini
2015-06-29 10:05 - 2012-01-15 11:49 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2015-06-29 10:03 - 2014-02-18 13:18 - 00000000 ____D C:\Program Files\FotoWorksXL2014
2015-06-29 10:00 - 2014-10-04 12:04 - 00000344 _____ C:\Windows\Tasks\HPCeeScheduleForCarina Büro.job
2015-06-29 09:36 - 2010-11-20 23:01 - 01620612 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-29 09:08 - 2014-02-21 12:04 - 00000000 ____D C:\Users\Public\Documents\VR-NetWorld
2015-06-24 15:04 - 2014-11-22 14:12 - 00072560 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klwtp.sys
2015-06-24 15:04 - 2014-11-10 17:48 - 00157240 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-06-24 15:04 - 2014-10-10 17:02 - 00034160 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys
2015-06-24 15:04 - 2014-10-09 12:31 - 00054328 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kltdi.sys
2015-06-24 15:04 - 2014-08-19 12:31 - 00054640 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kldisk.sys
2015-06-24 15:04 - 2014-03-31 10:47 - 00153784 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2015-06-24 15:04 - 2013-04-12 14:34 - 00023920 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klpd.sys
2015-06-24 15:02 - 2013-08-08 16:10 - 00035696 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klmouflt.sys
2015-06-24 15:01 - 2014-12-13 18:21 - 00705208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2015-06-24 15:01 - 2014-11-28 18:19 - 00128728 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2015-06-24 15:01 - 2014-10-30 04:22 - 00036208 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2015-06-24 15:01 - 2014-10-22 21:13 - 00044216 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klhk.sys
2015-06-24 15:01 - 2014-10-07 15:16 - 00000000 ____D C:\Users\Carina Büro\AppData\Roaming\HpUpdate
2015-06-24 15:01 - 2013-01-14 20:10 - 00197864 _____ (Kaspersky Lab UK Ltd) C:\Windows\system32\Drivers\cm_km_w.sys
2015-06-23 19:42 - 2014-02-12 11:43 - 00000000 ____D C:\Users\Carina B�ro
2015-06-23 19:42 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2015-06-23 19:42 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-06-23 19:36 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-06-23 14:52 - 2015-03-04 11:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-23 14:32 - 2011-02-10 23:16 - 00000000 ____D C:\Windows\Panther
2015-06-22 17:29 - 2012-02-05 11:47 - 00000052 _____ C:\Windows\system32\DOErrors.log
2015-06-22 16:10 - 2012-02-02 15:26 - 00000000 ____D C:\Users\Carina Büro
2015-06-10 14:09 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-06-10 12:46 - 2014-12-16 16:07 - 00000000 __SHD C:\Users\Carina Büro\AppData\Local\EmieBrowserModeList
2015-06-10 12:46 - 2014-05-22 13:50 - 00000000 __SHD C:\Users\Carina Büro\AppData\Local\EmieUserList
2015-06-10 12:46 - 2014-05-22 13:50 - 00000000 __SHD C:\Users\Carina Büro\AppData\Local\EmieSiteList
2015-06-10 12:38 - 2014-12-11 12:40 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-10 12:38 - 2014-05-27 13:26 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-10 12:38 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-06-10 12:37 - 2012-02-05 13:05 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-06-10 12:36 - 2013-08-16 16:16 - 00000000 ____D C:\Windows\system32\MRT
2015-06-10 12:34 - 2012-06-26 14:49 - 136900096 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-10 11:45 - 2012-02-02 16:24 - 00000000 ____D C:\Users\Carina Büro\AppData\Local\Google
2015-06-10 11:45 - 2012-02-02 16:24 - 00000000 ____D C:\Program Files\Google
2015-06-10 10:26 - 2015-05-12 11:06 - 00000000 ____D C:\Users\Carina Büro\AppData\Roaming\Avery
2015-06-10 10:26 - 2012-02-05 13:16 - 00000000 ____D C:\Windows\system32\appmgmt
2015-06-09 11:49 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\schemas
2015-06-09 09:44 - 2015-04-07 16:01 - 00000004 _____ C:\Windows\system32\029B560A371F4E00AB32838EBC01B9E7
2015-06-08 09:39 - 2012-04-16 14:45 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForCARINABÜRO-HP$.job
==================== Files in the root of some directories =======
2014-10-07 15:15 - 2014-10-07 15:15 - 0000057 _____ () C:\ProgramData\Ament.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-25 10:55
==================== End of log ============================
[CODE]Additional
FRST Logfile: Code:
scan result of Farbar Recovery Scan Tool (x86) Version: 28-06-2015 01
Ran by Carina Büro at 2015-06-30 10:15:04
Running from C:\Users\Carina Büro\Desktop\Tools
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-154304431-3782028136-1068560525-500 - Administrator - Disabled)
Carina Büro (S-1-5-21-154304431-3782028136-1068560525-1000 - Administrator - Enabled) => C:\Users\Carina Büro
Gast (S-1-5-21-154304431-3782028136-1068560525-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-154304431-3782028136-1068560525-1002 - Limited - Enabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{941B4CE7-3F5D-443E-A8B7-56A420D2EAFD}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-7420 (HKLM\...\{C2530D63-B66B-48B5-BB50-7C6281FE7AA6}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Corel WinDVD (HKLM\...\{5C1F18D2-F6B7-4242-B803-B5A78648185D}) (Version: 10.0.5.835 - Corel Inc.)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904 - Microsoft) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP FWUpdateEDO2 (HKLM\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Odometer (HKLM\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (HKLM\...\{E5F9BFAF-2FD9-4637-BA4E-5C2BC3A0763D}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Hilfe (HKLM\...\{FDE820DD-CC88-4395-AD5C-801365B8F316}) (Version: 28.0.0 - Hewlett Packard)
HP Setup (HKLM\...\{03046EBB-CB7C-4B98-BEFB-690EB955DA22}) (Version: 8.5.4526.3645 - Hewlett-Packard Company)
HP SimplePass PE 2011 (HKLM\...\{9FECD1F1-4B1E-499D-BAF4-B9BDE655554D}) (Version: 5.3.0.282 - Hewlett-Packard)
HP Support Information (HKLM\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
I.R.I.S. OCR (HKLM\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{00A61104-74B5-4056-AD00-4397EF4FB141}) (Version: 3.1.0.40 - Apple Inc.)
Intel(R) Control Center (HKLM\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Identity Protection Technology 1.1.2.0 (HKLM\...\{C01A86F5-56E7-101F-9BC9-E3F1025EB779}) (Version: 1.1.2.0 - Intel Corporation)
Intel(R) Management Engine Components (HKLM\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.7.176.0 (HKLM\...\PROSetDX) (Version: 15.7.176.0 - Intel)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3062 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{86D04316-F49A-4AF2-B3F1-A1E943886CE7}) (Version: 11.3.1.2 - Apple Inc.)
Java(TM) 6 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216031FF}) (Version: 6.0.310 - Oracle)
Kaspersky Internet Security (HKLM\...\InstallWIX_{02FECEE0-16B2-43DB-BC3B-C844477FC142}) (Version: 15.0.2.361 - Kaspersky Lab)
Kaspersky Internet Security (Version: 15.0.2.361 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.5 (x86 de) (HKLM\...\Mozilla Firefox 38.0.5 (x86 de)) (Version: 38.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 38.0.5 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NAS Starter Utility (HKLM\...\NAS Starter Utility) (Version: - ZyXEL)
Norton Internet Security (Version: 19.0.0.128 - Symantec Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 4.0.54 - PDF Complete, Inc)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6730 - Realtek Semiconductor Corp.)
Recovery Manager (Version: 5.5.0.4320 - CyberLink Corp.) Hidden
SPG-Verein 3.1 (HKLM\...\{6738D11F-DF64-445B-80A4-B6B32F297059}) (Version: 3.1.19 - Software Peter Große)
TOPP Vorlagen-Druckstudio (3945) (HKLM\...\{710D8F1E-6631-4E59-A1CB-6DCA5AF288CA}_is1) (Version: - frechverlag GmbH)
Ulead Photo Explorer 8.6 (HKLM\...\{025C3792-E9C6-432A-92C1-661F99D021CA}) (Version: - Ulead Systems, Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VIP Access SDK (1.0.1.4) (HKLM\...\VIP Access SDK) (Version: 1.0.1.4 - Symantec Inc.)
VR-NetWorld (HKLM\...\{8815F011-43AF-4F50-BBD8-D78ED3D6F5B9}) (Version: - )
Windows Media Encoder 9-Reihe (HKLM\...\Windows Media Encoder 9) (Version: - )
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
WinZip 15.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C1}) (Version: 15.0.9411 - WinZip Computing, S.L. )
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-154304431-3782028136-1068560525-1000_Classes\CLSID\{49BBAA3C-C574-419E-8378-783C362E9C15}\InprocServer32 -> C:\Program Files\HP\Common\FWUpdateEDO2.dll (Hewlett-Packard Co.)
==================== Restore Points =========================
22-06-2015 17:14:49 HPSF Applying updates
22-06-2015 17:25:01 HPSF Applying updates
22-06-2015 17:28:05 HPSF Applying updates
22-06-2015 17:37:29 Removed Studie zur Verbesserung von HP Officejet Pro 8600 Produkten
23-06-2015 08:27:17 Windows Update
23-06-2015 14:31:40 Windows Modules Installer
23-06-2015 14:47:03 Removed Microsoft Silverlight
23-06-2015 19:53:25 Windows Modules Installer
24-06-2015 14:56:21 Installed HP Support Solutions Framework
28-06-2015 21:47:00 Windows Update
29-06-2015 10:01:57 Removed HP Support Solutions Framework
29-06-2015 10:04:08 Entfernt Ulead PhotoImpact
29-06-2015 10:05:31 Entfernt Ulead Photo Explorer
29-06-2015 10:49:15 Windows-Sicherung
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2015-06-23 19:36 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1DE516D1-3F81-432C-A159-564CDAA38ACA} - System32\Tasks\4786 => Wscript.exe C:\Users\CARINA~1\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {21E93B4C-6950-479A-8612-2723880D8271} - System32\Tasks\{19A8E3AC-280C-4D88-840E-4539A701A941} => C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [2001-03-27] (Adobe Systems Incorporated)
Task: {2F2DA167-F335-4B1E-AEB1-424BCC265CFF} - System32\Tasks\{972570F3-6A77-4A73-8CF7-C046D90722CC} => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {30E0466D-CEAA-402A-86BE-92EA57B54007} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-06-12] (Adobe Systems Incorporated)
Task: {321A2E95-5EF6-4B4C-9C2B-33907D233B59} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {40962674-1326-4E57-A946-BC5FB9241903} - System32\Tasks\{4E7372F3-5463-48B8-8323-97C0CC6855EE} => C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [2001-03-27] (Adobe Systems Incorporated)
Task: {49AB1366-DC62-4DA6-82E2-E05A4CF25AC6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {5A17CDC5-4C32-42C0-94A3-36E48AE3DFC0} - System32\Tasks\{D9281304-936C-446C-8BC5-493EB1E67873} => C:\Program Files\Adobe\Acrobat 5.0\Reader\AcroRd32.exe [2001-03-27] (Adobe Systems Incorporated)
Task: {5D224A3B-647D-48D4-BB23-4CA417750CC8} - System32\Tasks\{B6A38BE0-B744-46B3-9355-2885B6B7F590} => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {6AF0A480-ADC6-4F7D-9566-BD5799D0A736} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {6F02602B-BEEA-4509-97C0-4F011B17F4FE} - System32\Tasks\progames_companion_helper_service => C:\Program Files\proGames Companion\progames_companion_helper_service.exe [2015-05-28] ()
Task: {7E5F7A95-01CE-4086-9AF8-B0A4749C6C45} - System32\Tasks\HPCeeScheduleForCARINABÜRO-HP$ => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {90BDF524-00A0-4DEC-861A-752ABBAF4208} - System32\Tasks\HPCeeScheduleForCarina Büro => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {CAE79727-E226-4467-B4C3-D481292ECDB4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {CFD4563F-FEBE-490E-96B3-9C027AF1C9C2} - System32\Tasks\0 => Iexplore.exe <==== ATTENTION
Task: {D0A7EEC7-B5C0-4056-A862-5BEA4D701E6B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {D1E24408-C1C7-4BF1-A265-12EF7CE37D90} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {ECB13A80-7B68-4A80-8E90-F88774786F74} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\HPCeeScheduleForCarina Büro.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCARINABÜRO-HP$.job => C:\Program Files\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\progames_companion_helper_service.job => C:\Program Files\proGames Companion\progames_companion_helper_service.exe
==================== Loaded Modules (Whitelisted) ==============
2012-05-03 16:50 - 2011-10-04 22:42 - 00086016 _____ () C:\Windows\System32\custmon32i.dll
2014-12-23 16:54 - 2014-12-23 16:54 - 01272616 _____ () C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 15.0.2\kpcengine.2.3.dll
2014-07-03 13:20 - 2014-07-03 13:20 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-03 13:19 - 2014-07-03 13:19 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-154304431-3782028136-1068560525-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Carina Büro\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{94301F77-9491-40B6-9495-0A35F32C9108}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [VirtualPC-In-UDP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-UDP-2] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [VirtualPC-In-TCP-1] => (Allow) %SystemRoot%\System32\vpc.exe
FirewallRules: [{9B9064B2-1276-42F3-94CE-4B1CFD690702}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{BD920599-207F-4687-9898-B627FA41E737}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E037512B-B97F-4791-94E5-AB5A5639D310}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{2F3E5877-595E-443B-969E-852374434241}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\FaxApplications.exe
FirewallRules: [{AB5D1DC8-876D-4A89-AB37-7B682D337DB2}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\DigitalWizards.exe
FirewallRules: [{2C7F79FE-09B4-418D-A122-4EBC771F01C5}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\bin\SendAFax.exe
FirewallRules: [{347B28A3-AA75-4706-90C9-AF0B7B49F783}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C04D1450-1E69-409B-BD1F-BD16E1FD194D}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{3B4AE2C8-F103-45AF-B29B-CE9E7FFE6AEB}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{FD50A219-FD8B-41CD-A093-1E7168291218}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/29/2015 03:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8643
Error: (06/29/2015 03:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 8643
Error: (06/29/2015 03:30:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2015 03:30:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5507
Error: (06/29/2015 03:30:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5507
Error: (06/29/2015 03:30:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2015 03:29:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2777
Error: (06/29/2015 03:29:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2777
Error: (06/29/2015 03:29:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/29/2015 10:30:26 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: NSA325v2.exe, Version: 2.0.0.4, Zeitstempel: 0x370b732f
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x1e8c
Startzeit der fehlerhaften Anwendung: 0xNSA325v2.exe0
Pfad der fehlerhaften Anwendung: NSA325v2.exe1
Pfad des fehlerhaften Moduls: NSA325v2.exe2
Berichtskennung: NSA325v2.exe3
System errors:
=============
Error: (06/30/2015 10:09:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Software Protection" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "IviRegMgr" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "HP Support Assistant Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Management and Security Application User Notification Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (06/30/2015 10:09:34 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Integrated Clock Controller Service - Intel(R) ICCS" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/30/2015 10:09:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "iPod-Dienst" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/30/2015 10:09:33 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Protexis Licensing V2" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (04/21/2015 10:14:40 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 428 seconds with 300 seconds of active time. This session ended with a crash.
Error: (04/21/2015 10:06:05 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6720.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/26/2015 05:58:24 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/26/2015 05:12:21 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3 seconds with 0 seconds of active time. This session ended with a crash.
Error: (02/26/2015 05:12:05 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6715.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2 seconds with 0 seconds of active time. This session ended with a crash.
Error: (11/12/2014 04:53:49 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6705.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 89215 seconds with 960 seconds of active time. This session ended with a crash.
Error: (05/07/2013 02:57:34 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 299 seconds with 120 seconds of active time. This session ended with a crash.
Error: (04/12/2013 00:59:01 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 5197 seconds with 720 seconds of active time. This session ended with a crash.
Error: (12/19/2012 09:39:18 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6941 seconds with 2460 seconds of active time. This session ended with a crash.
Error: (06/03/2012 10:32:28 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 3, Application Name: Microsoft Office PowerPoint, Application Version: 12.0.6600.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2361 seconds with 780 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz
Percentage of memory in use: 36%
Total physical RAM: 3242.02 MB
Available physical RAM: 2069.85 MB
Total Pagefile: 6482.34 MB
Available Pagefile: 5017.18 MB
Total Virtual: 2047.88 MB
Available Virtual: 1865.03 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:456.22 GB) (Free:394.65 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:9.44 GB) (Free:1.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:149.01 GB) (Free:141.07 GB) FAT32
Drive m: (MyDrive) (Fixed) (Total:465.76 GB) (Free:465.65 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 50059048)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=456.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=9.4 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 0D1BA850)
Partition 1: (Not Active) - (Size=149 GB) - (Type=0C)
========================================================
Disk: 8 (Size: 465.8 GB) (Disk ID: 1C804B22)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== End of log ============================
--- --- --- |
Lesestoff:
FRST 32-Bit | FRST 64-Bit