Facebook (Virus)

Creatiive · 30.11.2014, 17:35

Hey,

habe gerade auf Facebook eine Nachricht von einer Freundin bekommen "Erinnerst du dich daran?" und weil die Nachricht ausgerechnet von einer Person kam die mich schon öfters mal was fragte habe ich nicht richtig aufgepasst und nicht richtig weitergelesen und auf den Link geklickt, dieser hier: hxxp://t.co/22gJaxzDBA

Es scheint sich ja um das hier zu handeln: hxxp://www.mimikama.at/allgemein/warnung-fr-teilnehmer-in-einem-facebook-gruppen-chat-haha-erinnerst-du-dich-an-dieses-bild-httpt-coxxxx/

Dort ist zwar der Text etwas anders, aber der Link sieht ja so ähnlich aus.

Ich habe den Link glaube nicht bis komplett zum Ende laden lassen, ich glaube ein Login-Fenster kam am Ende, ich bin mir nicht mehr sicher da ich die Seite so schnell wie möglich wieder geschlossen habe.

Mein Passwort auf Facebook habe ich auch direkt geändert.

Hier schonmal ein paar Logs:

frst.txt

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-11-2014
Ran by Olaf (administrator) on OLAF-PC on 30-11-2014 17:39:51
Running from C:\Users\Olaf\Downloads
Loaded Profiles: Olaf & UpdatusUser (Available profiles: Olaf & UpdatusUser)
Platform: Microsoft® Windows Vista™ Home Premium  (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Spotify Ltd) C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\wercon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Opera Software) C:\Program Files\Opera\opera.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2012-06-02] (Microsoft Corporation)
HKLM\...\Run: [MSConfig] => C:\Windows\system32\msconfig.exe [222208 2006-11-02] (Microsoft Corporation)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [124208 2014-10-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [703736 2014-11-21] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-1783187169-4266523473-792420036-1002\...\Run: [Spotify Web Helper] => C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-11-27] (Spotify Ltd)
HKU\S-1-5-21-1783187169-4266523473-792420036-1003\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-18\...\Run: [Advanced SystemCare 7] => "C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1783187169-4266523473-792420036-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> DefaultScope value is missing.
SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = 
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer32.dll (IObit)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name -> {1E8A6170-7264-4D0F-BEAE-D42A53123C75} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
BHO: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1

FireFox:
========
FF ProfilePath: C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default
FF DefaultSearchEngine: Google
FF DefaultSearchUrl: 
FF SearchEngineOrder.3: Bing 
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @IObit.com/np_Asc_Plugin -> C:\Program Files\IObit\Surfing Protection\BrowerProtect\np_Asc_plugin.dll (IObit)
FF Plugin: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @ngm.nexoneu.com/NxGame -> C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\abs@avira.com [2014-11-22]
FF Extension: Speed Dial - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66} [2013-09-23]
FF Extension: Shopping Helper Smartbar - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{f2d45ffd-cff5-7ba9-54b1-45292dff1e50} [2014-05-09]
FF Extension: leethax.net extension - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\leethax@leethax.net.xpi [2014-11-29]
FF Extension: Speed Dial - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2013-09-23]
FF Extension: Adblock Plus - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-06-01]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-06-03]
FF Extension: No Name - C:\Users\Olaf\AppData\Roaming\Mozilla\Firefox\Profiles\wvpsd7gr.default\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files\IObit Apps Toolbar\FF [Not Found]

Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR DefaultSearchKeyword: Default -> de.yahoo.com
CHR DefaultSearchURL: Default -> https://de.search.yahoo.com/search?ei={inputEncoding}&fr=crmas&p={searchTerms}
CHR DefaultSuggestURL: Default -> https://de.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command={searchTerms}
CHR Profile: C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-20]
CHR Extension: (YouTube) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-26]
CHR Extension: (Google-Suche) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-26]
CHR Extension: (Avira Browserschutz) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2014-11-24]
CHR Extension: (Google Wallet) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-23]
CHR Extension: (Google Mail) - C:\Users\Olaf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-26]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [432888 2014-11-21] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [164656 2014-10-22] (Avira Operations GmbH & Co. KG)
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 IMFservice; C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe [341824 2013-11-11] (IObit)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
S3 Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [155824 2013-02-04] (Avanquest Software)
S3 stllssvr; C:\Program Files\Common Files\SureThing Shared\stllssvr.exe [73728 2006-09-14] (MicroVision Development, Inc.) [File not signed]
S2 Automatisches LiveUpdate - Scheduler; "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98160 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-10-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [45568 2006-11-02] (VIA Technologies, Inc.              )
S3 FileMonitor; C:\Program Files\IObit\IObit Malware Fighter\Drivers\wlh_x86\FileMonitor.sys [21480 2013-03-23] (IObit)
R0 PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [36528 2006-07-24] (Sonic Solutions) [File not signed]
S3 RegFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\regfilter.sys [32288 2013-11-19] (IObit.com)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [15672 2013-05-22] ()
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 UrlFilter; C:\Program Files\IObit\IObit Malware Fighter\drivers\wlh_x86\UrlFilter.sys [20944 2013-11-19] (IObit.com)
R0 videX32; C:\Windows\System32\DRIVERS\videX32.sys [13976 2014-01-01] (VIA Technologies, Inc.)
S3 wanatw; C:\Windows\System32\DRIVERS\wanatw4.sys [33588 2006-11-01] (America Online, Inc.)
R0 xfilt; C:\Windows\System32\DRIVERS\xfilt.sys [23192 2014-01-01] (VIA Technologies, Inc.)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 EagleXNt; No ImagePath
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 WinRing0_1_2_0; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 17:39 - 2014-11-30 17:40 - 00013169 _____ () C:\Users\Olaf\Downloads\FRST.txt
2014-11-30 17:39 - 2014-11-30 17:40 - 00000000 ____D () C:\FRST
2014-11-30 17:38 - 2014-11-30 17:38 - 01108992 _____ (Farbar) C:\Users\Olaf\Downloads\FRST.exe
2014-11-30 16:27 - 2014-11-30 16:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-11-30 16:27 - 2014-11-30 16:27 - 00000000 ____D () C:\Program Files\7-Zip
2014-11-30 16:26 - 2014-11-30 16:26 - 01110476 _____ () C:\Users\Olaf\Downloads\7z920.exe
2014-11-30 15:26 - 2014-11-30 15:26 - 00000000 ____D () C:\Program Files\Sandboxie
2014-11-30 15:24 - 2014-11-30 15:24 - 02734600 _____ (Sandboxie Holdings, LLC) C:\Users\Olaf\Downloads\SandboxieInstall-414.exe
2014-11-28 18:56 - 2014-11-28 18:56 - 00000000 ____D () C:\Users\Olaf\Documents\Zen Studios
2014-11-28 18:53 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-11-28 18:53 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-11-28 18:53 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-11-28 18:53 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-11-28 18:53 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-11-28 18:53 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-11-28 18:53 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-11-28 18:53 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-11-28 18:53 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-11-28 18:53 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-11-28 18:53 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-11-28 18:53 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-11-28 18:53 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-11-28 18:53 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-11-28 18:53 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-11-28 18:53 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-11-28 18:53 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-11-28 18:53 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-11-28 18:53 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-11-28 18:53 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-11-28 18:53 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-11-28 18:53 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-11-28 18:53 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-11-28 18:53 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-11-28 18:53 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-11-28 18:53 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-11-28 18:53 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-11-28 18:53 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-11-28 18:53 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-11-28 18:53 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-11-28 18:53 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-11-28 18:53 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-11-28 18:53 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-11-28 18:53 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-11-28 18:53 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-11-28 18:53 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-11-28 18:53 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-11-28 18:53 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-11-28 18:53 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-11-28 18:53 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-11-28 18:53 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-11-28 18:53 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-11-28 18:53 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-11-28 18:53 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-11-28 18:53 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-11-28 18:53 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-11-28 18:53 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-11-28 18:53 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-11-28 18:53 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-11-28 18:53 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-11-28 18:53 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-11-28 18:53 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-11-28 18:53 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-11-28 18:53 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-11-28 18:53 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-11-28 18:52 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-11-28 18:52 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-11-28 18:52 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-11-28 18:52 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-11-28 18:52 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-11-28 18:52 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-11-28 18:52 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-11-28 18:52 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-11-28 18:52 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-11-28 18:52 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-11-28 18:52 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-11-28 18:52 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-11-28 18:52 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-11-28 18:52 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-11-28 18:52 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-11-28 18:52 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-11-28 18:52 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-11-28 18:52 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-11-28 18:52 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-11-28 18:52 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-11-28 18:52 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-11-28 18:52 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-11-28 18:52 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-11-28 18:52 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-11-28 18:52 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-11-28 18:52 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-11-28 18:52 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-11-28 18:51 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-11-28 18:51 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-11-28 18:51 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-11-28 18:51 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-11-28 18:51 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-11-28 18:51 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-11-28 18:51 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-11-28 18:51 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-11-28 14:26 - 2014-11-28 14:26 - 00000216 _____ () C:\Users\Olaf\Desktop\Pinball FX2.url
2014-11-27 20:32 - 2014-11-28 18:56 - 00000000 ____D () C:\Program Files\Steam
2014-11-27 20:32 - 2014-11-28 14:19 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-11-27 20:32 - 2014-11-27 20:32 - 00000763 _____ () C:\Users\Public\Desktop\Steam.lnk
2014-11-27 20:32 - 2014-11-27 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2014-11-27 20:19 - 2014-11-27 20:19 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Skype
2014-11-27 20:17 - 2014-11-27 20:17 - 00001880 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-11-27 20:17 - 2014-11-27 20:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-11-27 20:17 - 2014-11-27 20:17 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-11-27 20:15 - 2014-11-27 20:17 - 00000000 ___RD () C:\Program Files\Skype
2014-11-27 20:09 - 2014-11-27 20:10 - 01546856 _____ (Skype Technologies S.A.) C:\Users\Olaf\Downloads\SkypeSetup(1).exe
2014-11-27 17:59 - 2014-11-27 17:59 - 01174352 _____ () C:\Users\Olaf\Downloads\Skype - CHIP-Installer(1).exe
2014-11-27 17:25 - 2014-11-27 17:30 - 178931512 _____ (NVIDIA Corporation) C:\Users\Olaf\Downloads\307.83-desktop-win7-winvista-32bit-international-whql.exe
2014-11-27 15:26 - 2014-11-27 15:26 - 01174352 _____ () C:\Users\Olaf\Downloads\Skype - CHIP-Installer.exe
2014-11-27 14:58 - 2014-11-27 15:06 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Spotify
2014-11-27 14:58 - 2014-11-27 14:58 - 00001709 _____ () C:\Users\Olaf\Desktop\Spotify.lnk
2014-11-27 14:58 - 2014-11-27 14:58 - 00001695 _____ () C:\Users\Olaf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-11-27 14:57 - 2014-11-30 15:40 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Spotify
2014-11-27 14:57 - 2014-11-27 14:57 - 00137888 _____ (Spotify Ltd) C:\Users\Olaf\Downloads\SpotifySetup.exe
2014-11-27 14:33 - 2005-06-07 16:59 - 14383616 _____ () C:\Users\Olaf\Desktop\gta_sa.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-30 17:36 - 2012-09-26 17:31 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 17:17 - 2012-06-01 14:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 17:13 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 17:13 - 2006-11-02 13:47 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 16:47 - 2014-08-24 14:08 - 00000360 _____ () C:\Windows\Tasks\WpsUpdateTask_Olaf.job
2014-11-30 16:35 - 2013-03-02 15:42 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\vlc
2014-11-30 14:13 - 2013-10-17 17:06 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50.job
2014-11-30 14:13 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 02:26 - 2006-11-02 14:01 - 00032642 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-11-30 02:25 - 2012-11-30 19:06 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\ICQ
2014-11-30 02:17 - 2013-02-15 18:14 - 00000000 ____D () C:\Users\Olaf\AppData\Roaming\Skype
2014-11-28 18:52 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-11-27 21:02 - 2014-05-15 16:33 - 00004426 _____ () C:\Windows\PFRO.log
2014-11-27 20:18 - 2013-02-15 18:14 - 00000000 ____D () C:\ProgramData\Skype
2014-11-27 17:43 - 2012-06-01 14:51 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-27 17:38 - 2012-06-01 14:07 - 00000000 ____D () C:\Users\Olaf
2014-11-27 15:17 - 2012-06-01 14:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-11-27 15:17 - 2012-06-01 14:59 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-11-27 14:34 - 2014-05-13 20:58 - 00004713 _____ () C:\Windows\setupact.log
2014-11-24 21:59 - 2006-11-02 11:33 - 00526648 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 20:19 - 2014-01-01 17:42 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-24 20:17 - 2012-06-09 21:21 - 00000000 ____D () C:\Program Files\IObit
2014-11-24 20:17 - 2012-06-01 14:54 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-11-24 20:10 - 2014-01-01 17:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 7
2014-11-24 20:08 - 2014-08-16 22:33 - 00000000 ____D () C:\Program Files\AutoHotkey
2014-11-24 20:08 - 2006-11-02 13:37 - 00000000 ____D () C:\Windows\ShellNew
2014-11-23 12:57 - 2014-05-13 20:58 - 00093677 _____ () C:\Windows\WindowsUpdate.log
2014-11-23 12:52 - 2013-08-21 13:12 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-23 12:51 - 2006-11-02 11:24 - 100445232 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-11-22 16:21 - 2012-11-15 10:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-11-22 16:20 - 2012-11-15 10:52 - 00000000 ____D () C:\Program Files\Avira
2014-11-22 16:15 - 2012-11-15 10:52 - 00000000 ____D () C:\ProgramData\Avira
2014-11-21 16:25 - 2012-06-01 14:14 - 00071104 _____ () C:\Users\Olaf\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-21 16:24 - 2006-11-02 13:47 - 00295784 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-17 22:57 - 2014-09-19 18:52 - 00000000 ____D () C:\Users\Olaf\AppData\Local\Kingsoft
2014-11-17 22:53 - 2014-08-24 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingsoft Writer
2014-11-17 22:50 - 2014-08-24 13:57 - 00000000 ____D () C:\Program Files\Kingsoft

Some content of TEMP:
====================
C:\Users\Olaf\AppData\Local\Temp\avgnt.exe
C:\Users\Olaf\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Olaf\AppData\Local\Temp\Quarantine.exe
C:\Users\Olaf\AppData\Local\Temp\updatepackasc.exe
C:\Users\Olaf\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Olaf\AppData\Local\Temp\{DC3C136F-EE75-4E5E-9150-0372386BC25B}-38.0.2125.111_chrome_installer.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-30 14:33

==================== End Of Log ============================

--- --- ---

addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-11-2014
Ran by Olaf at 2014-11-30 17:41:33
Running from C:\Users\Olaf\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)


==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader X (10.1.3) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AOL Deinstallation (Version:  - ) Hidden
Avira (HKLM\...\{9480d4af-12b9-4e56-8034-4031ef6ab39d}) (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.25.25607 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.7.342 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
CLEO 4.3 (HKLM\...\{A8F37EB0-C741-41D7-8CAB-5B40ECEEF094}_is1) (Version: 4.3 - Seemann, Deji, Alien)
Creator 9 (HKLM\...\CREATOR9) (Version:  - )
dirhtml v4.861 (HKLM\...\{692DF640-F6EE-4BA2-90FD-466B9A23A6B5}_is1) (Version:  - Eric Nitzsche)
Driver Booster (HKLM\...\Driver Booster_is1) (Version: 1.1 - IObit)
Epson Easy Photo Print 2 (HKLM\...\{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}) (Version: 2.1.0.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
EPSON SX510W Series Printer Uninstall (HKLM\...\EPSON SX510W Series) (Version:  - SEIKO EPSON Corporation)
ffdshow [rev 3154] [2009-12-09] (HKLM\...\ffdshow_is1) (Version: 1.0 - )
Google Chrome (HKLM\...\Google Chrome) (Version: 39.0.2171.71 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Grand Theft Auto San Andreas (HKLM\...\{086BADF8-9B1F-4E89-B207-2EDA520972D6}) (Version: 1.00.00001 - Rockstar Games)
HDRegDE (HKLM\...\{D359B12F-9B1A-46FD-B70C-F507B5B11590}) (Version: 1.0.0 - Altwood Systems Limited)
Heart Of Darkness (HKLM\...\Heart Of Darkness) (Version: v1.4 - Amazing Studio & Infogrames)
ICQ7M (HKLM\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
Infocentre Rev. 2.0 (HKLM\...\Infocentre) (Version:  - )
IObit Malware Fighter (HKLM\...\IObit Malware Fighter_is1) (Version: 2.1 - IObit)
IObit Uninstaller (HKLM\...\IObitUninstall) (Version: 3.0.5.1228 - IObit)
Java 7 Update 45 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.450 - Oracle)
Kingsoft Office 2013 (9.1.0.4550) (HKLM\...\Kingsoft Office) (Version: 9.1.0.4550 - Kingsoft Corp.)
Kingsoft Writer  (8.1.0.3198) (HKLM\...\Kingsoft Writer) (Version: 8.1.0.3198 - Kingsoft Corp.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB953297) (HKLM\...\M953297) (Version:  - )
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 33.1.1 (x86 de) (HKLM\...\Mozilla Firefox 33.1.1 (x86 de)) (Version: 33.1.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nexon Game Manager (HKLM\...\{289AC7E0-0AEE-4a7b-913C-709D9803D23E}) (Version:  - )
NIS2007 (HKLM\...\NIS2007_DE) (Version:  - )
NVIDIA Grafiktreiber 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Opera 12.17 (HKLM\...\Opera 12.17.1863) (Version: 12.17.1863 - Opera Software ASA)
Packard Bell Updator (HKLM\...\Updator) (Version:  - )
Pinball FX2 (HKLM\...\Steam App 226980) (Version:  - Zen Studios)
Realtek HD Audio V6.0.1.5322 (HKLM\...\AUDIO_REALTEK) (Version:  - )
Realtek High Definition Audio Driver (Version: 6.0.1.5322 - Realtek Semiconductor Corp.) Hidden
RTC Client API v1.2 (HKLM\...\{44CDBD1B-89FB-4E02-8319-2A4C550F664A}) (Version: 1.2.0000 - Microsoft)
SciTE4AutoHotkey v3.0.05.01 (HKLM\...\SciTE4AutoHotkey) (Version: v3.0.05.01 - fincs)
SetUp My PC (HKLM\...\SETUPMYPC_DE) (Version:  - )
Skype™ 6.22 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.22.107 - Skype Technologies S.A.)
Smart Defrag 2 (HKLM\...\Smart Defrag 2_is1) (Version: 2.9 - IObit)
Sony Eyetoy Webcam (HKLM\...\Sony Eyetoy Webcam) (Version:  - )
Sony Mobile Update Engine (HKLM\...\Update Engine) (Version: 2.14.6.201404170858 - Sony Mobile Communications AB)
Sony PC Companion 2.10.197 (HKLM\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.197 - Sony)
Spotify (HKU\S-1-5-21-1783187169-4266523473-792420036-1002\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Steam (HKLM\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Surfing Protection (HKLM\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
System Requirements Lab CYRI (HKLM\...\{943A8D28-80D6-41DC-AE94-81FEB42041BF}) (Version: 4.5.1.0 - Husdawg, LLC)
Video NVIDIA v97.19 (HKLM\...\VIDEO_NVIDIA) (Version:  - )
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
WinRAR 4.11 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1002_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{087B3AE3-E237-4467-B8DB-5A38AB959AC9}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{30A2652A-DDF7-45e7-ACA6-3EAB26FC8A4E}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{3B092F0C-7696-40E3-A80F-68D74DA84210}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{41662FC2-0D57-4aff-AB27-AD2E12E7C273}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{448BB771-CFE2-47C4-BCDF-1FBF378E202C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{63542C48-9552-494A-84F7-73AA6A7C99C1}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7B342DC4-139A-4a46-8A93-DB0827CCEE9C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7BC0E710-5703-45BE-A29D-5D46D8B39262}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\ooofilt.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{7FA8AE11-B3E3-4D88-AABF-255526CD1CE8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{82154420-0FBF-11d4-8313-005004526AB4}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{AE424E85-F6DF-4910-A6A9-438797986431}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}\InprocServer32 -> C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll (Apache Software Foundation)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{D0484DE6-AAEE-468a-991F-8D4B0737B57A}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{D2D59CD1-0A6A-4D36-AE20-47817077D57C}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{E5A0B632-DFBA-4549-9346-E414DA06E6F8}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{EE5D1EA4-D445-4289-B2FC-55FC93693917}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
CustomCLSID: HKU\S-1-5-21-1783187169-4266523473-792420036-1003_Classes\CLSID\{F616B81F-7BB8-4F22-B8A5-47428D59F8AD}\localserver32 -> C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)

==================== Restore Points  =========================

17-11-2014 21:05:30 Geplanter Prüfpunkt
21-11-2014 16:12:43 Geplanter Prüfpunkt
22-11-2014 15:26:36 Windows Update
23-11-2014 11:50:35 Windows Update
24-11-2014 19:23:26 Installiert Grand Theft Auto San Andreas
27-11-2014 13:09:07 Geplanter Prüfpunkt
27-11-2014 16:36:39 Gerätetreiber-Paketinstallation: NVIDIA Grafikkarte
28-11-2014 12:11:56 Geplanter Prüfpunkt
28-11-2014 17:48:52 DirectX wurde installiert
28-11-2014 17:54:16 DirectX wurde installiert
29-11-2014 18:41:30 Geplanter Prüfpunkt
30-11-2014 16:03:29 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2006-09-18 22:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
::1             localhost

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {07BFD074-457D-4543-9EA9-2E2113B5CD4D} - System32\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50 => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {0B604BDE-56B2-4966-8601-BD28A2C98506} - System32\Tasks\Driver Booster Scan => C:\Program Files\IObit\Driver Booster\Scheduler.exe [2013-11-08] (IObit)
Task: {33C5459A-30B6-40CC-888F-C69748553D85} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {3F507F14-0EC4-4942-BAF4-10356CE5A169} - System32\Tasks\Microsoft\Windows\RestartManager\{5B04DB79-54BC-45e2-BFCA-CE08FC7EA726} => C:\Windows\system32\rmclient.exe [2006-11-02] (Microsoft Corporation)
Task: {6263BCCA-BADE-4E87-8727-750707D9924E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-27] (Adobe Systems Incorporated)
Task: {732E4FE3-4F39-4B13-A236-C26E0DE63A3F} - System32\Tasks\WpsUpdateTask_Olaf => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe [2014-11-21] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {8BA7087B-11BA-4B3D-93D9-CB47C97D7D1C} - System32\Tasks\{A548045A-EAC9-44D9-A955-E32D3C12587F} => c:\program files\opera\opera.exe [2014-04-25] (Opera Software)
Task: {9DA3D1FB-A27A-4119-90DB-CC26E386FF64} - System32\Tasks\Recovery DVD Creator => C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [2006-11-21] (Packard Bell BV)
Task: {A28808C4-F0B3-4CB6-832B-CA3744C0FF0F} - System32\Tasks\ASC7_SkipUac_Olaf => C:\Program Files\IObit\Advanced SystemCare 7\ASC.exe
Task: {A819BABA-F931-4BD1-9162-9FE510106147} - System32\Tasks\WpsNotifyTask_Olaf => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe [2014-03-30] (Zhuhai Kingsoft Office Software Co.,Ltd)
Task: {C03093B1-B3AB-4B1A-8DE6-5CF32CA5ABE9} - System32\Tasks\Erweiterte Garantie => C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [2006-11-21] (Packard Bell BV)
Task: {C5A54F83-00EB-4095-9374-C73574B19307} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-09-26] (Google Inc.)
Task: {C81A3A6E-90AC-4BE4-8CA1-19E01465415B} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files\IObit\Game Booster 3\AutoUpdate.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Erweiterte Garantie.job => C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cecb52cb476d50.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Recovery DVD Creator.job => C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
Task: C:\Windows\Tasks\WpsNotifyTask_Olaf.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsnotify.exe
Task: C:\Windows\Tasks\WpsUpdateTask_Olaf.job => C:\Program Files\Kingsoft\Kingsoft Office\wtoolex\wpsupdate.exe

==================== Loaded Modules (whitelisted) =============

2012-06-08 20:17 - 2012-02-17 19:55 - 00166912 _____ () C:\Program Files\WinRAR\rarext.dll
2014-10-22 15:12 - 2014-10-22 15:12 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-11-22 18:54 - 2014-11-22 18:54 - 03649648 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdvancedSystemCareService7 => 2
MSCONFIG\startupfolder: C:^Users^Olaf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk => C:\Windows\pss\OpenOffice.org 3.4.1.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Advanced SystemCare 6 => "C:\Program Files\IObit\Advanced SystemCare 6\ASCTray.exe" /AutoStart
MSCONFIG\startupreg: avgnt => "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
MSCONFIG\startupreg: Browser Infrastructure Helper => C:\Users\Olaf\AppData\Local\Smartbar\Application\Smartbar.exe startup
MSCONFIG\startupreg: EPSON SX510W Series => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_SDA8B.tmp" /EF "HKCU"
MSCONFIG\startupreg: EPSON SX510W Series (Kopie 1) => C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIFIE.EXE /FU "C:\Windows\TEMP\E_S5D1D.tmp" /EF "HKCU"
MSCONFIG\startupreg: HostManager => C:\Program Files\Common Files\AOL\1166786087\ee\AOLSoftware.exe
MSCONFIG\startupreg: ICQ => "C:\Program Files\ICQ7M\ICQ.exe" silent loginmode=4
MSCONFIG\startupreg: IObit Malware Fighter => "C:\Program Files\IObit\IObit Malware Fighter\IMF.exe" /autostart
MSCONFIG\startupreg: IS CfgWiz => "C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe" /MODULE CfgWiz /GUID {BC8D3EAF-F864-4d4b-AB4D-B3D0C32E2840} /MODE CfgWiz /CMDLINE "REBOOT"
MSCONFIG\startupreg: ISUSPM Startup => C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: RoxWatchTray => c:\program files\common files\roxio shared\9.0\sharedcom\roxwatchtray9.exe
MSCONFIG\startupreg: RtHDVCpl => rthdvcpl.exe
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SmpcSys => C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
MSCONFIG\startupreg: Sony PC Companion => "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
MSCONFIG\startupreg: Spotify => "C:\Users\Olaf\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Olaf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: WindowsWelcomeCenter => rundll32.exe oobefldr.dll,ShowWelcomeCenter
MSCONFIG\startupreg: WMPNSCFG => c:\program files\windows media player\wmpnscfg.exe

========================= Accounts: ==========================

Administrator (S-1-5-21-1783187169-4266523473-792420036-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1783187169-4266523473-792420036-1001 - Limited - Enabled)
Gast (S-1-5-21-1783187169-4266523473-792420036-501 - Limited - Disabled)
Olaf (S-1-5-21-1783187169-4266523473-792420036-1002 - Administrator - Enabled) => C:\Users\Olaf
UpdatusUser (S-1-5-21-1783187169-4266523473-792420036-1003 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2014 06:56:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" ; Beschreibung = dw; Hr = 0x80070057).

Error: (11/28/2014 06:54:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d}

Error: (11/28/2014 06:53:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Fehler beim Erstellen des Wiederherstellungspunkts auf dem Volume (Prozess = C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" /silent; Beschreibung = dw; Hr = 0x80070057).

Error: (11/28/2014 06:48:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d}

Error: (11/27/2014 08:54:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung steamwebhelper.exe, Version 2.50.25.37, Zeitstempel 0x546ba74e, fehlerhaftes Modul libcef.dll, Version 3.1916.1692.0, Zeitstempel 0x543d533d, Ausnahmecode 0x80000003, Fehleroffset 0x000a3680,
Prozess-ID 0xbcc, Anwendungsstartzeit steamwebhelper.exe0.

Error: (11/27/2014 03:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 33.1.1.5430, Zeitstempel 0x54656826, fehlerhaftes Modul mozalloc.dll, Version 33.1.1.5430, Zeitstempel 0x54654321, Ausnahmecode 0x80000003, Fehleroffset 0x00001425,
Prozess-ID 0xf08, Anwendungsstartzeit plugin-container.exe0.

Error: (11/24/2014 10:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung nvtray.exe, Version 7.17.13.783, Zeitstempel 0x510a2910, fehlerhaftes Modul nvtray.exe, Version 7.17.13.783, Zeitstempel 0x510a2910, Ausnahmecode 0x40000015, Fehleroffset 0x001031ef,
Prozess-ID 0x1a4, Anwendungsstartzeit nvtray.exe0.

Error: (11/24/2014 08:23:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7a847fd9-04de-4710-91cc-80a87185434c}

Error: (11/24/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setFE23.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, fehlerhaftes Modul setFE23.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, Ausnahmecode 0xc0000005, Fehleroffset 0x00007139,
Prozess-ID 0xb14, Anwendungsstartzeit setFE23.tmp0.

Error: (11/24/2014 08:12:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setA748.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, fehlerhaftes Modul setA748.tmp, Version 10.50.0.125, Zeitstempel 0x4178b4a2, Ausnahmecode 0xc0000005, Fehleroffset 0x00007139,
Prozess-ID 0xbf4, Anwendungsstartzeit setA748.tmp0.


System errors:
=============
Error: (11/30/2014 02:15:39 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate1

Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Automatisches LiveUpdate - Scheduler%%3

Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: IMF Service%%1053

Error: (11/30/2014 02:15:20 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000IMF Service

Error: (11/28/2014 07:04:32 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 28.11.2014 um 19:01:29 unerwartet heruntergefahren.

Error: (11/27/2014 09:05:09 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: LiveUpdate1

Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Automatisches LiveUpdate - Scheduler%%3

Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: IMF Service%%1053

Error: (11/27/2014 09:04:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000IMF Service

Error: (11/27/2014 08:40:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Steam Client Service%%1053


Microsoft Office Sessions:
=========================
Error: (11/28/2014 06:56:01 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" dw0x80070057

Error: (11/28/2014 06:54:15 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d}

Error: (11/28/2014 06:53:42 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Program Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe Files\Steam\steamapps\common\Pinball FX2\_CommonRedist\DirectX\Jun2010\DXSETUP.exe" /silentdw0x80070057

Error: (11/28/2014 06:48:40 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {f39bffb7-25f3-41cf-abfe-5a2f3608f13d}

Error: (11/27/2014 08:54:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: steamwebhelper.exe2.50.25.37546ba74elibcef.dll3.1916.1692.0543d533d80000003000a3680bcc01d00a79f9f343a7

Error: (11/27/2014 03:07:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe33.1.1.543054656826mozalloc.dll33.1.1.5430546543218000000300001425f0801d00a4a8c3f8fe8

Error: (11/24/2014 10:22:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nvtray.exe7.17.13.783510a2910nvtray.exe7.17.13.783510a291040000015001031ef1a401d0081b5d23cf56

Error: (11/24/2014 08:23:23 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7a847fd9-04de-4710-91cc-80a87185434c}

Error: (11/24/2014 08:22:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setFE23.tmp10.50.0.1254178b4a2setFE23.tmp10.50.0.1254178b4a2c000000500007139b1401d0081c058d861d

Error: (11/24/2014 08:12:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setA748.tmp10.50.0.1254178b4a2setA748.tmp10.50.0.1254178b4a2c000000500007139bf401d0081a9fdb80aa


CodeIntegrity Errors:
===================================
  Date: 2013-11-22 18:25:50.734
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 21:33:29.375
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-20 19:26:05.906
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-19 16:47:43.484
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-19 06:50:37.656
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-18 17:32:19.625
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-18 13:08:13.015
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-17 11:58:51.390
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-16 18:02:37.843
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-11-14 17:21:07.421
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\PROGRA~2\BitGuard\271769~1.27\{C16C1~1\BitGuard.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz
Percentage of memory in use: 85%
Total physical RAM: 1021.88 MB
Available physical RAM: 143.57 MB
Total Pagefile: 2292.87 MB
Available Pagefile: 580.96 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.16 MB

==================== Drives ================================

Drive c: (HDD) (Fixed) (Total:141.05 GB) (Free:78.13 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149.1 GB) (Disk ID: F6CBED85)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=141 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber · 30.11.2014, 19:19

hi,

sieht gut aus

30.11.2014, 19:19	#2
schrauber /// the machine /// TB-Ausbilder	Facebook (Virus) hi, sieht gut aus __________________ __________________

Facebook (Virus)

Plagegeister aller Art und deren Bekämpfung: Facebook (Virus)

Facebook (Virus)

Facebook (Virus)

Ähnliche Themen: Facebook (Virus)