| |
| |||||||
Log-Analyse und Auswertung: Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
13.06.2014, 11:25
| #1 |
 |  Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Halle liebes Board Team ich habe wie auch andere das Problem das mein Avast von irgend etwas blockiert wird, wie auch schon im Titel zu lesen. Ich weis jetzt nur leider nicht mit was ich anfangen soll da in jedem Thread etwas anderes steht. Somit bitte ich um eure Hilfe das ich meinen Rechner wieder sauber bekomme. mfg Timo |
|
13.06.2014, 11:31
| #2 |
| /// TB-Ausbilder   |  Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen. Bitte beachte folgende Hinweise:
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags:  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert deinem Helfer massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Danke für deine Mitarbeit! Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
15.06.2014, 22:09
| #3 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Hallo Matthias danke schon mal für deine Hilfe.
__________________FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014 Ran by Faust (administrator) on DAINEC-III on 15-06-2014 23:04:49 Running from C:\Users\Faust\Downloads Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Infowatch) C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation) HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION HKU\S-1-5-21-3619498111-4055357529-868238896-1000\...\Run: [ItewdUzkij] => regsvr32.exe "C:\ProgramData\ItewdUzkij.dat" Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51 SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51 SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms} SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms} BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH) BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.) BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO) BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH) BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO) BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 FF DefaultSearchEngine: Lycle FF SearchEngineOrder.1: WebSearch FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch"); FF SelectedSearchEngine: Lycle FF Homepage: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51 FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF user.js: detected! => C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14] FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14] FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25] FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21] FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\url_advisor@kaspersky.com [2014-05-31] FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\virtual_keyboard@kaspersky.com [2014-05-31] FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\content_blocker@kaspersky.com [2014-05-31] FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\anti_banner@kaspersky.com [2014-05-31] FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com [2014-05-31] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR RestoreOnStartup: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51" CHR StartupUrls: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51" CHR Extension: (greatsaveR) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb [2014-01-16] CHR Extension: (SNT) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi [2014-04-07] CHR Extension: (YTBOokMaorrk) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf [2014-01-16] CHR Extension: (sAfewiebu) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf [2014-04-07] CHR Extension: (YoutubeAdblocker) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo [2014-01-16] CHR Extension: (Pic Enhance) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-16] CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [2013-11-11] CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx [2013-11-11] ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software) R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128 2013-11-11] (Kaspersky Lab ZAO) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 CSObjectsSrv; C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888 2013-09-25] (Infowatch) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed] U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] () R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software) R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc) R0 CSCrySec; C:\Windows\System32\DRIVERS\CSCrySec.sys [84536 2011-06-02] (Infowatch) R1 CSVirtualDiskDrv; C:\Windows\System32\DRIVERS\CSVirtualDiskDrv.sys [66616 2011-06-02] (Infowatch) S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] () R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-05-31] (Kaspersky Lab ZAO) U5 klflt; C:\Windows\System32\Drivers\klflt.sys [92768 2014-06-12] (Kaspersky Lab ZAO) R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628288 2014-06-12] (Kaspersky Lab ZAO) R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2014-05-31] (Kaspersky Lab ZAO) R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-11-11] (Kaspersky Lab ZAO) R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-11-11] (Kaspersky Lab ZAO) R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178448 2013-11-11] (Kaspersky Lab ZAO) R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-15] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH) S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH) S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH) R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek) R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-15 23:04 - 2014-06-15 23:05 - 00024541 _____ () C:\Users\Faust\Downloads\FRST.txt 2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST 2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Downloads\FRST64.exe 2014-06-13 12:05 - 2014-06-15 22:51 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-13 12:04 - 2014-06-13 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe 2014-06-13 12:04 - 2014-06-13 12:04 - 00719128 _____ ( ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe 2014-06-13 12:04 - 2014-06-13 12:04 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-13 12:04 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-13 12:04 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-13 12:04 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World 2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World 2014-05-31 01:54 - 2014-05-31 01:54 - 00002216 _____ () C:\Users\Faust\Desktop\Sicherer Zahlungsverkehr.lnk 2014-05-31 01:52 - 2014-06-15 22:51 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-05-31 01:52 - 2014-06-12 20:59 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-05-31 01:52 - 2014-06-12 20:59 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-05-31 01:52 - 2014-05-31 01:52 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-31 01:52 - 2013-11-11 19:13 - 00064856 _____ (Kaspersky Lab) C:\Windows\system32\klfphc.dll 2014-05-31 01:52 - 2011-06-02 14:39 - 00084536 _____ (Infowatch) C:\Windows\system32\Drivers\CSCrySec.sys 2014-05-31 01:52 - 2011-06-02 14:39 - 00066616 _____ (Infowatch) C:\Windows\system32\Drivers\CSVirtualDiskDrv.sys 2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe 2014-05-31 01:36 - 2014-05-31 01:41 - 194045080 _____ (Kaspersky Lab) C:\Users\Faust\Downloads\pure13.0.2.558abcdDE_5372.exe 2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll 2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools 2014-05-31 01:24 - 2014-05-31 01:24 - 00719352 _____ (Dailytools GmbH) C:\Users\Faust\Downloads\install_reader11_xp_de_mssd_aaa_aih.exe ==================== One Month Modified Files and Folders ======= 2014-06-15 23:05 - 2014-06-15 23:04 - 00024541 _____ () C:\Users\Faust\Downloads\FRST.txt 2014-06-15 23:05 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp 2014-06-15 23:04 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST 2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Downloads\FRST64.exe 2014-06-15 22:58 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-15 22:58 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-15 22:54 - 2014-01-14 19:52 - 00805799 _____ () C:\Windows\WindowsUpdate.log 2014-06-15 22:54 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat 2014-06-15 22:54 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat 2014-06-15 22:54 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-15 22:51 - 2014-06-13 12:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-15 22:51 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Kaspersky Lab 2014-06-15 22:50 - 2009-07-14 06:51 - 00218580 _____ () C:\Windows\setupact.log 2014-06-15 22:49 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-15 22:49 - 2010-11-21 05:47 - 00485148 _____ () C:\Windows\PFRO.log 2014-06-15 22:49 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client 2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3 2014-06-13 12:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-13 12:11 - 2014-01-25 11:50 - 00000000 ____D () C:\Users\Faust\AppData\Local\genienext 2014-06-13 12:04 - 2014-06-13 12:04 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe 2014-06-13 12:04 - 2014-06-13 12:04 - 00719128 _____ ( ) C:\Users\Faust\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe 2014-06-13 12:04 - 2014-06-13 12:04 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-12 21:33 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin 2014-06-12 20:59 - 2014-05-31 01:52 - 00628288 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys 2014-06-12 20:59 - 2014-05-31 01:52 - 00092768 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys 2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World 2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log 2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World 2014-06-02 16:55 - 2014-01-16 18:32 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro 2014-05-31 02:16 - 2013-11-11 19:13 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys 2014-05-31 02:16 - 2012-08-02 15:09 - 00029792 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klim6.sys 2014-05-31 01:54 - 2014-05-31 01:54 - 00002216 _____ () C:\Users\Faust\Desktop\Sicherer Zahlungsverkehr.lnk 2014-05-31 01:52 - 2014-05-31 01:52 - 00001078 _____ () C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Windows\ELAMBKUP 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0 2014-05-31 01:52 - 2014-05-31 01:52 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab 2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol 2014-05-31 01:41 - 2014-05-31 01:36 - 194045080 _____ (Kaspersky Lab) C:\Users\Faust\Downloads\pure13.0.2.558abcdDE_5372.exe 2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe 2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe 2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools 2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-05-31 01:24 - 2014-05-31 01:24 - 00719352 _____ (Dailytools GmbH) C:\Users\Faust\Downloads\install_reader11_xp_de_mssd_aaa_aih.exe 2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps 2014-05-28 12:54 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-05-23 22:41 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 2014-05-16 23:55 - 2014-05-10 23:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Skype Some content of TEMP: ==================== C:\Users\Faust\AppData\Local\Temp\down.4620.EzDownloader_setup.exe C:\Users\Faust\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Faust\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Faust\AppData\Local\Temp\LiveSupport_setup.exe C:\Users\Faust\AppData\Local\Temp\nv3DVStreaming.dll C:\Users\Faust\AppData\Local\Temp\nvSCPAPI.dll C:\Users\Faust\AppData\Local\Temp\nvStereoApiI.dll C:\Users\Faust\AppData\Local\Temp\nvStInst.exe C:\Users\Faust\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\Faust\AppData\Local\Temp\sonarinst.exe C:\Users\Faust\AppData\Local\Temp\sqlite3.exe C:\Users\Faust\AppData\Local\Temp\TsuAB37D88A.dll C:\Users\Faust\AppData\Local\Temp\UNT821D.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 19:34 ==================== End Of Log ============================ --- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Faust at 2014-06-15 23:05:16
Running from C:\Users\Faust\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky PURE 3.0 (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Kaspersky PURE 3.0 (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: Kaspersky PURE 3.0 (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version: - )
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Kaspersky PURE 3.0 (HKLM-x32\...\InstallWIX_{D0702EE9-9DE4-419A-9C6C-4730B1C985BA}) (Version: 13.0.2.558 - Kaspersky Lab)
Kaspersky PURE 3.0 (x32 Version: 13.0.2.558 - Kaspersky Lab) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: - Native Instruments)
Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
==================== Restore Points =========================
21-04-2014 17:45:05 avast! antivirus system restore point
21-04-2014 20:40:17 avast! antivirus system restore point
27-04-2014 14:30:02 DirectX wurde installiert
06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller
06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller
06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller
11-05-2014 15:03:24 DirectX wurde installiert
16-05-2014 19:17:03 DirectX wurde installiert
02-06-2014 15:11:51 DirectX wurde installiert
02-06-2014 16:00:13 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)
Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-13 11:54 - 2014-06-13 11:54 - 02775040 _____ () C:\Program Files\AVAST Software\Avast\defs\14061300\algo.dll
2014-06-15 22:50 - 2014-06-15 22:50 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061501\algo.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 00479752 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\dblite.dll
2012-12-20 18:19 - 2012-12-20 18:19 - 01310728 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kpcengine.2.2.dll
2014-01-14 22:44 - 2013-09-17 04:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2014-05-10 11:20 - 2014-05-10 11:20 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 07:05:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 04:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2014 03:24:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/15/2014 10:51:45 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EVE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DC1FE64F-4EA6-463E-8BAC-F388B8156CA6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/12/2014 08:36:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 08.06.2014 um 19:38:16 unerwartet heruntergefahren.
Error: (06/02/2014 07:10:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (05/31/2014 03:24:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.
Error: (05/31/2014 03:24:51 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.
Error: (05/31/2014 03:24:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
%%1747
Error: (05/31/2014 03:24:50 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet:
%%-2147024882
Error: (05/31/2014 03:22:07 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (05/31/2014 03:22:07 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1352
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (05/31/2014 03:22:07 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1069upnphost{204810B9-73B2-11D4-BF42-00B0D0118B56}
Microsoft Office Sessions:
=========================
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 07:05:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/02/2014 04:52:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/31/2014 03:24:39 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-06-08 19:35:31.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.839
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.822
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.005
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.003
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:55.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 24%
Total physical RAM: 10185.38 MB
Available physical RAM: 7708.4 MB
Total Pagefile: 20368.96 MB
Available Pagefile: 17683.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:390.98 GB) NTFS
Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.45 GB) NTFS
Drive g: () (Fixed) (Total:232.88 GB) (Free:232.79 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 233 GB) (Disk ID: BF5FBF5F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 932 GB) (Disk ID: 6C0AACB3)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.06.2014, 08:46
| #4 |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Alle Tools auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind. Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 Scan mit Combofix
Bitte poste mit deiner nächsten Antwort
|
|
16.06.2014, 13:03
| #5 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. so hier die von dir gewünschten logs. FRST Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-06-2014
Ran by Faust at 2014-06-16 13:37:22 Run:1
Running from C:\Users\Faust\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
HKLM Group Policy restriction on software: C:\Program Files\AVAST Software <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\AVAST Software <====== ATTENTION
end
*****************
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
==== End of Fixlog ====
ComboFix Code:
ATTFilter ComboFix 14-06-16.01 - Faust 16.06.2014 13:52:49.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.10185.8227 [GMT 2:00]
ausgeführt von:: c:\users\Faust\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Kaspersky PURE 3.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky PURE 3.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Kaspersky PURE 3.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-16 bis 2014-06-16 ))))))))))))))))))))))))))))))
.
.
2014-06-16 11:55 . 2014-06-16 11:55 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-06-16 11:55 . 2014-06-16 11:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-16 11:55 . 2014-06-16 11:55 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-06-15 21:04 . 2014-06-16 11:37 -------- d-----w- C:\FRST
2014-06-13 10:05 . 2014-06-16 11:36 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-13 10:04 . 2014-06-13 10:04 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-13 10:04 . 2014-06-13 10:04 -------- d-----w- c:\programdata\Malwarebytes
2014-06-13 10:04 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-13 10:04 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-13 10:04 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-30 23:52 . 2013-11-11 17:13 64856 ----a-w- c:\windows\system32\klfphc.dll
2014-05-30 23:52 . 2011-06-02 12:39 66616 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys
2014-05-30 23:52 . 2014-05-30 23:52 -------- dc----w- c:\windows\system32\DRVSTORE
2014-05-30 23:52 . 2011-06-02 12:39 84536 ----a-w- c:\windows\system32\drivers\CSCrySec.sys
2014-05-30 23:52 . 2014-05-30 23:52 -------- d-----w- c:\windows\ELAMBKUP
2014-05-30 23:52 . 2014-05-30 23:52 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch
2014-05-30 23:52 . 2014-06-16 11:32 -------- d-----w- c:\programdata\Kaspersky Lab
2014-05-30 23:52 . 2014-05-30 23:52 -------- d-----w- c:\program files (x86)\Kaspersky Lab
2014-05-30 23:52 . 2014-06-12 18:59 628288 ----a-w- c:\windows\system32\drivers\klif.sys
2014-05-30 23:52 . 2014-06-12 18:59 92768 ----a-w- c:\windows\system32\drivers\klflt.sys
2014-05-30 23:37 . 2014-05-30 23:37 -------- d-----w- c:\users\Faust\AppData\Local\Adobe
2014-05-30 23:35 . 2014-05-30 23:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-05-30 23:26 . 2014-05-30 23:26 352256 ----a-w- c:\windows\SysWow64\update1.dll
2014-05-30 23:25 . 2014-05-30 23:25 -------- d-----w- c:\program files\Dailytools
2014-05-30 23:25 . 2014-05-30 23:25 -------- d-----w- c:\program files (x86)\Dailytools
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-15 21:32 . 2014-01-14 23:27 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-31 00:16 . 2012-08-02 13:09 29792 ----a-w- c:\windows\system32\drivers\klim6.sys
2014-05-31 00:16 . 2013-11-11 17:13 458336 ----a-w- c:\windows\system32\drivers\kl1.sys
2014-05-23 20:52 . 2014-01-14 23:27 214392 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-14 10:52 . 2014-01-16 01:31 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 10:52 . 2014-01-16 01:31 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-12 16:42 . 2014-04-21 20:40 85328 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-05-12 16:42 . 2014-04-21 20:40 423240 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-05-12 16:42 . 2014-04-21 20:40 1039096 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-04-21 20:40 . 2014-04-21 20:40 208416 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-04-21 20:40 . 2014-04-21 20:40 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-04-21 20:40 . 2014-04-21 20:40 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-04-21 20:40 . 2014-04-21 20:40 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-04-21 20:40 . 2014-04-21 20:40 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-04-21 20:40 . 2014-04-21 20:40 334648 ----a-w- c:\windows\system32\aswBoot.exe
2014-04-21 20:40 . 2014-04-21 20:40 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}]
2014-05-30 23:50 255472 ----a-w- c:\program files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-02-19 13:13 294456 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-05-30 23:57 458944 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-02-22 292088]
"EnvyHFCPL"="c:\program files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe" [2010-09-09 543344]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-06-08 3890208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-05-08 959904]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe" [2013-11-11 356128]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISCTSystray.lnk - c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe [2013-8-1 5545448]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
2;2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DailytoolsUpdateService;DailytoolsUpdateService;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe;c:\program files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM 64 bit;c:\windows\system32\drivers\Envy24HF.sys;c:\windows\SYSNATIVE\drivers\Envy24HF.sys [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech Webcam 200(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RL_DJIFIE2_MIDI;Digital Jockey - IE2 WDM MIDI Device;c:\windows\system32\drivers\rldjif2m.sys;c:\windows\SYSNATIVE\drivers\rldjif2m.sys [x]
R3 RL_DJIFIE2_USB;usb-audio.de driver for Reloop Digital Jockey - IE2;c:\windows\system32\Drivers\rldjif2u.sys;c:\windows\SYSNATIVE\Drivers\rldjif2u.sys [x]
R3 RL_DJIFIE2_WDM;Digital Jockey - IE2 WDM Audio;c:\windows\system32\drivers\rldjif2a.sys;c:\windows\SYSNATIVE\drivers\rldjif2a.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys;c:\windows\SYSNATIVE\DRIVERS\CSCrySec.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys;c:\windows\SYSNATIVE\DRIVERS\CSVirtualDiskDrv.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 CSObjectsSrv;Verwaltungsservice vom CryproStorage-System;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 INETMON;INETMON;c:\windows\System32\Drivers\INETMON.sys;c:\windows\SYSNATIVE\Drivers\INETMON.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys;c:\windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK0836.sys [x]
S3 SaiK1708;SaiK1708;c:\windows\system32\DRIVERS\SaiK1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1708.sys [x]
S3 SaiU1708;SaiU1708;c:\windows\system32\DRIVERS\SaiU1708.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1708.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
DailytoolsInstallerService REG_MULTI_SZ DailytoolsInstallerService
DailytoolsUpdateService REG_MULTI_SZ DailytoolsUpdateService
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-16 10:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C2F7351C-5957-4744-B159-59EBEA4E7027}]
2014-05-30 23:50 301040 ----a-w- c:\program files\Dailytools\Websearch\1.0.0.5\Websearch.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2014-02-19 13:13 357432 ----a-w- c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-04-21 20:40 290888 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon]
@="{dd230880-495a-11d1-b064-008048ec2fc5}"
[HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}]
2014-05-30 23:57 491200 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\x64\shellex.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2013-12-10 2279712]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2013-12-10 1100248]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2013-04-16 158208]
"CmPCIaudio"="c:\windows\Syswow64\CMICNFG3.dll" [2009-05-11 8126464]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2013-12-06 7506136]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Lycle
FF - prefs.js: browser.startup.homepage - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
FF - prefs.js: keyword.URL - hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-06-16 13:56:45
ComboFix-quarantined-files.txt 2014-06-16 11:56
ComboFix2.txt 2014-06-16 11:46
.
Vor Suchlauf: 12 Verzeichnis(se), 427.404.623.872 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 427.328.606.208 Bytes frei
.
- - End Of File - - 351CFD59715C8C5E34B1978ADC4101CC
5FB38429D5D77768867C76DCBDB35194
|
|
16.06.2014, 13:08
| #6 | |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Mehrere Anti-Virus-Programme Code:
ATTFilter Kaspersky
avast!
Berichte, für welches Anti-Virus-Programm Du Dich entschieden hast. Zitat:
|
|
16.06.2014, 14:08
| #7 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Ich habe Kaspersike erst installiert nachdem ich bemerkt hatte das Avast blockiert wurde um eventuell den virusbefall weg zu bekommen aber hat ja leider nicht geholfen. Kaspersky war auch nur eine Test-Version somit habe ich diese wieder gelöscht. FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014
Ran by Faust (administrator) on DAINEC-III on 16-06-2014 15:06:23
Running from C:\Users\Faust\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe
(Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)
HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek)
HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek)
HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation)
HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe
SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.amaizingsearches.info/?l=1&q={searchTerms}&pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms}
SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default
FF NewTab: hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327
FF DefaultSearchEngine: Lycle
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: Lycle
FF Homepage: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
FF Keyword.URL: hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js
FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml
FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14]
FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14]
FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25]
FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR RestoreOnStartup: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"
CHR StartupUrls: "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51"
CHR Extension: (greatsaveR) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb [2014-01-16]
CHR Extension: (SNT) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi [2014-04-07]
CHR Extension: (YTBOokMaorrk) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf [2014-01-16]
CHR Extension: (sAfewiebu) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf [2014-04-07]
CHR Extension: (YoutubeAdblocker) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo [2014-01-16]
CHR Extension: (Pic Enhance) - C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie [2014-01-16]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation)
R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed]
U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X]
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] ()
R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc)
S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.)
R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] ()
R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] ()
R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH)
S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH)
S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH)
R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek)
R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek)
R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek)
R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek)
R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek)
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-16 15:01 - 2014-06-16 15:06 - 00017649 _____ () C:\Users\Faust\Desktop\FRST.txt
2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database
2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-16 13:40 - 2014-06-16 13:56 - 00000000 ____D () C:\Qoobox
2014-06-16 13:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-16 13:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-16 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-16 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-16 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-16 13:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-16 13:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-16 13:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-16 13:39 - 2014-06-16 13:46 - 00000000 ____D () C:\Windows\erdnt
2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe
2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-06-15 23:04 - 2014-06-16 15:06 - 00000000 ____D () C:\FRST
2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe
2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe
2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll
2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol
2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools
2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools
==================== One Month Modified Files and Folders =======
2014-06-16 15:06 - 2014-06-16 15:01 - 00017649 _____ () C:\Users\Faust\Desktop\FRST.txt
2014-06-16 15:06 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST
2014-06-16 15:06 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp
2014-06-16 15:03 - 2014-01-14 19:52 - 00816324 _____ () C:\Windows\WindowsUpdate.log
2014-06-16 15:03 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat
2014-06-16 15:03 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat
2014-06-16 15:03 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-16 14:59 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-06-16 14:59 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-16 14:59 - 2009-07-14 06:51 - 00221058 _____ () C:\Windows\setupact.log
2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database
2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Gast
2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Administrator
2014-06-16 14:56 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-16 14:56 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-16 14:47 - 2010-11-21 05:47 - 00487562 _____ () C:\Windows\PFRO.log
2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:56 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp
2014-06-16 13:56 - 2014-06-16 13:40 - 00000000 ____D () C:\Qoobox
2014-06-16 13:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-16 13:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-16 13:46 - 2014-06-16 13:39 - 00000000 ____D () C:\Windows\erdnt
2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe
2014-06-16 13:33 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-16 13:31 - 2014-01-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-06-15 23:53 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin
2014-06-15 23:32 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe
2014-06-15 23:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe
2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client
2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3
2014-06-13 12:11 - 2014-01-25 11:50 - 00000000 ____D () C:\Users\Faust\AppData\Local\genienext
2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World
2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies
2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log
2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World
2014-06-02 16:55 - 2014-01-16 18:32 - 00000000 ____D () C:\Program Files (x86)\Optimizer Pro
2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol
2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe
2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe
2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll
2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools
2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools
2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps
2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-08 19:34
==================== End Of Log ============================
Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Faust at 2014-06-16 15:06:38
Running from C:\Users\Faust\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version: - )
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: - Native Instruments)
Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
==================== Restore Points =========================
27-04-2014 14:30:02 DirectX wurde installiert
06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller
06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller
06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller
11-05-2014 15:03:24 DirectX wurde installiert
16-05-2014 19:17:03 DirectX wurde installiert
02-06-2014 15:11:51 DirectX wurde installiert
02-06-2014 16:00:13 DirectX wurde installiert
16-06-2014 11:41:00 ComboFix created restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)
Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-16 13:33 - 2014-06-16 13:33 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061600\algo.dll
2014-04-21 22:40 - 2014-04-21 22:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-05-10 11:20 - 2014-05-10 11:20 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-14 22:44 - 2013-09-17 04:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (06/16/2014 01:55:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:45:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:44:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:39:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DailytoolsUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (06/15/2014 10:51:45 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "EVE",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{DC1FE64F-4EA6-463E-8BAC-F388B8156CA6}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (06/12/2014 08:36:47 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 08.06.2014 um 19:38:16 unerwartet heruntergefahren.
Error: (06/02/2014 07:10:12 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Windows Update" wurde nicht richtig gestartet.
Error: (05/31/2014 03:24:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Intelligenter Hintergrundübertragungsdienst" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147024846.
Error: (05/31/2014 03:24:51 AM) (Source: Microsoft-Windows-Bits-Client) (EventID: 16392) (User: NT-AUTORITÄT)
Description: Fehler beim Starten des BITS-Dienstes. Fehler: 2147942450.
Microsoft Office Sessions:
=========================
Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
Error: (06/12/2014 08:38:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/08/2014 07:12:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/05/2014 09:11:47 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-06-08 19:35:31.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.839
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.822
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.005
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.003
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:55.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 10185.38 MB
Available physical RAM: 8308.04 MB
Total Pagefile: 20368.96 MB
Available Pagefile: 18323.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:398.84 GB) NTFS
Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.51 GB) NTFS
Drive g: () (Fixed) (Total:232.88 GB) (Free:232.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 6C0AACB3)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 233 GB) (Disk ID: BF5FBF5F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
16.06.2014, 14:20
| #8 |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Gut gemacht, so geht es weiter: Schritt 1 Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 2 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 3 Bitte deaktiviere dein Anti-Viren-Programm, da es das Ergebnis beeinflussen oder ggf. die Bereinigung stören kann. Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/ und speichere die Datei auf deinem Desktop.
Schritt 4
Bitte poste mit deiner nächsten Antwort
|
|
16.06.2014, 21:42
| #9 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. AdwCleaner[R1] Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 22:08:02
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Faust - DAINEC-III
# Gestartet von : C:\Users\Faust\Desktop\adwcleaner_3.212.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Faust\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gefunden : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js
Datei Gefunden : C:\Users\Faust\AppData\Roaming\regsvr32.exe_log.txt
Datei Gefunden : C:\Users\Faust\daemonprocess.txt
Datei Gefunden : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
Ordner Gefunden : C:\Program Files (x86)\Common Files\337
Ordner Gefunden : C:\Program Files (x86)\eSupport.com
Ordner Gefunden : C:\Program Files (x86)\Mobogenie
Ordner Gefunden : C:\Program Files (x86)\Optimizer Pro
Ordner Gefunden : C:\Program Files (x86)\sAfewiebu
Ordner Gefunden : C:\Program Files (x86)\SNT
Ordner Gefunden : C:\Program Files (x86)\WinZipper
Ordner Gefunden : C:\Program Files (x86)\wisen wizard
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gefunden : C:\ProgramData\sAfewiebu
Ordner Gefunden : C:\ProgramData\SNT
Ordner Gefunden : C:\ProgramData\SuperbApp
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gefunden : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Ordner Gefunden : C:\Users\Administrator\AppData\Local\torch
Ordner Gefunden : C:\Users\Faust\AppData\Local\eSupport.com
Ordner Gefunden : C:\Users\Faust\AppData\Local\genienext
Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gefunden : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Ordner Gefunden : C:\Users\Faust\AppData\Local\Mobogenie
Ordner Gefunden : C:\Users\Faust\AppData\Local\torch
Ordner Gefunden : C:\Users\Faust\AppData\Roaming\iSafe
Ordner Gefunden : C:\Users\Faust\Documents\Mobogenie
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gefunden : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Ordner Gefunden : C:\Users\Gast\AppData\Local\torch
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
Verknüpfung Gefunden : C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.nationzoom.com/?type=sc&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327 )
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Optimizer Pro
Schlüssel Gefunden : [x64] HKCU\Software\Optimizer Pro
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gefunden : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gefunden : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\Software\Desksvc
Schlüssel Gefunden : HKLM\Software\hdcode
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1095609242
Schlüssel Gefunden : HKLM\Software\supWPM
Schlüssel Gefunden : HKLM\Software\V9
Schlüssel Gefunden : HKLM\Software\winzipersvc
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js ]
Zeile gefunden : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327");
Zeile gefunden : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
Zeile gefunden : user_pref("browser.search.order.1", "WebSearch");
Zeile gefunden : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gefunden : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51");
Zeile gefunden : user_pref("extensions.JGGilVm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Zeile gefunden : user_pref("extensions.TWGH6x7fjw.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElement[...]
Zeile gefunden : user_pref("extensions.f3T9AwM6b9t.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self.location.protocol.indexOf('hxxp')>-1 && windo[...]
Zeile gefunden : user_pref("extensions.qTVQ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]
Zeile gefunden : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden [Startup_urls] : hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
Gefunden [Extension] : nehhmemmagpfpcdjhimpmkncfhogjdcf
*************************
AdwCleaner[R0].txt - [10550 octets] - [16/06/2014 15:23:46]
AdwCleaner[R1].txt - [10211 octets] - [16/06/2014 22:08:02]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [10272 octets] ##########
AdwCleaner[S0] Code:
ATTFilter # AdwCleaner v3.212 - Bericht erstellt am 16/06/2014 um 22:09:01
# Aktualisiert 05/06/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Faust - DAINEC-III
# Gestartet von : C:\Users\Faust\Desktop\adwcleaner_3.212.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SNT
Ordner Gelöscht : C:\ProgramData\SuperbApp
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\ProgramData\sAfewiebu
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LiveSupport
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Ordner Gelöscht : C:\Program Files (x86)\eSupport.com
Ordner Gelöscht : C:\Program Files (x86)\Mobogenie
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\SNT
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Program Files (x86)\wisen wizard
Ordner Gelöscht : C:\Program Files (x86)\sAfewiebu
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Faust\AppData\Local\eSupport.com
Ordner Gelöscht : C:\Users\Faust\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Faust\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Faust\AppData\Local\torch
Ordner Gelöscht : C:\Users\Faust\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Faust\Documents\Mobogenie
Ordner Gelöscht : C:\Users\Gast\AppData\Local\torch
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Ordner Gelöscht : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Ordner Gelöscht : C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Datei Gelöscht : C:\Users\Faust\daemonprocess.txt
Datei Gelöscht : C:\Users\Faust\AppData\Roaming\LiveSupport.exe_log.txt
Datei Gelöscht : C:\Users\Faust\AppData\Roaming\regsvr32.exe_log.txt
Datei Gelöscht : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\user.js
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\desk365_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\S-1095609242
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Schlüssel Gelöscht : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\Software\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\Software\winzipersvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
***** [ Browser ] *****
-\\ Internet Explorer v8.0.7601.17514
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.nationzoom.com/newtab/?type=nt&ts=1390643406&from=epom2&uid=WDCXWD10EZRX-00A8LB0_WD-WCC1U188332783327");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51");
Zeile gelöscht : user_pref("extensions.JGGilVm.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sum[...]
Zeile gelöscht : user_pref("extensions.TWGH6x7fjw.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self==window.top){var script=document.createElement[...]
Zeile gelöscht : user_pref("extensions.f3T9AwM6b9t.scode", "(function(){try{if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};}catch(e){};if(window.self.location.protocol.indexOf('hxxp')>-1 && windo[...]
Zeile gelöscht : user_pref("extensions.qTVQ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumoro[...]
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51&l=1&q=");
-\\ Google Chrome v
[ Datei : C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Startup_urls] : hxxp://websearch.amaizingsearches.info/?pid=2517&r=2014/04/07&hid=3711908759180684521&lg=EN&cc=DE&unqvl=51
Gelöscht [Extension] : nehhmemmagpfpcdjhimpmkncfhogjdcf
*************************
AdwCleaner[R0].txt - [10550 octets] - [16/06/2014 15:23:46]
AdwCleaner[R1].txt - [10365 octets] - [16/06/2014 22:08:02]
AdwCleaner[S0].txt - [9605 octets] - [16/06/2014 22:09:01]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9665 octets] ##########
mbam Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.06.2014 Suchlauf-Zeit: 22:14:09 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.06.16.07 Rootkit Datenbank: v2014.06.02.01 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Faust Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 298133 Verstrichene Zeit: 4 Min, 10 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) zoek-results Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 16-June-2014
Tool run by Faust on 16.06.2014 at 22:21:22,86.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Faust\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
16.06.2014 22:22:38 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js:
user_pref("browser.search.defaultenginename", "Lycle");
user_pref("browser.search.selectedEngine", "Lycle");
Added to C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 3);
---- Lines extensions.JGGilVm removed from prefs.js ----
user_pref("extensions.JGGilVm.epoch", "1398188826");
user_pref("extensions.JGGilVm.url", "hxxp://toolkitcard.info/sync2/?q=hfZ9ofDSBShEAen0rTkFqGhTB6lKDzt4okmxtNtVh7n0rjnEqda6rjk8qTsFtMFHhd9Fqda9rTwFqHn7
---- Lines extensions.TWGH6x7fjw removed from prefs.js ----
user_pref("extensions.TWGH6x7fjw.epoch", "1390185851");
user_pref("extensions.TWGH6x7fjw.url", "hxxp://getsrv1.info/sync2/?q=hfZ9ofV9CShEAen0rjC9rGhTB6lKDzt4okmxtNtVh7n0rjnErjw7rjgHrjr7tMFHhd9FqdaFrjUErTn9r
---- Lines extensions.f3T9AwM6b9t removed from prefs.js ----
user_pref("extensions.f3T9AwM6b9t.epoch", "1390185851");
user_pref("extensions.f3T9AwM6b9t.url", "hxxp://toolkitcoupon.us/sync2/?q=hfZ9oeDGDzrMCyVUojw6qdrMg708BNmGWj8wmihGheDUojw9rdwFqTw7rHwGqihIC7n0rjnErjw4
---- Lines extensions.qTVQ removed from prefs.js ----
user_pref("extensions.qTVQ.epoch", "1398188827");
user_pref("extensions.qTVQ.url", "hxxp://taxtaxuk.eu/sync2/?q=hfZ9ofq7D7sMCyVUojs8rjCMg708BNmGWj8wmihGheDUojw9rdnEqHw8qjk8pchIC7n0rjnEqdsFrjC9qTa4tNhV
---- FireFox user.js and prefs.js backups ----
prefs__2229_.backup
==== Deleting Files \ Folders ======================
C:\Users\Faust\.android deleted
C:\PROGRA~2\greatsaveR deleted
C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\Users\Faust\Favorites\Startfenster.lnk deleted
C:\Users\Faust\Favorites\Links\Startfenster.lnk deleted
C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk deleted
C:\Users\Faust\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk deleted
C:\Users\Faust\AppData\Roaming\All CPU MeterV3_Settings.ini deleted
C:\PROGRA~3\InstallMate deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Faust\AppData\Local\cache deleted
C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\search_engine.xml deleted
C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\jetpack deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{4820778D-AB0D-6D18-C316-52A6A0E1D507}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{4820778D-AB0D-6D18-C316-52A6A0E1D507}.old" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{497C131E-2032-051B-B32A-C69A960FBB13}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{497C131E-2032-051B-B32A-C69A960FBB13}.old" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{AD11DADE-C597-45D9-D8C5-1D2EB0B89613}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}.old" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{CA41BB14-E67B-1653-C57B-5CA99418A866}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{CA41BB14-E67B-1653-C57B-5CA99418A866}.old" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1\{E32743D3-5789-6E4F-3998-06FB87C9214B}" deleted
"C:\PROGRA~3\a23d7ff01cc6f6c1" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [21.04.2014 22:40]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{B64D9B05-48E1-4CEB-BF58-E0643994E900}"="C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff" [20.02.2014 20:27]
==== Firefox Extensions ======================
ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default
- Blue Fox - %ProfilePath%\extensions\{241aae70-0022-11de-87af-0800200c9a66}
- Speed Dial - %ProfilePath%\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- Undetermined - %ProfilePath%\extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Skype Click to Call - %AppDir%\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
==== Chrome Look ======================
greatsaveR - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
SNT - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
Pic Enhance - Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
greatsaveR - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
greatsaveR - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
SNT - Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
Pic Enhance - Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
greatsaveR - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
greatsaveR - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
SNT - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
Pic Enhance - Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
greatsaveR - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb
SNT - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi
YTBOokMaorrk - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf
sAfewiebu - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf
YoutubeAdblocker - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo
Pic Enhance - Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie
==== Chrome Fix ======================
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\odemebmneindnbjgmaepmgmnimiajdoo deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\fofenadgmiofhkoelegaicccjbccolbb deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\inggohdfgliihidpbfjmakknbefannfi deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\jllhmaplknpgiibbaahgehidmppcgfhf deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\nehhmemmagpfpcdjhimpmkncfhogjdcf deleted successfully
C:\Users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Faust\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
C:\Users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://www.google.com"
"Default_Page_URL"="hxxp://www.google.com"
"Start Page"="hxxp://www.google.com"
"Search Page"="hxxp://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{CB127E1A-135A-4672-BE00-0D3162B1E50B} Lycle Url="https://www.lycle.net/results?q={searchTerms}"
{E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} SuchMaschine Url="hxxp://www.sm.de/?q={searchTerms}"
==== Reset Google Chrome ======================
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Faust\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully
C:\Users\Faust\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\443c42b8-5c1c-48db-b253-c12b2beb55f7 deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Faust\AppData\Local\Mozilla\Firefox\Profiles\fh9zfzqi.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome Cache found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=478 folders=163 33700215 bytes)
==== Empty Temp Folders ======================
C:\Users\Administrator\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Faust\AppData\Local\Temp will be emptied at reboot
C:\Users\Gast\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Faust\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Faust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
==== EOF on 16.06.2014 at 22:35:40,14 ======================
FRST FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-06-2014 Ran by Faust (administrator) on DAINEC-III on 16-06-2014 22:38:16 Running from C:\Users\Faust\Desktop Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Native Instruments GmbH) C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe () C:\Windows\SysWOW64\PnkBstrA.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe (Saitek) C:\Program Files\SmartTechnology\Software\ProfilerU.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDWebCam.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Saitek) C:\Program Files\SmartTechnology\Software\SaiMfd.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPictureViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMovieViewer.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDYT.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1100248 2013-12-10] (NVIDIA Corporation) HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.) HKLM\...\Run: [ProfilerU] => C:\Program Files\SmartTechnology\Software\ProfilerU.exe [454144 2013-04-16] (Saitek) HKLM\...\Run: [SaiMfd] => C:\Program Files\SmartTechnology\Software\SaiMfd.exe [158208 2013-04-16] (Saitek) HKLM\...\Run: [CmPCIaudio] => C:\Windows\Syswow64\CMICNFG3.dll [8126464 2009-05-11] (C-Media Corporation) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7506136 2013-12-06] (Realtek Semiconductor) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292088 2013-02-22] (Intel Corporation) HKLM-x32\...\Run: [EnvyHFCPL] => C:\Program Files (x86)\VIA\VIAudioi\EnvyADeck\EnMixCPL.exe [543344 2010-09-09] (VIA TECH) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [3890208 2014-06-08] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x2A5599B45611CF01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de StartMenuInternet: IEXPLORE.EXE - c:\program files (x86)\internet explorer\iexplore.exe SearchScopes: HKLM - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage} SearchScopes: HKCU - {CB127E1A-135A-4672-BE00-0D3162B1E50B} URL = https://www.lycle.net/results?q={searchTerms} SearchScopes: HKCU - {E7165A5C-FCC2-40C5-BE3D-739A6949DEAB} URL = hxxp://www.sm.de/?q={searchTerms} BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) BHO-x32: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files (x86)\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH) Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @esn/npbattlelog,version=2.4.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.4.0\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\searchplugins\lycle.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Blue Fox - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{241aae70-0022-11de-87af-0800200c9a66} [2014-01-14] FF Extension: Speed Dial - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-01-14] FF Extension: Adblock Plus - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-25] FF Extension: Websearch - C:\Users\Faust\AppData\Roaming\Mozilla\Firefox\Profiles\fh9zfzqi.default\Extensions\{E6A44534-6DBA-455A-8D78-2DE71DEAA15B}.xpi [2014-05-31] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-04-11] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-21] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION ==================== Services (Whitelisted) ================= R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-04-21] (AVAST Software) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [198120 2013-08-01] () S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 NIHardwareService; C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [5739008 2011-10-12] (Native Instruments GmbH) [File not signed] U2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] () R2 DailytoolsUpdateService; %SystemRoot%\System32\update1.dll [X] ==================== Drivers (Whitelisted) ==================== R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-04-21] () R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-04-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-04-21] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-04-21] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1039096 2014-05-12] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423240 2014-05-12] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [85328 2014-05-12] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [208416 2014-04-21] () R3 cmuda3; C:\Windows\System32\drivers\cmudax3.sys [1154560 2009-05-19] (C-Media Inc) S3 Envy24HFS; C:\Windows\System32\drivers\Envy24HF.sys [228080 2010-07-05] (VIA - IC Ensemble, Inc.) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [21408 2013-08-01] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [21920 2013-08-01] () R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-01] () R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-08-01] () R3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-16] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation) S3 RL_DJIFIE2_MIDI; C:\Windows\System32\drivers\rldjif2m.sys [36416 2009-10-30] (Ploytec GmbH) S3 RL_DJIFIE2_USB; C:\Windows\System32\Drivers\rldjif2u.sys [460864 2009-10-30] (Ploytec GmbH) S3 RL_DJIFIE2_WDM; C:\Windows\System32\drivers\rldjif2a.sys [49728 2009-10-30] (Ploytec GmbH) R3 SaiK0836; C:\Windows\System32\DRIVERS\SaiK0836.sys [172040 2013-01-10] (Saitek) R3 SaiK1708; C:\Windows\System32\DRIVERS\SaiK1708.sys [180544 2012-09-20] (Saitek) R3 SaiMini; C:\Windows\System32\DRIVERS\SaiMini.sys [25120 2013-04-30] (Saitek) R3 SaiNtBus; C:\Windows\System32\drivers\SaiBus.sys [52640 2013-04-30] (Saitek) R3 SaiU1708; C:\Windows\System32\DRIVERS\SaiU1708.sys [47168 2012-09-20] (Saitek) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-16 22:38 - 2014-06-16 22:38 - 00016156 _____ () C:\Users\Faust\Desktop\FRST.txt 2014-06-16 22:36 - 2014-06-16 22:36 - 00023967 _____ () C:\Users\Faust\Desktop\zoek-results.txt 2014-06-16 22:32 - 2014-06-16 22:38 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:21 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-16 22:22 - 2014-06-16 22:35 - 00023967 _____ () C:\zoek-results.log 2014-06-16 22:21 - 2014-06-16 22:35 - 00000000 ____D () C:\zoek_backup 2014-06-16 22:20 - 2014-06-16 22:20 - 00001156 _____ () C:\Users\Faust\Desktop\mbam.txt 2014-06-16 22:14 - 2014-06-16 22:15 - 01285120 _____ () C:\Users\Faust\Desktop\zoek.exe 2014-06-16 22:13 - 2014-06-16 22:37 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-16 22:13 - 2014-06-16 22:13 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-16 22:13 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-06-16 22:13 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-06-16 22:13 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-06-16 22:09 - 2014-06-16 22:09 - 00009753 _____ () C:\Users\Faust\Desktop\AdwCleaner[S0].txt 2014-06-16 22:08 - 2014-06-16 22:08 - 00010365 _____ () C:\Users\Faust\Desktop\AdwCleaner[R1].txt 2014-06-16 15:24 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-06-16 15:23 - 2014-06-16 22:15 - 00000000 ____D () C:\AdwCleaner 2014-06-16 15:21 - 2014-06-16 15:21 - 01333465 _____ () C:\Users\Faust\Desktop\adwcleaner_3.212.exe 2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database 2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt 2014-06-16 13:40 - 2014-06-16 13:56 - 00000000 ____D () C:\Qoobox 2014-06-16 13:40 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe 2014-06-16 13:40 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe 2014-06-16 13:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2014-06-16 13:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2014-06-16 13:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2014-06-16 13:40 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe 2014-06-16 13:40 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe 2014-06-16 13:40 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe 2014-06-16 13:39 - 2014-06-16 13:46 - 00000000 ____D () C:\Windows\erdnt 2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe 2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-15 23:04 - 2014-06-16 22:38 - 00000000 ____D () C:\FRST 2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 18:01 - 2014-06-02 19:00 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World 2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World 2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe 2014-05-31 01:35 - 2014-05-31 01:50 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll 2014-05-31 01:25 - 2014-05-31 01:50 - 00000714 __RSH () C:\ProgramData\ntuser.pol 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools ==================== One Month Modified Files and Folders ======= 2014-06-16 22:38 - 2014-06-16 22:38 - 00016156 _____ () C:\Users\Faust\Desktop\FRST.txt 2014-06-16 22:38 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Faust\AppData\Local\Temp 2014-06-16 22:38 - 2014-06-15 23:04 - 00000000 ____D () C:\FRST 2014-06-16 22:37 - 2014-06-16 22:13 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-06-16 22:36 - 2014-06-16 22:36 - 00023967 _____ () C:\Users\Faust\Desktop\zoek-results.txt 2014-06-16 22:35 - 2014-06-16 22:22 - 00023967 _____ () C:\zoek-results.log 2014-06-16 22:35 - 2014-06-16 22:21 - 00000000 ____D () C:\zoek_backup 2014-06-16 22:35 - 2014-01-14 20:45 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-06-16 22:35 - 2010-11-21 05:47 - 00488584 _____ () C:\Windows\PFRO.log 2014-06-16 22:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-16 22:35 - 2009-07-14 06:51 - 00223536 _____ () C:\Windows\setupact.log 2014-06-16 22:34 - 2014-01-14 19:52 - 00823733 _____ () C:\Windows\WindowsUpdate.log 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Public\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Gast\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp 2014-06-16 22:32 - 2014-06-16 22:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\temp 2014-06-16 22:29 - 2014-01-14 18:57 - 00000000 ____D () C:\Users\Faust 2014-06-16 22:21 - 2014-06-16 22:32 - 00024064 _____ () C:\Windows\zoek-delete.exe 2014-06-16 22:20 - 2014-06-16 22:20 - 00001156 _____ () C:\Users\Faust\Desktop\mbam.txt 2014-06-16 22:18 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-16 22:18 - 2009-07-14 06:45 - 00030480 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-16 22:17 - 2014-01-16 03:31 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-06-16 22:15 - 2014-06-16 22:14 - 01285120 _____ () C:\Users\Faust\Desktop\zoek.exe 2014-06-16 22:15 - 2014-06-16 15:23 - 00000000 ____D () C:\AdwCleaner 2014-06-16 22:15 - 2011-04-12 09:43 - 00696132 _____ () C:\Windows\system32\perfh007.dat 2014-06-16 22:15 - 2011-04-12 09:43 - 00147428 _____ () C:\Windows\system32\perfc007.dat 2014-06-16 22:15 - 2009-07-14 07:13 - 00839172 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-06-16 22:13 - 2014-06-16 22:13 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-06-16 22:13 - 2014-06-16 22:13 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-06-16 22:10 - 2014-04-21 22:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-06-16 22:09 - 2014-06-16 22:09 - 00009753 _____ () C:\Users\Faust\Desktop\AdwCleaner[S0].txt 2014-06-16 22:09 - 2014-01-14 20:32 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-06-16 22:09 - 2014-01-14 18:58 - 00001166 _____ () C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-06-16 22:09 - 2014-01-14 18:58 - 00000983 _____ () C:\Users\Faust\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2014-06-16 22:08 - 2014-06-16 22:08 - 00010365 _____ () C:\Users\Faust\Desktop\AdwCleaner[R1].txt 2014-06-16 15:21 - 2014-06-16 15:21 - 01333465 _____ () C:\Users\Faust\Desktop\adwcleaner_3.212.exe 2014-06-16 14:56 - 2014-06-16 14:56 - 00000000 ___SD () C:\Users\Faust\Documents\Passwords Database 2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Gast 2014-06-16 14:56 - 2014-01-16 18:31 - 00000000 ____D () C:\Users\Administrator 2014-06-16 13:56 - 2014-06-16 13:56 - 00019038 _____ () C:\ComboFix.txt 2014-06-16 13:56 - 2014-06-16 13:40 - 00000000 ____D () C:\Qoobox 2014-06-16 13:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini 2014-06-16 13:47 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default 2014-06-16 13:46 - 2014-06-16 13:39 - 00000000 ____D () C:\Windows\erdnt 2014-06-16 13:38 - 2014-06-16 13:38 - 05206841 ____R (Swearware) C:\Users\Faust\Desktop\ComboFix.exe 2014-06-16 13:31 - 2014-01-15 01:27 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins 2014-06-15 23:53 - 2014-01-14 21:00 - 00000000 ____D () C:\ProgramData\Origin 2014-06-15 23:32 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe 2014-06-15 23:28 - 2014-06-15 23:28 - 02247960 _____ () C:\Users\Faust\Downloads\battlelog-web-plugins_2.4.0_141.exe 2014-06-15 23:03 - 2014-06-15 23:03 - 02081280 _____ (Farbar) C:\Users\Faust\Desktop\FRST64.exe 2014-06-13 12:26 - 2014-01-17 18:02 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\TS3Client 2014-06-13 12:25 - 2014-01-17 17:39 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\AIMP3 2014-06-13 12:04 - 2014-06-13 12:04 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-06-02 19:00 - 2014-06-02 18:01 - 00000000 ____D () C:\Users\Faust\Documents\FIFA World 2014-06-02 18:01 - 2014-06-02 18:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pflanzen gegen Zombies 2014-06-02 18:01 - 2014-01-15 01:26 - 00156795 _____ () C:\Windows\DirectX.log 2014-06-02 18:01 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games 2014-06-02 17:13 - 2014-06-02 17:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA Sports FIFA World 2014-05-31 01:50 - 2014-05-31 01:35 - 00000000 ____D () C:\ProgramData\Adobe 2014-05-31 01:50 - 2014-05-31 01:25 - 00000714 __RSH () C:\ProgramData\ntuser.pol 2014-05-31 01:37 - 2014-05-31 01:37 - 00000000 ____D () C:\Users\Faust\AppData\Local\Adobe 2014-05-31 01:37 - 2014-01-16 03:32 - 00000000 ____D () C:\Users\Faust\AppData\Roaming\Adobe 2014-05-31 01:35 - 2014-05-31 01:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2014-05-31 01:35 - 2014-05-31 01:35 - 00000000 ____D () C:\Program Files (x86)\Adobe 2014-05-31 01:26 - 2014-05-31 01:26 - 00352256 _____ (Dailytools GmbH) C:\Windows\SysWOW64\update1.dll 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files\Dailytools 2014-05-31 01:25 - 2014-05-31 01:25 - 00000000 ____D () C:\Program Files (x86)\Dailytools 2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy 2014-05-31 01:25 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy 2014-05-29 00:31 - 2014-01-17 17:29 - 00000000 ____D () C:\Users\Faust\AppData\Local\CrashDumps 2014-05-23 22:52 - 2014-01-15 01:27 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0 ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-06-08 19:34 ==================== End Of Log ============================ Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-06-2014
Ran by Faust at 2014-06-16 22:38:45
Running from C:\Users\Faust\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIMP3 (HKLM-x32\...\AIMP3) (Version: v3.55.1332, 21.12.2013 - AIMP DevTeam)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2018 - Avast Software)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.2 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.4.0 - EA Digital Illusions CE AB)
C-Media PCI Audio Device (HKLM\...\C-Media PCI Audio Driver) (Version: - )
Curse Client (HKCU\...\101a9f93b8f0bb6f) (Version: 5.1.1.792 - Curse)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Digital Jockey - IE2 (HKLM\...\USB_AUDIO_DEusb-audio.deRLDJIF2) (Version: - )
EA Sports FIFA World (HKLM-x32\...\{8F9AC744-EEF6-43DB-A4B6-FA1A18F1C640}) (Version: 5.3.0.40277 - Electronic Arts, Inc.)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.12.23.219 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.23.219 - DVDVideoSoft Ltd.)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{B1AC3709-3E98-4F2C-A84E-4BCA2A452E64}) (Version: 4.2.40.2418 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.8.251 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) Hidden
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Client Profile DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (HKLM\...\Microsoft .NET Framework 4 Extended DEU Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 (HKLM\...\Microsoft Help Viewer 1.0) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (HKLM-x32\...\Microsoft Visual C++ 2010 Express - DEU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 Express - DEU (x32 Version: 10.0.30319 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Native Instruments Controller Editor (HKLM-x32\...\Native Instruments Controller Editor) (Version: - Native Instruments)
Native Instruments Controller Editor (Version: 1.4.2.848 - Native Instruments) Hidden
Native Instruments Service Center (HKLM-x32\...\Native Instruments Service Center) (Version: - Native Instruments)
Native Instruments Service Center (Version: 2.2.6.676 - Native Instruments) Hidden
Native Instruments Traktor 2 (HKLM-x32\...\Native Instruments Traktor 2) (Version: - Native Instruments)
Native Instruments Traktor 2 (Version: 2.1.2.12125 - Native Instruments) Hidden
NVIDIA 3D Vision Controller-Treiber 335.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 335.21 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 335.23 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 335.23 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 335.23 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.147.1067 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3523 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 335.23 (Version: 335.23 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.3.11.2762 - Electronic Arts, Inc.)
Pflanzen gegen Zombies™ (HKLM-x32\...\{5E6536C2-E79A-49CF-83EA-817AD81F9FC8}) (Version: 1.2.0.1093 - Electronic Arts, Inc.)
Platform (x32 Version: 1.34 - VIA Technologies, Inc.) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.72.410.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7111 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Smart Technology Programming Software 7.0.27.13 (HKLM\...\{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}) (Version: 7.0.27.13 - Mad Catz)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Titanfall™ (HKLM-x32\...\{347EE0C3-0690-48F6-A231-53853C2A80D6}) (Version: 1.0.3.6 - Electronic Arts)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.34 - VIA Technologies, Inc.)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
XBMC (HKCU\...\XBMC) (Version: - Team XBMC)
==================== Restore Points =========================
27-04-2014 14:30:02 DirectX wurde installiert
06-05-2014 10:36:09 Gerätetreiber-Paketinstallation: usb-audio.de USB-Controller
06-05-2014 10:36:30 Gerätetreiber-Paketinstallation: usb-audio.de Audio-, Video- und Gamecontroller
06-05-2014 10:37:11 Gerätetreiber-Paketinstallation: Reloop Audio-, Video- und Gamecontroller
11-05-2014 15:03:24 DirectX wurde installiert
16-05-2014 19:17:03 DirectX wurde installiert
02-06-2014 15:11:51 DirectX wurde installiert
02-06-2014 16:00:13 DirectX wurde installiert
16-06-2014 11:41:00 ComboFix created restore point
16-06-2014 20:22:29 zoek.exe restore point
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {3B4D846F-D195-4D47-9149-7B313BAC45DD} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-04-21] (AVAST Software)
Task: {8542780C-9633-4EB9-9D75-1A4870868BDB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {889EEEFA-3513-4B9B-BF66-8408714E73C9} - \Desk 365 RunAsStdUser No Task File <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2013-08-01 18:31 - 2013-08-01 18:31 - 00198120 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-08-01 18:31 - 2013-08-01 18:31 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-08-01 18:31 - 2013-08-01 18:31 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2014-01-14 20:44 - 2014-03-04 15:05 - 00116056 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-15 01:27 - 2014-01-15 01:27 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-06-16 13:33 - 2014-06-16 13:33 - 02776064 _____ () C:\Program Files\AVAST Software\Avast\defs\14061600\algo.dll
2014-04-21 22:40 - 2014-04-21 22:40 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/16/2014 10:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:10:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
System errors:
=============
Error: (06/16/2014 10:29:32 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 10:29:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 10:29:31 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 10:29:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 10:29:30 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:55:49 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:54:11 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:45:58 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:44:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (06/16/2014 01:39:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "DailytoolsUpdateService" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (06/16/2014 10:36:05 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:10:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 10:04:26 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:59:49 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 02:48:23 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/16/2014 01:33:03 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/15/2014 10:51:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 00:14:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/13/2014 11:55:54 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (06/12/2014 09:33:54 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
CodeIntegrity Errors:
===================================
Date: 2014-06-08 19:35:31.840
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.839
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.838
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.826
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.824
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-08 19:35:31.822
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.006
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.005
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:56.003
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-06-05 09:29:55.988
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume4\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 17%
Total physical RAM: 10185.38 MB
Available physical RAM: 8370.21 MB
Total Pagefile: 20368.96 MB
Available Pagefile: 18421.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.54 GB) (Free:398.7 GB) NTFS
Drive f: (Ra) (Fixed) (Total:931.51 GB) (Free:350.51 GB) NTFS
Drive g: () (Fixed) (Total:232.88 GB) (Free:232.5 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: C38B2AA3)
Partition: GPT Partition Type.
========================================================
Disk: 1 (Size: 932 GB) (Disk ID: 6C0AACB3)
Partition 1: (Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 233 GB) (Disk ID: BF5FBF5F)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
17.06.2014, 11:06
| #10 | |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Servus, Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
|
|
17.06.2014, 13:19
| #11 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. https://www.virustotal.com/de/file/15ba6c6a3687e57fb45fff1982ff4057d0d76cdffadf8667d7443dd7d96eebe8/analysis/1403007525/ |
|
17.06.2014, 13:33
| #12 | |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator.Zitat:
 Nochmal meine Anleitung lesen bitte ...  |
|
17.06.2014, 13:48
| #13 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. oh entschuldigung das sollte jetzt die richtige datei sein https://www.virustotal.com/de/file/905a58c022c471752b763084f0c61ae2e759bb98639d3c8e785ea52aced118d5/analysis/1403009205/ |
|
17.06.2014, 13:49
| #14 |
| /// TB-Ausbilder | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. Hast du das folgende Programm absichtlich/bewusst installiert? BHO: Websearch - {C2F7351C-5957-4744-B159-59EBEA4E7027} - C:\Program Files\Dailytools\Websearch\1.0.0.5\Websearch.dll (Dailytools GmbH) Was kannst du mir hierzu sagen? |
|
17.06.2014, 13:51
| #15 |
| | Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. nicht das ich wüsste ich weis nicht mal was ich damit machen soll... |
|
| Themen zu Avast => Dieses Programm wurde durch eine Gruppenrichtlinie blockiert. Weitere Informationen erhalten Sie vom Systemadministrator. |
| andere, anderes, avast, blockiert, board, erhalte, erhalten, gruppe, gruppenrichtlinie, hilfe, informationen, irgend, problem, programm, rechner, sauber, systemadministrator, thread, titel |
Linear-Darstellung
