| |
| |||||||
Log-Analyse und Auswertung: "cj.dotomi.com" - Malware in Chrome (Win7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
16.07.2014, 12:02
| #16 |
 |  "cj.dotomi.com" - Malware in Chrome (Win7) ADW-Cleaner Code:
ATTFilter # AdwCleaner v3.215 - Bericht erstellt am 16/07/2014 um 12:08:55
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Holger - HOLGER-PC
# Gestartet von : C:\Users\Holger\Desktop\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : iSafeService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Holger\AppData\Roaming\eCyber
Ordner Gelöscht : C:\Users\Holger\AppData\Roaming\iSafe
Ordner Gelöscht : C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Datei Gelöscht : C:\Users\Holger\daemonprocess.txt
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Schlüssel Gelöscht : HKLM\Software\iSafe
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://www.germanwings.com/Search/Search.aspx?SearchQueryText={searchTerms}&Culture=de-de
Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://blekko.com/#?q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1388868285&from=cor&uid=SamsungXSSDX840XEVOX250GB_S1DBNSADC53893J&q={searchTerms}
Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
*************************
AdwCleaner[R0].txt - [7300 octets] - [07/01/2014 23:06:41]
AdwCleaner[R1].txt - [1713 octets] - [16/07/2014 12:07:55]
AdwCleaner[S0].txt - [5083 octets] - [07/01/2014 23:07:18]
AdwCleaner[S1].txt - [2185 octets] - [16/07/2014 12:08:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2245 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Professional x64
Ran by Holger on 16.07.2014 at 12:25:00,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 16.07.2014 at 12:32:19,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Holger (administrator) on HOLGER-PC on 16-07-2014 12:34:44
Running from C:\Users\Holger\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dropbox, Inc.) C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.3\apmwinsrv.exe [66768 2014-02-17] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-09-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1966080 2007-11-19] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [723456 2013-12-03] ()
HKLM-x32\...\Run: [HFS Activator] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.3\activation\hfsactivator.exe [245456 2014-02-17] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA00C2A76C10BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:blank
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-05-18]
Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR DefaultSearchKeyword: g
CHR Extension: (Google Docs) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Session Manager) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-02-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-15]
CHR Extension: (Google-Suche) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (WhatFont) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-02-15]
CHR Extension: (Project Naptha) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Google Mail) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR Extension: (Chrome YouTube Downloader) - C:\chrome addons-NEU-INSTALL\2.6.20_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp3\14.0.0.4651_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp4\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp2\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp5\14.0.0.4917_0 [2014-06-15]
CHR Extension: (__MSG_extName__) - C:\chrome addons-NEU-INSTALL\0.5.6_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp1\14.0.0.4651_1 [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
==================== Drivers (Whitelisted) ====================
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-02-17] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-02-17] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [205520 2014-02-17] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-02-17] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-07] (Kaspersky Lab ZAO)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42704 2014-02-17] (Paragon Software Group)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S1 iSafeKrnlR3; \??\C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-16 12:34 - 2014-07-16 12:34 - 00022595 _____ () C:\Users\Holger\Desktop\FRST.txt
2014-07-16 12:24 - 2014-07-16 12:24 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 12:13 - 2014-07-16 12:13 - 01016261 _____ (Thisisu) C:\Users\Holger\Desktop\JRT.exe
2014-07-16 12:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-16 12:03 - 2014-07-16 12:03 - 01348263 _____ () C:\Users\Holger\Desktop\adwcleaner_3.215.exe
2014-07-16 08:55 - 2014-07-16 08:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-16 08:33 - 2014-07-16 08:33 - 00003197 _____ () C:\Users\Holger\Desktop\Sophos Virus Removal Tool.lnk
2014-07-16 08:33 - 2014-07-16 08:33 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-16 08:33 - 2014-07-16 08:33 - 00000000 ____D () C:\Program Files (x86)\Sophos Virus Removal Tool
2014-07-15 20:45 - 2014-07-15 20:45 - 00000000 ____D () C:\Windows\pss
2014-07-15 20:34 - 2014-07-15 21:03 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 20:34 - 2014-07-15 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 20:33 - 2014-07-15 20:34 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 20:33 - 2014-07-15 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 20:33 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-15 20:33 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-15 20:33 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-15 19:52 - 2014-07-16 12:10 - 00002636 _____ () C:\Windows\PFRO.log
2014-07-15 15:23 - 2014-07-15 15:23 - 00022789 _____ () C:\ComboFix.txt
2014-07-15 15:11 - 2014-07-15 15:23 - 00000000 ____D () C:\Qoobox
2014-07-15 15:11 - 2014-07-15 15:23 - 00000000 ____D () C:\ComboFix
2014-07-15 15:11 - 2014-07-15 15:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-15 15:11 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-15 15:11 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-15 15:11 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-15 15:11 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-15 15:11 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-15 15:11 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-15 15:11 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-15 15:11 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-15 15:08 - 2014-07-15 15:09 - 05220800 ____R (Swearware) C:\Users\Holger\Desktop\ComboFix.exe
2014-07-15 15:00 - 2014-07-15 15:00 - 00001768 _____ () C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lightroom.exe - Verknüpfung.lnk
2014-07-15 13:09 - 2014-07-16 12:34 - 00000000 ____D () C:\Users\Holger\Desktop\Virus-Problem 07-2014
2014-07-15 13:06 - 2014-07-16 12:34 - 00000000 ____D () C:\FRST
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Desktop\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 08:14 - 2014-07-16 12:10 - 00001344 _____ () C:\Windows\setupact.log
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 15:32 - 2014-07-14 15:37 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:32 - 2014-07-13 18:37 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-07 23:15 - 2014-07-07 23:16 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:57 - 2014-07-07 22:59 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-04 17:12 - 2014-07-07 12:39 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-04 15:28 - 2014-07-04 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:20 - 2014-06-27 11:54 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-28 10:40 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:38 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-26 09:38 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-26 09:38 - 2003-03-18 22:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-06-26 09:38 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2012-08-22 14:49 - 05750868 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-26 09:35 - 2012-06-22 18:01 - 00372812 _____ (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-26 09:35 - 2012-06-18 19:06 - 05771358 _____ (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-09-30 14:58 - 00143441 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-26 09:35 - 2011-06-17 14:45 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-26 09:35 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-26 09:35 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-26 09:35 - 2009-09-11 14:15 - 00114688 _____ (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-24 15:18 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-24 15:15 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-24 15:15 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:02 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-06-24 15:02 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-24 15:02 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-23 18:50 - 2014-06-23 18:58 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
==================== One Month Modified Files and Folders =======
2014-07-16 12:35 - 2014-07-16 12:34 - 00022595 _____ () C:\Users\Holger\Desktop\FRST.txt
2014-07-16 12:34 - 2014-07-15 13:09 - 00000000 ____D () C:\Users\Holger\Desktop\Virus-Problem 07-2014
2014-07-16 12:34 - 2014-07-15 13:06 - 00000000 ____D () C:\FRST
2014-07-16 12:24 - 2014-07-16 12:24 - 00000000 ____D () C:\Windows\ERUNT
2014-07-16 12:18 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-16 12:18 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-16 12:17 - 2014-01-07 22:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-16 12:16 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-16 12:16 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-16 12:16 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-16 12:13 - 2014-07-16 12:13 - 01016261 _____ (Thisisu) C:\Users\Holger\Desktop\JRT.exe
2014-07-16 12:13 - 2014-01-11 15:47 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Dropbox
2014-07-16 12:12 - 2014-01-11 15:48 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\DropboxMaster
2014-07-16 12:11 - 2014-02-15 12:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-16 12:10 - 2014-07-15 19:52 - 00002636 _____ () C:\Windows\PFRO.log
2014-07-16 12:10 - 2014-07-15 08:14 - 00001344 _____ () C:\Windows\setupact.log
2014-07-16 12:10 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-16 12:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-16 12:09 - 2014-01-07 23:06 - 00000000 ____D () C:\AdwCleaner
2014-07-16 12:09 - 2014-01-07 17:57 - 01604349 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 12:08 - 2014-01-07 17:57 - 00000000 ____D () C:\Users\Holger
2014-07-16 12:03 - 2014-07-16 12:03 - 01348263 _____ () C:\Users\Holger\Desktop\adwcleaner_3.215.exe
2014-07-16 11:59 - 2014-02-15 12:34 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-16 11:37 - 2014-01-07 21:43 - 00000000 ____D () C:\Program Files\Adobe
2014-07-16 11:19 - 2014-01-07 21:43 - 00000000 ____D () C:\ProgramData\Adobe
2014-07-16 11:18 - 2014-01-07 22:12 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-07-16 11:18 - 2014-01-07 21:43 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-07-16 08:55 - 2014-07-16 08:55 - 00000000 ____D () C:\ProgramData\Sophos
2014-07-16 08:33 - 2014-07-16 08:33 - 00003197 _____ () C:\Users\Holger\Desktop\Sophos Virus Removal Tool.lnk
2014-07-16 08:33 - 2014-07-16 08:33 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-07-16 08:33 - 2014-07-16 08:33 - 00000000 ____D () C:\Program Files (x86)\Sophos Virus Removal Tool
2014-07-15 21:03 - 2014-07-15 20:34 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 21:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\security
2014-07-15 20:45 - 2014-07-15 20:45 - 00000000 ____D () C:\Windows\pss
2014-07-15 20:34 - 2014-07-15 20:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-07-15 20:34 - 2014-07-15 20:33 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-07-15 20:33 - 2014-07-15 20:33 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 15:40 - 2014-01-07 23:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-15 15:23 - 2014-07-15 15:23 - 00022789 _____ () C:\ComboFix.txt
2014-07-15 15:23 - 2014-07-15 15:11 - 00000000 ____D () C:\Qoobox
2014-07-15 15:23 - 2014-07-15 15:11 - 00000000 ____D () C:\ComboFix
2014-07-15 15:23 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-07-15 15:20 - 2014-07-15 15:11 - 00000000 ____D () C:\Windows\erdnt
2014-07-15 15:19 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-07-15 15:09 - 2014-07-15 15:08 - 05220800 ____R (Swearware) C:\Users\Holger\Desktop\ComboFix.exe
2014-07-15 15:00 - 2014-07-15 15:00 - 00001768 _____ () C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\lightroom.exe - Verknüpfung.lnk
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Desktop\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 16:19 - 2014-03-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-14 16:19 - 2014-01-07 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-14 16:19 - 2014-01-07 17:47 - 00000000 ____D () C:\Windows\Panther
2014-07-14 15:37 - 2014-07-14 15:32 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:37 - 2014-07-13 18:32 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-13 15:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 14:07 - 2014-01-07 23:01 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\vlc
2014-07-07 23:16 - 2014-07-07 23:15 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:59 - 2014-07-07 22:57 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-07 12:39 - 2014-07-04 17:12 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-07 08:52 - 2014-02-18 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-04 15:29 - 2014-07-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-03 22:13 - 2013-01-31 12:42 - 00000000 ___HD () C:\Users\Holger\AppData\Local\O4oI5SrM
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-01 11:00 - 2014-01-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-06-29 11:39 - 2014-02-07 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2014-06-29 11:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 10:27 - 2014-01-07 23:35 - 00000000 ____D () C:\Users\postgres
2014-06-28 10:40 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-28 10:40 - 2014-01-09 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 11:54 - 2014-07-04 15:20 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:41 - 2014-06-26 09:38 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2014-01-09 12:41 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-25 17:23 - 2014-02-27 11:06 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 15:18 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-24 15:18 - 2014-01-07 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:03 - 2014-01-07 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-24 15:02 - 2014-01-07 18:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-23 18:58 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
2014-06-22 19:54 - 2014-02-15 12:34 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 19:54 - 2014-02-15 12:34 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
Some content of TEMP:
====================
C:\Users\Holger\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp4qvmyp.dll
C:\Users\Holger\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
LastRegBack: 2014-07-08 09:00
==================== End Of Log ============================
--- --- --- Die Datei Additions.txt wurde nicht erstellt.  Was habe ich falsch gemacht?Leider gibt es das Problem immer noch... :-( Ich werde immernoch zu cj.dotomi.com/***** geleitet... |
|
16.07.2014, 12:49
| #17 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "cj.dotomi.com" - Malware in Chrome (Win7) Bitte auch ne neue Addition.txt erstellen, dazu FRST starten und einen Haken setzen bei Addition.txt, dann auf Scan klicken.
__________________
__________________ |
|
16.07.2014, 12:56
| #18 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) Noch ein Hinweis zu den umgeleiteten Links:
__________________Das Phänomen tritt nicht direkt nach dem Hochfahren auf. Starte ich sofort den Browser, dann funktionieren alle Links. Nach kurzer Zeit (1-2 Min.) erfolgt bei den gleichen Links die Umleitung zu cj.dotomi.... In Firefox ist es übrigens das gleiche... Additions.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by Holger at 2014-07-16 13:51:11
Running from C:\Users\Holger\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(HKLM\...\UDK-0d9fc8aa-6419-410f-bc19-78f36be6a3ca) (Version: - RuneStorm
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Astro Tripper (HKLM-x32\...\Steam App 110600) (Version: - PomPom)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avid Codecs LE (HKLM-x32\...\{581194D0-BCF1-4329-8EA8-2AC19154D8A5}) (Version: 2.3.4 - Ihr Firmenname)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
BeatBlasters III (HKLM-x32\...\Steam App 246800) (Version: - Chainsawesome Games)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version: - Threaks)
Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version: - Zombie Cow Studios)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)
Chicken Shoot Gold (HKLM-x32\...\Steam App 259340) (Version: - ToonTRAXX Studios)
Circuits (HKLM-x32\...\Steam App 282760) (Version: - Digital Tentacle)
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version: - Double Fine Productions)
Crash Time III (HKLM-x32\...\Steam App 33620) (Version: - Synetic)
Crazy Machines 2 (HKLM-x32\...\Steam App 18400) (Version: - Fakt Software)
CreaVures (HKLM-x32\...\Steam App 49810) (Version: - Muse Games)
C-RUSH (HKLM-x32\...\Steam App 262980) (Version: - Artnumeris)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
DaVinci Resolve (HKLM\...\{50534180-B41F-4257-8300-921F068193AC}) (Version: 10.0.2001 - Blackmagic Design)
Day One: Garry's Incident (HKLM-x32\...\Steam App 242800) (Version: - Wild Games Studio)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version: - Visceral Games)
Dear Esther (HKLM-x32\...\Steam App 203810) (Version: - thechineseroom & Robert Briscoe)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Desura (HKLM-x32\...\Desura) (Version: 100.56 - Desura)
Desura: Absent (HKLM-x32\...\Desura_111995567210528) (Version: Full - fentonfilmgames)
Desura: Air Control (HKLM-x32\...\Desura_117591909597216) (Version: Full - killjoygames)
Desura: BANZAI PECAN: Last Hope for the Young Century (HKLM-x32\...\Desura_78945793867808) (Version: Full - SERIOUS*IMPACT WORKS)
Desura: BlindSide (HKLM-x32\...\Desura_77438260346912) (Version: Full - epicycle)
Desura: Collateral (HKLM-x32\...\Desura_73959336837152) (Version: Alpha - Dancing Dinosaur Games)
Desura: Frederic – Resurrection of Music (HKLM-x32\...\Desura_77107547865120) (Version: Full - Forever Entertainment S.A.)
Desura: Hippocampal (HKLM-x32\...\Desura_118764435669024) (Version: Full - freegamer)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: ONE DAY for Ched (HKLM-x32\...\Desura_109311212650528) (Version: Full - BSL Team)
Desura: Orborun (HKLM-x32\...\Desura_114838835560480) (Version: Full release - Tiny Lab Productions)
Desura: Perdytacks (HKLM-x32\...\Desura_128187593916448) (Version: Full - AlexCrafter)
Desura: POP: Methodology Experiment One (HKLM-x32\...\Desura_75819057676320) (Version: Full - Rob Lach Games, LLC)
Desura: Project APT (HKLM-x32\...\Desura_120151710105632) (Version: Full - LittleDev_mac)
Desura: Space Slice (HKLM-x32\...\Desura_121191092191264) (Version: Full - codevikings entertainment)
Desura: The Lady (HKLM-x32\...\Desura_118571162140704) (Version: Full - MPR ART Hallucinations)
Desura: Tree Simulator 2013: Treeloaded (HKLM-x32\...\Desura_127212636340256) (Version: Full - Hero Games)
Desura: Whitewash (HKLM-x32\...\Desura_96477850370080) (Version: Full - OUSEGames)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duty Calls (HKLM-x32\...\{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}) (Version: 1.00.0000 - Duty Calls)
Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version: - Daedalic Entertainment)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version: - Michael Todd Games)
English Country Tune (HKLM-x32\...\Steam App 207570) (Version: - increpare games)
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version: - Ninja Theory)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Finding Teddy (HKLM-x32\...\Steam App 259600) (Version: - LookAtMyGames)
FLY'N (HKLM-x32\...\Steam App 223730) (Version: - Ankama Play)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free to Play (HKLM-x32\...\Steam App 245550) (Version: - Valve)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM-x32\...\Steam App 251870) (Version: - OVERDRIVE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Gun Metal (HKLM-x32\...\Steam App 267920) (Version: - Rage Software)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - Opus )
Hamlet or the last game without MMORPG features, shaders and product placement (HKLM-x32\...\Steam App 222160) (Version: - mif2000)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
Home Sheep Home 2 (HKLM-x32\...\Steam App 259810) (Version: - Aardman Animations)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
I Have No Mouth, and I Must Scream (HKLM-x32\...\Steam App 245390) (Version: - )
Ignite (HKLM-x32\...\Steam App 45410) (Version: - Nemesys Games)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Into the Dark (HKLM-x32\...\Steam App 266050) (Version: - Homegrown Games)
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)
Ion Assault (HKLM-x32\...\Steam App 41730) (Version: - Coreplay GmbH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Journey of a Roach (HKLM-x32\...\Steam App 255300) (Version: - Koboldgames)
KAMI (HKLM-x32\...\Steam App 272040) (Version: - State of Play Games)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Krater (HKLM-x32\...\Steam App 42170) (Version: - Fatshark)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version: - Traveller's Tales)
LEVEL 22 (HKLM-x32\...\Steam App 293300) (Version: - Noego)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
Little Racers STREET (HKLM-x32\...\Steam App 262690) (Version: - Milkstone Studios)
LocoCycle (HKLM-x32\...\Steam App 224040) (Version: - Twisted Pixel Games)
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
Ludwig (HKLM-x32\...\{CB538252-5341-44EC-AF17-AC1BA8341633}) (Version: 1.11 - ovos)
Luxuria Superbia (HKLM-x32\...\Steam App 269150) (Version: - Tale of Tales)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}) (Version: 11.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Major Mayhem (HKLM-x32\...\Steam App 264340) (Version: - Rocket Jump)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.3.2.34663) (Version: 2.3.2.34663 - Apricity Software LLC)
MarkdownPad 2 (x32 Version: 2.3.2.34663 - Apricity Software LLC) Hidden
Master Reboot (HKLM-x32\...\Steam App 251850) (Version: - Wales Interactive)
Mechanic Escape (HKLM-x32\...\Steam App 268240) (Version: - Slak Games)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version: - Reptile Games)
Miasmata (HKLM-x32\...\Steam App 223510) (Version: - IonFx)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
Montas (HKLM-x32\...\Steam App 269350) (Version: - Organic Humans)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
My Game Long Name (HKLM\...\DDG-b08f4bcd-aa9d-41f8-9a97-b52e97b6ca71) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-1a851536-4cab-4a16-95df-89b2a24922c3) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-42a55cca-ccb3-4469-8d0d-1f8ea656a389) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-729b0ed7-af66-47b0-a2f7-45a87d2a219b) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-cb553afa-42e7-4096-b859-8175ece99e9a) (Version: - Epic Games, Inc.)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Paragon HFS+ for Windows™ 10.3 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
Pid (HKLM-x32\...\Steam App 218740) (Version: - Might and Delight)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
Prince of Persia (HKLM-x32\...\Steam App 19980) (Version: - Ubisoft Montreal)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Proteus (HKLM-x32\...\Steam App 219680) (Version: - Ed Key and David Kanaga)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Retro/Grade (HKLM-x32\...\Steam App 222660) (Version: - 24 Caret Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Samsung ML-1630 Series (HKLM-x32\...\Samsung ML-1630 Series) (Version: - Samsung Electronics CO.,LTD)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version: - DPad Studios)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Sequence (HKLM-x32\...\Steam App 200910) (Version: - Iridium Studios)
Shank 2 (HKLM-x32\...\Steam App 102840) (Version: - Klei Entertainment)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sideway (HKLM-x32\...\Steam App 200190) (Version: - Playbrains)
Sine Mora (HKLM-x32\...\Steam App 207040) (Version: - Digital Reality)
SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version: - Digital Reality)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Slip (HKLM-x32\...\Steam App 291070) (Version: - Handsome Games)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.1 - Sophos Limited)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spate (HKLM-x32\...\Steam App 269810) (Version: - Eric Provan - Ayyo Games)
Spirits (HKLM-x32\...\Steam App 210170) (Version: - Spaces of Play)
Stacking (HKLM-x32\...\Steam App 115110) (Version: - Double Fine Productions)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version: - Kot in Action Creative Artel)
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version: - Studio Evil)
Symphony (HKLM-x32\...\Steam App 207750) (Version: - Empty Clip Studios)
Syncios Version 3.0.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 3.0.3 - Anvsoft, Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T.E.C. 3001 (HKLM-x32\...\Steam App 280910) (Version: - Phoenix Game Studio)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)
The Dream Machine (HKLM-x32\...\Steam App 94300) (Version: - The Sleeping Machine)
The Great Jitters: Pudding Panic (HKLM-x32\...\Steam App 296650) (Version: - kunst-stoff GmbH)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version: - SkyGoblin)
The Maw (HKLM-x32\...\Steam App 26000) (Version: - Twisted Pixel Games)
The Path (HKLM-x32\...\Steam App 27000) (Version: - Tale of Tales)
The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)
The Shivah (HKLM-x32\...\Steam App 252370) (Version: - )
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
They Breathe (HKLM-x32\...\Steam App 294140) (Version: - The Working Parts)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version: - Size Five Games)
Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version: - Ubisoft Montreal)
Type:Rider (HKLM-x32\...\Steam App 258890) (Version: - Ex Nihilo)
Ultratron (HKLM-x32\...\Steam App 219190) (Version: - Puppygames)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unmechanical (HKLM-x32\...\Steam App 211180) (Version: - Talawa Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vanguard Princess (HKLM-x32\...\Steam App 262150) (Version: - Tomoaki Sugeno)
Velvet Assassin (HKLM-x32\...\Steam App 16720) (Version: - Replay Studios)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Viscera Cleanup Detail: Santas Rampage
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version: - RuneStorm)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Volt (HKLM-x32\...\Steam App 290280) (Version: - Quantized Bit)
Waveform (HKLM-x32\...\Steam App 204180) (Version: - Eden Industries)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
X-Blades (HKLM-x32\...\Steam App 7510) (Version: - Topware Interactive)
Zack Zero (HKLM-x32\...\Steam App 234290) (Version: - Crocodile Entertainment)
Zero Gear (HKLM-x32\...\Steam App 18820) (Version: - Brian Cronin)
==================== Restore Points =========================
15-07-2014 13:12:01 ComboFix created restore point
16-07-2014 09:36:31 Removed Adobe Photoshop Lightroom 5.3 64-bit.
16-07-2014 09:39:37 Removed Adobe Story
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-07-15 15:19 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0BEE99C6-A5CA-4869-977F-5CAC766231A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {149BED8B-9AF6-4CC5-9620-761A007241BF} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {31ED3174-D2A1-44CB-83C4-5F7DE8530606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {875759E8-CEE3-4DA6-B1DC-1ECAE506EC0D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {AEE27F6D-F0E6-4879-8ACF-27F8F2C74AC7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {C5D8D805-187C-456A-B7FE-6E27182A5DF2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {EE1D9BEC-72CC-47AE-BBC2-56BD5B7CC49C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-07 18:10 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-10-30 06:08 - 2009-10-30 06:08 - 00022016 _____ () C:\Windows\System32\ml163sl6.dll
2014-01-07 23:34 - 2013-04-02 05:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2014-01-07 23:34 - 2012-08-14 15:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-07 22:52 - 2009-09-25 07:00 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-07 22:52 - 2008-08-27 21:22 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00220944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00036624 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
2014-01-14 00:10 - 2013-12-03 09:34 - 00723456 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-05-18 22:52 - 2011-05-06 05:03 - 00594944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00099328 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00027136 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00971776 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00080688 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00055296 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00043008 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00035840 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
2014-05-18 22:52 - 2011-11-07 10:43 - 00020992 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
2014-06-26 09:38 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-26 09:38 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2014-06-26 09:38 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2014-07-16 13:12 - 2014-07-16 13:12 - 00043008 _____ () c:\users\holger\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphbvwiy.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Holger\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-18 22:52 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
2014-01-09 09:22 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2014-05-18 22:52 - 2011-05-06 05:02 - 00341504 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
2014-01-14 00:10 - 2013-12-19 18:09 - 00377344 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2014-01-14 00:10 - 2013-10-27 00:02 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2014-01-14 00:10 - 2013-10-27 00:00 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-07-08 20:03 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Holger\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Holger\Lokale Einstellungen:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\Anwendungsdaten:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\O4oI5SrM:dFMQEbRyKf4mO4sDXxZSDdM8KSZ
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: GIGABYTE GBB36X Controller
Description: GIGABYTE GBB36X Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JRAID
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: iSafeKrnl Ring3 Driver
Description: iSafeKrnl Ring3 Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iSafeKrnlR3
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (07/16/2014 01:11:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
iSafeKrnlR3
Error: (07/16/2014 01:11:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-07-15 15:19:04.116
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-15 15:19:04.026
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-07-14 18:19:49.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.098
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.091
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.083
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.940
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.939
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 8190.49 MB
Available physical RAM: 4959.39 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 12382.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (System_SSD) (Fixed) (Total:232.79 GB) (Free:89.14 GB) NTFS
Drive e: (altes System) (Fixed) (Total:117.19 GB) (Free:17.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Video Daten) (Fixed) (Total:814.32 GB) (Free:179.56 GB) NTFS
Drive g: (2T - Systemplatzhalter) (Fixed) (Total:175.78 GB) (Free:99.76 GB) NTFS
Drive h: (2T - BackupPart) (Fixed) (Total:488.28 GB) (Free:46.53 GB) NTFS
Drive i: (2T- Arbeitsdaten) (Fixed) (Total:1198.95 GB) (Free:4.07 GB) NTFS
Drive j: (ARBEIT & Backup) (Fixed) (Total:2794.39 GB) (Free:12.76 GB) NTFS
Drive k: (ARBEIT & Backup 2) (Fixed) (Total:2794.39 GB) (Free:416.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6E4D46BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B5AECF3E)
Partition 1: (Not Active) - (Size=176 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-911659237376) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 29689BC5)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=814 GB) - (Type=OF Extended)
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
16.07.2014, 13:01
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Mal testweise neue Browserprofile erstellen und damit arbeiten. Aber erstmal Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.07.2014, 05:39
| #20 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) Hi, cosinus. Schon mal ein herzliches Zwischen-Danke für deine Mühe! hier das MBAM-Protokoll, es wurde nichts gefunden  Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 16.07.2014 Suchlauf-Zeit: 14:23:03 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.16.03 Rootkit Datenbank: v2014.07.14.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Holger Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 326877 Verstrichene Zeit: 7 Min, 59 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Ich starte jetzt den Online-Scan... Was heißt denn neue Browserprofile erstellen? Der online-Scan wird noch ein paar Std. dauern... Aber es wurden bereits 12 infizierte Dateien gefunden! hier jetzt der ESET-Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3dd0f3b8e25bd14fbe244334541d2ef1
# engine=19202
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-07-16 10:14:50
# local_time=2014-07-17 12:14:50 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1292 16777213 100 100 39779 37023312 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 55182 157178740 0 0
# scanned=1267249
# found=30
# cleaned=0
# scan_time=34328
sh=98ABABFD260D832DD4F759AE708AB2F3FA9896CB ft=1 fh=4dfddbcb06bdd710 vn="Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\DaemonProcess.exe.vir"
sh=2531969234D9474AD02C7A7F6D1085B8950A28C7 ft=1 fh=995df1d13e73f840 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\Mobogenie.exe.vir"
sh=3514FE73678E8AD4708F0C54E886814FB8D6CBBD ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\nengine.dll.vir"
sh=C86F9E4C2947B866837F4CE9E2F5156D244FCA2E ft=1 fh=0833f1c10068505a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Mobogenie\UpdateMoboGenie.exe.vir"
sh=B634095B2F3AD737DB5489BA4DB6B2F448A3FAEE ft=1 fh=4f6685c4dec6b5fe vn="Variante von Win32/ELEX.Y evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WPM\wprotectmanager.exe.vir"
sh=9DD0F7453F429A74EDA0C5519D70C91AF1EC6AA2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie2.1.36.zip.vir"
sh=12A81C015E84CAB1346754690B8683E3D0F5C542 ft=1 fh=2038865bafb4f80a vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\DaemonProcess.exe.vir"
sh=CC52EE1298EA7A344B1C0CD7D03D1A059C77FD39 ft=1 fh=d235b59034f549ec vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\Mobogenie.exe.vir"
sh=659E678C5D8CE742CC03A211C59AA57E6018FDC6 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\MUServer.apk.vir"
sh=8E6A6992A3C7FEC4000FA1A4D764DD597109E0B5 ft=1 fh=c71c0011cd00713e vn="Win32/NextLive.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\nengine.dll.vir"
sh=930F6C24088B7CB47481D4EDD64A873A817E73FC ft=1 fh=44fb5a4b02bb1a4e vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Holger\AppData\Local\Mobogenie\Version\NewVersion\Mobogenie\UpdateMoboGenie.exe.vir"
sh=BD91D75E62DF82C8AD341E96BA5C4F105D8E3AB1 ft=1 fh=c71c0011f39f8a23 vn="Variante von Win32/InstallCore.IO evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Holger\Downloads\FileZilla_3.7.4.1_win32-setup.exe"
sh=F7511D8F7E2D032A517A400EEA63374798FF4BB0 ft=1 fh=ec17a1732fd24011 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Holger\Downloads\rcsetup149.exe"
sh=EE51BC65E632624027E2DD83F44A75784323D247 ft=1 fh=6e4c94e45ea75834 vn="Win32/Adware.Lollipop.D Anwendung" ac=I fn="C:\Users\Holger\Downloads\setup_Project64_2.1.exe"
sh=9A12ACAE7AF0BF2BBB50DB64295BB19E4376EDE7 ft=1 fh=c9c096101411222a vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Users\Holger\Downloads\syncios.exe"
sh=3B6BDCA414A53DF7C8C5096B953C4DF87A1091C7 ft=1 fh=55ca6504931631dc vn="Win32/HackTool.WinActivator.I potenziell unsichere Anwendung" ac=I fn="C:\Users\Holger\Downloads\Windows_Loader_v2.2.1\Windows Loader\Windows Loader.exe"
sh=1700F496D3E58545564CF4BD45E94481CC152DAE ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.A Trojaner" ac=I fn="C:\Windows\temp\ioc2B9F.tmp"
sh=1700F496D3E58545564CF4BD45E94481CC152DAE ft=0 fh=0000000000000000 vn="Android/TrojanSMS.Bosm.A Trojaner" ac=I fn="C:\Windows\temp\ioc99AC.tmp"
sh=A033CC58A848309C839C636370383A81481BD426 ft=1 fh=cc9ff824932b8bdf vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\NCH Software\Prism\prism.exe"
sh=31D8C3EDE22AFD8B1CA5CAC4FDD27A245F6CC7B6 ft=1 fh=5dda5872f4087e13 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\NCH Software\Prism\prismpsetup_v1.82.exe"
sh=7841824088542F907AD2A804AE53FE62D201E298 ft=1 fh=36a1bcee932b8bdf vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="E:\Program Files (x86)\NCH Software\Prism\uninst.exe"
sh=B8BFF07F4C958C02F41D69F44B9774D9846D1A77 ft=1 fh=3ee20c366fdd70ce vn="Variante von Win32/CNETInstaller.B evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Holger\Downloads\cbsidlm-cbsi5_3_0_96-Pandora_Recovery-BP-10694796.exe"
sh=8A893FE3C1376F3C1B0F67A9514CBE621B717D98 ft=1 fh=667b25980f774106 vn="Win32/DownloadAdmin.G evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Holger\Downloads\cbsidlm-tr1_13-Scorch-ORG-10676304.exe"
sh=EA244E84E1468A6AF4741F2184E113A16F833D8B ft=1 fh=a9c73d0d07b22a58 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="E:\Users\Holger\Downloads\ccsetup402.exe"
sh=31D8C3EDE22AFD8B1CA5CAC4FDD27A245F6CC7B6 ft=1 fh=5dda5872f4087e13 vn="Variante von Win32/Toolbar.Conduit.H evtl. unerwünschte Anwendung" ac=I fn="E:\Users\Holger\Downloads\prismpsetup.exe"
sh=FD59392F99C9403C7759A24DA9DB16839C2F6652 ft=1 fh=a20d4fb9b6cda747 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="E:\Users\Holger\Downloads\syncios.exe"
sh=5CA96A0C243390C378DEE1A629684EA261E2CFC4 ft=1 fh=a717dcd23690f0a7 vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="J:\INSTALL-Files\Diverse\SetupImgBurn_2.5.8.0.exe"
sh=B9A1257939F168B29C5FFE1D0E12AC8D9E3827B2 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="K:\HOLGER-PC\Backup Set 2014-01-04 215456\Backup Files 2014-01-04 215456\Backup files 1.zip"
sh=5B6AB601166C64D1780F6DCA1C87A075AD9D6050 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="K:\HOLGER-PC\Backup Set 2014-01-04 215456\Backup Files 2014-01-04 215456\Backup files 8.zip"
|
|
17.07.2014, 20:36
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Viele Überbleibsel. Downloadordner mal aufräumen. TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ist aber nur optional. Um Usertracking zu verhindern kann man gut die Firefox-Erweiterung Ghostery verwenden. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ --> "cj.dotomi.com" - Malware in Chrome (Win7) |
|
17.07.2014, 23:34
| #22 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) Hallo Cosinus, vielen Dank, TFC habe ich erfolgreich ausgeführt. Leider besteht das Problem weiterhin - zumindest mehr oder weniger.  Ab ca. 3-4 Min. nach einem Windows-Neustart, werde ich bei bestimmten Links zu cj.dotomi.com/***** weitergeleitet, und zwar in Firefox UND Chrome. Immer rekonstruieren lässt sich dies auf der Seite epicbundle.com, dort die Links auf gog.com, greenmangaming.com und weitere... Direkt nach dem Start passiert dies aber noch nicht! Da werden die Links noch korrekt ausgeführt. Das macht mich stutzig und vermittelt den Eindruck, dass irgendetwas im Hintergrund erst gestartet wird!? Wenn ich die hosts-File um eine Liste ergänze, wie in deinem Link beschrieben, wird statt auf cj.dotomi.com auf folgende Seite gelinkt: hxxp://www.dpbolvw.net/*********** Diese kann nicht geöffnet werden, sie wird wohl in hosts blockiert!? Setzte ich die hosts-Datei wieder zurück, dann gibt es wieder das alte cj.dotomi-Problem. Im Prinzip kann ich ja nun damit leben, dass Problem taucht mit der neuen hosts-Datei nicht mehr auf. (Dafür funktionieren halt manche Links nicht, die wohl über unsicher Umleitungen laufen werden...) Aber es macht mich schon sehr stutzig, dass dieses cj.dotomi-Problem erst 3-4 Minuten nach dem Start kommt... Wieso???? Wenn es nur eine Werbeumleitung der Seite (epicbundle.com) wäre, dann müsste sie doch von Anfang an da sein? Wird da irgendwas gestartet??? Hast du eine Idee? Was meintest du eigentlich mit "neue Browserprofile erstellen"? Was heißt das und wie geht das? Was ist eigentlich mit den 30 Funden des ESET-Scans? Muss ich da nichts beseitigen? viele Grüße, Ruiner |
|
18.07.2014, 21:25
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Erstell dir mal ein neues Profil und teste => http://support.mozilla.com/de/kb/Profile%20verwalten
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
