Maiandros | 16.01.2015 00:05 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 15.01.2015
Suchlauf-Zeit: 15:39:56
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.15.09
Rootkit Datenbank: v2015.01.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Jerekin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 344115
Verstrichene Zeit: 10 Min, 9 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 5
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1584, Löschen bei Neustart, [912444b3ed9cbd797d1a54706a97f907]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 2988, Löschen bei Neustart, [882d04f306830432bbf1c73eb54dcf31]
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe, 2892, Löschen bei Neustart, [d7decd2a0188eb4b6234f67b0cf7a65a]
PUP.Optional.InternetProgram.A, C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe, 2788, Löschen bei Neustart, [eacbdc1be8a1b87e3c5b521fb053e41c]
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\2\Plugin.exe, 2412, Löschen bei Neustart, [8b2a30c77e0b4bebad560c5ef60de11f]
Module: 2
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2a8baa4d8009b77fc6f52a44986bc838],
Registrierungsschlüssel: 10
PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [912444b3ed9cbd797d1a54706a97f907],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, In Quarantäne, [882d04f306830432bbf1c73eb54dcf31],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, In Quarantäne, [773e57a0b8d1a2943981ea84f211f10f],
PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [5d58a651325779bd667f2fba5ca833cd],
PUP.Optional.ViView.A, HKLM\SOFTWARE\WOW6432NODE\vi-viewSoftware, In Quarantäne, [c1f4a3547d0c2c0a7a20462ada299967],
PUP.Optional.InternetProgram.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Service Mgr InternetProgram, In Quarantäne, [d7decd2a0188eb4b6234f67b0cf7a65a],
PUP.Optional.InternetProgram.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update Mgr InternetProgram, In Quarantäne, [eacbdc1be8a1b87e3c5b521fb053e41c],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, In Quarantäne, [e3d2a2550188eb4b90635524fe050af6],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3141859463-133168769-2000985078-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [575ed621f09951e5c02f357e6a992ed2],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3141859463-133168769-2000985078-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [ffb609eed6b37fb701017f4be3213ac6],
Registrierungswerte: 2
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\extensions\fftoolbar2014@etech.com, In Quarantäne, [f8bdb83f7316bc7a57fd0b6341c22fd1]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3141859463-133168769-2000985078-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0V1D1S1R1D0V1O, In Quarantäne, [ffb609eed6b37fb701017f4be3213ac6]
Registrierungsdaten: 2
PUP.Optional.ViView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://myhome.vi-view.com/web/?type=ds&ts=1421182662&from=cor&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://myhome.vi-view.com/web/?type=ds&ts=1421182662&from=cor&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&q={searchTerms}),Ersetzt,[249156a10089ab8b2cb50287ae57a45c]
PUP.Optional.ViView.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://myhome.vi-view.com/web/?type=ds&ts=1421182662&from=cor&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://myhome.vi-view.com/web/?type=ds&ts=1421182662&from=cor&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&q={searchTerms}),Ersetzt,[00b5fbfcc1c8f73fd21119701ce98a76]
Ordner: 39
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, Löschen bei Neustart, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [0baa4ea9c0c9d363b465c58a28dbe11f],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [0baa4ea9c0c9d363b465c58a28dbe11f],
PUP.Optional.InternetProgram.A, C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9, Löschen bei Neustart, [179e53a41a6fbe786b97303aec1742be],
PUP.Optional.InternetProgram.A, C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater, In Quarantäne, [179e53a41a6fbe786b97303aec1742be],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9, Löschen bei Neustart, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins, Löschen bei Neustart, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\2, Löschen bei Neustart, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\2bak, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, In Quarantäne, [981d3abd32577abc89f0105c887b39c7],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, In Quarantäne, [981d3abd32577abc89f0105c887b39c7],
Dateien: 76
PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [912444b3ed9cbd797d1a54706a97f907],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, Löschen bei Neustart, [882d04f306830432bbf1c73eb54dcf31],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, Löschen bei Neustart, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, Löschen bei Neustart, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\arrow.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_add_logo_hover.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\default_logo.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\googlelogo2.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\weather\0.png, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ie8.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, In Quarantäne, [2a8baa4d8009b77fc6f52a44986bc838],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.exe, Löschen bei Neustart, [d7decd2a0188eb4b6234f67b0cf7a65a],
PUP.Optional.InternetProgram.A, C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.exe, Löschen bei Neustart, [eacbdc1be8a1b87e3c5b521fb053e41c],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, In Quarantäne, [0baa4ea9c0c9d363b465c58a28dbe11f],
PUP.Optional.InternetProgram.A, C:\Program Files (x86)\Common Files\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\updater.bak, In Quarantäne, [179e53a41a6fbe786b97303aec1742be],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugincontainer.bak, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\temp, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\2\Plugin.exe, Löschen bei Neustart, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\2bak\Plugin.exe, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.InternetProgram.A, C:\ProgramData\6fb1f30a-cea7-4ccf-bff8-acbecbfe46f9\plugins\3\Plugin.exe, In Quarantäne, [8b2a30c77e0b4bebad560c5ef60de11f],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, In Quarantäne, [981d3abd32577abc89f0105c887b39c7],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
# AdwCleaner v4.107 - Bericht erstellt am 15/01/2015 um 23:21:48
# Aktualisiert 07/01/2015 von Xplode
# Database : 2015-01-13.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Jerekin - HELLCAT
# Gestartet von : C:\Users\Jerekin\Desktop\AdwCleaner_4.107.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\MailUpdate
Ordner Gelöscht : C:\Users\Jerekin\AppData\Roaming\MailUpdate
Datei Gelöscht : C:\Windows\System32\drivers\taphss6.sys
Datei Gelöscht : C:\Windows\System32\drivers\hssdrv6.sys
Datei Gelöscht : C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\86tcnpzc.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "vi-view");
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://myhome.vi-view.com/favicon.ico");
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "vi-view");
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://myhome.vi-view.com/web/?type=ds&ts=1421182662&from=cor&uid=SAMSUNGXHM500JI_S29MJ9BZ905089&q={searchTerms}");
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[c3oadvvn.default-1416589200050\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
*************************
AdwCleaner[R0].txt - [2065 octets] - [15/01/2015 23:17:49]
AdwCleaner[S0].txt - [1994 octets] - [15/01/2015 23:21:48]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2054 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Home Premium x64
Ran by Jerekin on 15.01.2015 at 23:48:32,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
~~~ FireFox
Successfully deleted the following from C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\c3oadvvn.default-1416589200050\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "cor");
user_pref("browser.search.searchengine.uid", "SAMSUNGXHM500JI_S29MJ9BZ905089");
user_pref("extensions.speeddial.thumbnail-1-label", "Startseite - Sweetwater Forum");
user_pref("extensions.speeddial.thumbnail-1-url", "hxxp://www.sweetwater-forum.de/index.php?page=Index");
Emptied folder: C:\Users\Jerekin\AppData\Roaming\mozilla\firefox\profiles\c3oadvvn.default-1416589200050\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15.01.2015 at 23:52:32,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Jerekin (administrator) on HELLCAT on 16-01-2015 00:00:56
Running from C:\Users\Jerekin\Desktop
Loaded Profiles: Jerekin (Available profiles: Jerekin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Foxit Software Inc.) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(SeriousBit) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13671640 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-03-23] (Alps Electric Co., Ltd.)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1385840 2000-01-01] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [11877656 2014-09-16] (Logitech Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKU\S-1-5-21-3141859463-133168769-2000985078-1000\...\Policies\Explorer: [] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3141859463-133168769-2000985078-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3141859463-133168769-2000985078-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3141859463-133168769-2000985078-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{6C15F93F-58AD-4B85-A730-99F1AE666285}: [NameServer] 8.8.8.8,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050
FF Homepage: chrome://speeddial/content/speeddial.xul
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @protectdisc.com/NPPDLicenseHelper -> C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll ()
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: WOT - C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2014-11-21]
FF Extension: Classic Theme Restorer - C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-11-21]
FF Extension: Dict.cc Translation - C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\Extensions\searchdictcc@roughael.xpi [2015-01-11]
FF Extension: Speed Dial - C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi [2014-11-22]
FF Extension: Adblock Plus - C:\Users\Jerekin\AppData\Roaming\Mozilla\Firefox\Profiles\c3oadvvn.default-1416589200050\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-21]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-12-23]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-12-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-08-05]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-21]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-21] (AVAST Software)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64624 2014-05-15] (CyberGhost S.R.L)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [244448 2014-10-28] (Foxit Software Inc.)
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-10-22] (Ellora Assets Corp.) [File not signed]
R2 NetBalancerService; C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [129256 2014-09-25] (SeriousBit)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-21] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-05-09] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-21] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-21] ()
S3 ew_hwusbdev; C:\Windows\System32\DRIVERS\ew_hwusbdev.sys [117248 2014-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
S3 hwdatacard; C:\Windows\System32\DRIVERS\ewusbmdm.sys [121600 2014-12-03] (Huawei Technologies Co., Ltd.) [File not signed]
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R1 nbdrv; C:\Windows\System32\DRIVERS\nbdrv.sys [41392 2013-11-25] (SeriousBit)
S3 PcaSp60; C:\Windows\SysWOW64\DRIVERS\PcaSp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA))
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:58 - 2015-01-15 23:58 - 00000000 ____D () C:\Users\Jerekin\Desktop\FRST-OlderVersion
2015-01-15 23:52 - 2015-01-15 23:52 - 00001404 _____ () C:\Users\Jerekin\Desktop\JRT.txt
2015-01-15 23:40 - 2015-01-15 23:40 - 01707939 _____ (Thisisu) C:\Users\Jerekin\Desktop\JRT.exe
2015-01-15 23:24 - 2015-01-15 23:24 - 00002134 _____ () C:\Users\Jerekin\Desktop\AdwCleaner[S0].txt
2015-01-15 23:17 - 2015-01-15 23:21 - 00000000 ____D () C:\AdwCleaner
2015-01-15 23:08 - 2015-01-15 23:09 - 00019656 _____ () C:\Users\Jerekin\Desktop\mbam.txt
2015-01-15 23:08 - 2015-01-15 23:08 - 00001089 _____ () C:\Users\Public\Desktop\Foxit PhantomPDF.lnk
2015-01-15 23:08 - 2015-01-15 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2015-01-15 23:06 - 2015-01-15 23:06 - 02191360 _____ () C:\Users\Jerekin\Desktop\AdwCleaner_4.107.exe
2015-01-15 22:02 - 2015-01-15 22:13 - 358935776 _____ (Foxit Software Inc.) C:\Users\Jerekin\Desktop\FoxitPhantomPDF708_Business_L10N.exe
2015-01-15 21:56 - 2015-01-15 21:56 - 00000000 ____D () C:\Users\Jerekin\AppData\Roaming\SomePDF
2015-01-15 21:56 - 2015-01-15 21:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SomePDF
2015-01-15 21:56 - 2015-01-15 21:56 - 00000000 ____D () C:\Program Files (x86)\SomePDF
2015-01-15 21:52 - 2015-01-15 21:54 - 50224396 _____ () C:\Users\Jerekin\Desktop\FoxitPhantomPDF708_Standard_L10N.exe.part
2015-01-15 15:39 - 2015-01-15 15:39 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-14 17:58 - 2015-01-14 17:58 - 00000000 ____D () C:\Program Files (x86)\Internet Program
2015-01-14 15:58 - 2015-01-14 15:58 - 00025601 _____ () C:\ComboFix.txt
2015-01-14 15:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-14 15:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-14 15:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-14 15:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-14 15:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-14 15:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-14 15:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-14 15:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-14 15:44 - 2015-01-14 15:58 - 00000000 ____D () C:\Qoobox
2015-01-14 15:32 - 2015-01-14 15:32 - 05609736 ____R (Swearware) C:\Users\Jerekin\Desktop\ComboFix.exe
2015-01-14 15:31 - 2015-01-14 15:31 - 02785665 _____ (PortableApps.com) C:\Users\Jerekin\Desktop\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-01-14 15:31 - 2015-01-14 15:31 - 00000000 ____D () C:\Users\Jerekin\Desktop\RevoUninstallerPortable
2015-01-14 13:30 - 2015-01-14 13:38 - 00000000 ____D () C:\Program Files (x86)\ChrisPC Free VideoTube Downloader
2015-01-14 12:40 - 2015-01-14 12:40 - 00000000 ____D () C:\Users\Jerekin\Documents\StreamTransport
2015-01-14 07:24 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 07:24 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 07:24 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 07:24 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 07:24 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 07:24 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 07:24 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 07:24 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 07:24 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 07:24 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 07:24 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 07:24 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 07:24 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 01:53 - 2015-01-14 12:28 - 00000000 ____D () C:\Users\Jerekin\Desktop\test
2015-01-13 22:25 - 2015-01-16 00:01 - 00012827 _____ () C:\Users\Jerekin\Desktop\FRST.txt
2015-01-13 22:25 - 2015-01-16 00:00 - 00000000 ____D () C:\FRST
2015-01-13 22:24 - 2015-01-15 23:58 - 02125312 _____ (Farbar) C:\Users\Jerekin\Desktop\FRST64.exe
2015-01-13 22:24 - 2015-01-13 22:25 - 00000476 _____ () C:\Users\Jerekin\Desktop\defogger_disable.log
2015-01-13 22:24 - 2015-01-13 22:24 - 00000000 _____ () C:\Users\Jerekin\defogger_reenable
2015-01-13 22:23 - 2015-01-13 22:23 - 00050477 _____ () C:\Users\Jerekin\Desktop\Defogger.exe
2015-01-13 22:04 - 2015-01-13 22:04 - 00002049 _____ () C:\Users\Jerekin\Desktop\JDownloader 2.lnk
2015-01-13 22:04 - 2015-01-13 22:04 - 00000000 ____D () C:\Users\Jerekin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-01-13 21:59 - 2015-01-14 12:29 - 00000000 ____D () C:\Program Files (x86)\JDownloader v2.0
2015-01-13 21:44 - 2015-01-13 21:44 - 00000211 _____ () C:\Users\Jerekin\.swfinfo
2015-01-13 21:37 - 2015-01-13 22:08 - 00000000 ____D () C:\Program Files (x86)\ChrisPC VideoTube Downloader Pro
2015-01-11 22:14 - 2015-01-14 13:25 - 00000000 ____D () C:\Program Files (x86)\Dr. Hardware 2015
2015-01-11 22:14 - 2013-07-21 17:41 - 00013760 _____ () C:\Windows\system32\Drivers\DRHMSR64.sys
2015-01-11 22:14 - 2011-11-03 18:05 - 00021984 _____ (Licensed for Gebhard Software) C:\Windows\system32\Drivers\DRHARD64.sys
2015-01-11 14:28 - 2014-12-13 06:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-11 14:28 - 2014-12-13 04:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-09 10:25 - 2015-01-15 23:08 - 00000000 ____D () C:\Users\Public\Foxit Software
2015-01-09 10:25 - 2015-01-09 10:25 - 00001351 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2015-01-09 10:25 - 2015-01-09 10:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-01-07 10:49 - 2015-01-07 10:50 - 00603424 _____ () C:\Windows\Minidump\010715-79232-01.dmp
2015-01-04 22:40 - 2015-01-04 22:40 - 00006559 _____ () C:\Users\Jerekin\AppData\Local\recently-used.xbel
2015-01-03 15:46 - 2015-01-03 15:47 - 00002046 _____ () C:\Users\Jerekin\Desktop\Favoriten.lnk
2014-12-28 00:21 - 2014-12-28 00:21 - 00000000 ____D () C:\Users\Jerekin\Documents\Hedgewars
2014-12-26 23:33 - 2014-12-26 23:33 - 00000000 ____D () C:\Users\Jerekin\AppData\Local\Dekisoft
2014-12-26 23:33 - 2009-08-31 01:44 - 00430592 _____ (Dekisoft) C:\Users\Jerekin\Desktop\monoff.exe
2014-12-26 11:47 - 2014-12-26 11:48 - 00000191 _____ () C:\Users\Jerekin\Desktop\Control while Wheel.ahk
2014-12-23 23:12 - 2014-12-23 23:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-20 18:50 - 2014-12-20 18:51 - 00030949 _____ () C:\Users\Jerekin\Desktop\OpenDocument Text (neu).odt
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-15 23:50 - 2012-08-05 13:46 - 01128406 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 23:48 - 2013-04-15 20:57 - 00000000 ____D () C:\Windows\ERUNT
2015-01-15 23:32 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:32 - 2009-07-14 05:45 - 00014928 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 23:22 - 2014-10-18 13:51 - 00040524 _____ () C:\Windows\PFRO.log
2015-01-15 23:22 - 2014-10-18 09:34 - 00044296 _____ () C:\Windows\setupact.log
2015-01-15 23:07 - 2014-03-10 10:04 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2015-01-15 23:06 - 2014-10-31 09:57 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 23:04 - 2014-01-01 17:52 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-15 15:39 - 2014-10-31 09:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 15:39 - 2014-10-31 09:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-14 19:25 - 2013-06-19 00:47 - 00000000 ____D () C:\Users\Jerekin\AppData\Roaming\vlc
2015-01-14 17:58 - 2014-01-04 11:52 - 00000000 ___RD () C:\Users\Jerekin\Documents\Zwischenlager
2015-01-14 15:55 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-01-14 15:44 - 2014-10-30 11:41 - 00000000 ____D () C:\Windows\erdnt
2015-01-14 15:40 - 2012-09-09 10:47 - 00000438 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-01-14 13:46 - 2013-07-27 22:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 13:42 - 2012-08-05 19:30 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-13 22:24 - 2012-08-05 13:59 - 00000000 ____D () C:\Users\Jerekin
2015-01-11 17:22 - 2012-08-05 18:03 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-11 17:22 - 2012-08-05 18:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-11 17:22 - 2012-08-05 18:03 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-11 17:21 - 2014-06-13 23:37 - 00000000 ____D () C:\Users\Jerekin\AppData\Local\Adobe
2015-01-10 11:50 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-07 10:53 - 2009-07-14 18:58 - 00699666 _____ () C:\Windows\system32\perfh007.dat
2015-01-07 10:53 - 2009-07-14 18:58 - 00149774 _____ () C:\Windows\system32\perfc007.dat
2015-01-07 10:53 - 2009-07-14 06:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-07 10:49 - 2012-08-05 15:44 - 00000000 ____D () C:\Windows\Minidump
2015-01-07 10:48 - 2014-10-21 08:42 - 365394858 _____ () C:\Windows\MEMORY.DMP
2015-01-06 04:36 - 2012-08-05 18:07 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-04 22:40 - 2012-09-16 17:26 - 00000000 ____D () C:\Users\Jerekin\.gimp-2.8
2015-01-04 19:28 - 2014-06-03 17:37 - 00000000 ____D () C:\Users\Jerekin\AppData\Roaming\Mp3tag
2015-01-02 12:24 - 2014-12-01 13:43 - 00001826 _____ () C:\Users\Jerekin\Desktop\Pinnwand.lnk
2014-12-26 22:44 - 2012-08-05 05:08 - 00000000 ____D () C:\Users\Jerekin\Desktop\Purely Great Classics Disc 2
2014-12-24 16:04 - 2014-11-21 17:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
Some content of TEMP:
====================
C:\Users\Jerekin\AppData\Local\Temp\Quarantine.exe
C:\Users\Jerekin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-16 09:50
==================== End Of Log ============================ --- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Jerekin at 2015-01-16 00:01:21
Running from C:\Users\Jerekin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
µTorrent (HKU\S-1-5-21-3141859463-133168769-2000985078-1000\...\uTorrent) (Version: 3.4.2.31515 - BitTorrent Inc.)
7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.235 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM-x32\...\Steam App 221380) (Version: - Hidden Path Entertainment, Ensemble Studios)
Alps Pointing-device for VAIO (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: - ALPS ELECTRIC CO., LTD.)
AMD Catalyst Install Manager (HKLM\...\{C2956908-53A3-88FC-B795-B16508296FC4}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AniFX 1.0 (HKLM-x32\...\AniFX_is1) (Version: - )
Ant Renamer (HKLM-x32\...\Ant Renamer 2_is1) (Version: 2.10.0 - Ant Software)
ASUS Wireless Router Firmware Restoration Utility (HKLM-x32\...\{8CA9C449-C551-4DA2-A423-F0F62E6A04CB}) (Version: 2.0.0.0 - ASUS)
AutoHotkey 1.1.16.05 (HKLM\...\AutoHotkey) (Version: 1.1.16.05 - Lexikos)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Broadcom InConcert Maestro (HKLM\...\{57DD35E9-D9BB-4089-BB05-EF933C586CB3}) (Version: 1.0.1.2100 - Broadcom Corporation)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: - )
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon MP230 series Benutzerregistrierung (HKLM-x32\...\Canon MP230 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MP230 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP230_series) (Version: 1.00 - Canon Inc.)
Canon MP230 series On-screen Manual (HKLM-x32\...\Canon MP230 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CastleStorm (HKLM-x32\...\Steam App 241410) (Version: - Zen Studios)
CCleaner (HKLM\...\CCleaner) (Version: 3.14 - Piriform)
ClipboardPath (Aktueller Benutzer) (HKU\S-1-5-21-3141859463-133168769-2000985078-1000\...\SB_ClipboardPath) (Version: 1.2.4 - Stefan Bertels)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
Deadlight (HKLM-x32\...\Steam App 211400) (Version: - Tequila Works, S.L.)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 2.3.25.1124 - Foxit Software Inc.)
Foxit PhantomPDF Business (HKLM-x32\...\{F54D6DB2-CEE3-4089-BE83-09F4DD180B4E}) (Version: 7.0.8.1216 - Foxit Software Inc.)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 7.0.6.1126 - Foxit Software Inc.)
Free Audio Converter version 5.0.16.819 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.16.819 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.9.822 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.9.822 - DVDVideoSoft Ltd.)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.7.1 - Ellora Assets Corporation)
GIMP 2.8.2 (HKLM\...\GIMP-2_is1) (Version: 2.8.2 - The GIMP Team)
Hammerwatch (HKLM-x32\...\1207659483_is1) (Version: 2.5.0.8 - GOG.com)
Hedgewars (HKLM-x32\...\hedgewars) (Version: 0.9.20 - Hedgewars Project)
Image to PDF Converter version 4.0 (HKLM-x32\...\{34F5BD13-DBBD-4BD3-8C9F-5F11D5567324}_is1) (Version: 4.0 - Winsome Technologies)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
inSSIDer Home (HKLM-x32\...\{9E54E4AE-B67A-4925-8E92-0E1F9817FD73}) (Version: 3.1.2.1 - MetaGeek, LLC)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217071FF}) (Version: 7.0.710 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JPEGmini (HKU\S-1-5-21-3141859463-133168769-2000985078-1000\...\5d2010e174743543) (Version: 1.8.23.0 - ICVT Ltd)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games )
League of Legends (x32 Version: 3.0.1 - Riot Games ) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Logitech Gaming Software 8.56 (HKLM\...\Logitech Gaming Software) (Version: 8.56.109 - Logitech Inc.)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mark of the Ninja (HKLM-x32\...\Steam App 214560) (Version: - Klei Entertainment)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Medal of Honor(TM) Multiplayer (HKLM-x32\...\Steam App 47830) (Version: - Electronic Arts)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Age of Empires II (HKLM-x32\...\Age of Empires 2.0) (Version: - )
Microsoft Network Monitor 3.4 (HKLM\...\{8C5B5A11-CBF8-451B-B201-77FAB0D0B77D}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Network Monitor: NetworkMonitor Parsers 3.4 (HKLM\...\{963E5FEB-1367-46B9-851D-A957F1A3747F}) (Version: 3.4.2350.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
MinecraftAlpha (HKLM-x32\...\MinecraftAlpha) (Version: - )
Mosaic Creator 3.1 (HKLM-x32\...\Mosaic Creator_is1) (Version: - )
Mozilla Firefox 34.0.5 (x86 de) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 de)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1.1 - Mozilla)
Mp3tag v2.59a (HKLM-x32\...\Mp3tag) (Version: v2.59a - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
NetBalancer (HKLM\...\NetBalancer_is1) (Version: - SeriousBit)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.1.8 - )
NVIDIA PhysX (HKLM-x32\...\{1C4551A6-4743-4093-91E4-1477CD655043}) (Version: 9.09.0203 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
Path of Exile (HKLM-x32\...\Steam App 238960) (Version: - Grinding Gear Games)
PDF Split And Merge Basic (HKLM\...\{C91B24F6-1629-11E2-B696-21676188709B}) (Version: 2.2.2 - Andrea Vacondio)
PDFill PDF Editor with FREE Writer and FREE Tools (HKLM\...\{D1399216-81B2-457C-A0F7-73B9A2EF6902}) (Version: 11.0 - PlotSoft LLC)
Port Forward Network Utilities (HKLM-x32\...\{88B1D36C-7B70-4C48-8D2F-AAB956ECF4C3}) (Version: 2.0.5 - Portforward, LLC)
Process Lasso (HKLM-x32\...\ProcessLasso) (Version: 7.0.0.0 - Bitsum)
Protect Disc License Helper 1.0.118 (HKLM-x32\...\Protect Disc License Helper) (Version: 1.0.118 - Protect Disc)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.11 - ProtectDisc Software GmbH)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7240 - Realtek Semiconductor Corp.)
Scan Tailor (HKLM-x32\...\Scan Tailor) (Version: - )
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SlimDrivers (HKLM-x32\...\{A5457401-D56A-43F2-9524-78E54A7FC07A}) (Version: 2.2.32705 - SlimWare Utilities, Inc.)
Soldat 1.6.7 (HKLM-x32\...\Soldat_is1) (Version: 1.6.7 - Michal Marcinkowski)
Some PDF to Txt Converter 2.0 (HKLM-x32\...\Some PDF to Txt Converter_is1) (Version: - SomePDF.com)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
Starbound (HKLM-x32\...\Steam App 211820) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader Extreme HD (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: 1.30.1001 - Firefly Studios)
Stronghold HD (HKLM-x32\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.30.0001 - Firefly Studios)
TagScanner 5.1.649 (HKLM-x32\...\TagScanner_is1) (Version: - Sergey Serkov)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version: - Runic Games)
Trine 1.08 (HKLM-x32\...\Trine_is1) (Version: - Frozenbyte, Inc.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WIDCOMM Bluetooth Software (HKLM\...\{C6C9D5F7-630C-4125-8C4E-94AF77C1896E}) (Version: 6.4.0.2100 - Broadcom Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{3577E42B-3347-4EB8-BFDA-D36E8ED3C519}) (Version: 1.0.24.0 - Microsoft Corporation)
World of Goo (HKLM-x32\...\Steam App 22000) (Version: - 2D BOY )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
09-01-2015 11:09:21 Windows Update
10-01-2015 10:13:36 Windows Update
11-01-2015 18:41:40 Windows Update
14-01-2015 13:42:00 Windows Update
14-01-2015 15:33:45 Revo Uninstaller's restore point - Internet Program
14-01-2015 15:39:24 Revo Uninstaller's restore point - Verbindungsassistent
14-01-2015 15:40:48 Revo Uninstaller's restore point - vi-view uninstall
14-01-2015 15:42:41 Revo Uninstaller's restore point - vi-view uninstall
15-01-2015 23:05:55 Installed Foxit PhantomPDF Business
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-10-30 11:56 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {053A9449-DBB0-406B-A4EE-01D374B5857C} - System32\Tasks\{42AA8307-C4D6-4C5C-A8C2-CBC1B05C5404} => Firefox.exe hxxp://ui.skype.com/ui/0/6.16.0.105/de/abandoninstall?page=tsProgressBar
Task: {1471084A-1471-4796-8415-E6C21B03FCF4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-21] (AVAST Software)
Task: {169507D1-3B02-4040-8C5F-53D5BA7DAD23} - System32\Tasks\{2EC83A6C-8941-4094-BB5D-F6A0DFDF4E24} => pcalua.exe -a C:\Users\Jerekin\Desktop\ALDOTH-70164266-32.EXE -d C:\Users\Jerekin\Desktop
Task: {2578DE91-93D6-4856-AB86-81676CA23869} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {5CA8C897-BF8F-4EFD-B641-026A4D704474} - System32\Tasks\FastFix_Start => C:\Program Files (x86)\FastFix PRO\FastFixPRO.exe
Task: {618ADCB4-568D-4121-86F4-451349DA8F7A} - System32\Tasks\Razer_Game_Booster_AutoUpdate => C:\Program Files (x86)\Razer\Razer Game Booster\AutoUpdate.exe
Task: {677D67BB-8E2C-4DA0-809C-7AF06E4C09C6} - System32\Tasks\Process Lasso Management Console (GUI) => C:\Program Files\Process Lasso\processlasso.exe [2014-10-25] (Bitsum LLC)
Task: {88D9CCC4-EEBD-47D8-9D44-C8B5A1C86E5F} - System32\Tasks\{F008FF15-BEE6-4192-8DE1-896603BD0008} => pcalua.exe -a "C:\Program Files (x86)\Common Files\DVDVideoSoft\Uninstall.exe" -d "C:\Program Files (x86)\Common Files\DVDVideoSoft"
Task: {B9A81DC7-3FC8-4A40-AE57-FE7E99110ED2} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe
Task: {BB3E2968-1108-48EF-82CB-53A4C9998139} - System32\Tasks\{372F9251-473B-48CD-A8BC-B2F06A1E7E3F} => pcalua.exe -a C:\Users\Jerekin\Desktop\irfanview_plugins_435_setup.exe -d C:\Users\Jerekin\Desktop
Task: {DFDD7C05-3A8F-494D-93DE-A7458C3E92D7} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {EF319782-796B-48EB-B4B8-AC40FA1018C2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-11] (Adobe Systems Incorporated)
Task: {F2F902CD-DA7F-4278-967B-853F69BE4028} - System32\Tasks\Process Lasso Core Engine Only => C:\Program Files\Process Lasso\processgovernor.exe [2014-10-25] (Bitsum LLC)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\Windows\Tasks\Process Lasso Core Engine Only.job => C:\Program Files\Process Lasso\ProcessGovernor.exe
Task: C:\Windows\Tasks\Process Lasso Management Console (GUI).job => C:\Program Files\Process Lasso\ProcessLasso.exe
==================== Loaded Modules (whitelisted) =============
2014-09-16 22:02 - 2014-09-16 22:02 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-09-16 22:02 - 2014-09-16 22:02 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2014-10-13 23:11 - 2014-09-25 07:06 - 00114688 _____ () C:\Program Files\NetBalancer\Events.dll
2014-10-13 23:12 - 2014-10-13 23:12 - 00217832 _____ () C:\Windows\Microsoft.Net\assembly\GAC_MSIL\SeriousBit.NetBalancer.DeskBand\v4.0_1.0.0.0__ce1333cc798c13ee\SeriousBit.NetBalancer.DeskBand.dll
2014-10-13 23:11 - 2014-09-25 07:07 - 00217320 _____ () C:\Program Files\NetBalancer\PacketDotNet.dll
2014-10-13 23:11 - 2014-09-25 07:06 - 00031744 _____ () C:\Program Files\NetBalancer\BugReporting.dll
2015-01-15 21:57 - 2015-01-15 21:57 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll
2014-11-21 22:24 - 2014-11-21 22:24 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: CGVPNCliSrvc => 3
MSCONFIG\Services: FreemakeVideoCapture => 2
MSCONFIG\Services: Hamachi2Svc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AutoStartNPSAgent => C:\Program Files (x86)\Samsung\Samsung New PC Studio\NPSAgent.exe
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.EXE" /autostart
MSCONFIG\startupreg: EEventManager => "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
MSCONFIG\startupreg: EPLTarget =>
MSCONFIG\startupreg: KiesAirMessage => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPreload => C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: NetBalancer => C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
MSCONFIG\startupreg: RazerGameBooster => C:\Program Files (x86)\Razer\Razer Game Booster\RazerGameBooster.exe -autorun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: StartCCC => "C:\Program Files (x86)\ATI.ACE\Core-Static\CLIStart.exe" MSRun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: XboxStat => "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
========================= Accounts: ==========================
Administrator (S-1-5-21-3141859463-133168769-2000985078-500 - Administrator - Disabled)
fbwuser (S-1-5-21-3141859463-133168769-2000985078-1005 - Limited - Enabled)
Gast (S-1-5-21-3141859463-133168769-2000985078-501 - Limited - Disabled)
Jerekin (S-1-5-21-3141859463-133168769-2000985078-1000 - Administrator - Enabled) => C:\Users\Jerekin
==================== Faulty Device Manager Devices =============
Name: FOXCONN-T77H114-BCM2070
Description: FOXCONN-T77H114-BCM2070
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Broadcom
Service: BTHUSB
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-10-30 11:53:15.808
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-10-30 11:53:15.730
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-06 19:34:42.175
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-06 19:34:42.082
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-06 19:33:14.031
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-06-06 19:33:13.931
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\mbmiodrvr.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU M 460 @ 2.53GHz
Percentage of memory in use: 31%
Total physical RAM: 3950.1 MB
Available physical RAM: 2714.46 MB
Total Pagefile: 7898.38 MB
Available Pagefile: 6568.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:131.2 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4E0AB827)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================ |