| Gerhard_ | 18.02.2015 11:07 |
Besten Dank für deine Hilfe soweit!FRST Additions Logfile: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-02-2015
Ran by Stefan at 2015-02-18 11:02:05
Running from C:\Users\Stefan\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alarmstufe Rot 3.03p-Iran (HKLM-x32\...\{9BCC0F2C-63C1-4569-BEE6-E3A3A377C0F8}_is1) (Version: 3.03p-Iran - FunkyFr3sh)
Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
Baldur's Gate II: Enhanced Edition (HKLM-x32\...\Steam App 257350) (Version: - Beamdog)
Baldurs Gate(TM) II - Thron des Bhaal (TM) (HKLM-x32\...\{5B09F344-4406-11D5-96E8-0050BA84F5F7}) (Version: - )
Battle vs. Chess Demo (HKLM-x32\...\Battle vs. Chess Demo_is1) (Version: 1.0 - Zuxxez Entertainment)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
Battlefield 1942 (HKLM-x32\...\{698D7E61-E4BF-4CA6-8A09-CF6BDBFDEF65}) (Version: - )
Battlefield 1942: Secret Weapons of WWII (HKLM-x32\...\{B73B4A99-4173-4747-BBEC-0F05E966F9D2}) (Version: - )
Battlefield 1942: The Road To Rome (HKLM-x32\...\{D057AA08-8CBF-42E3-9EAB-23B8FED1C279}) (Version: - )
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Command & Conquer Teil 3: Operation Tiberian Sun (HKLM-x32\...\Tiberian Sun) (Version: - )
Counter-Strike: Condition Zero (HKLM-x32\...\Counter-Strike: Condition Zero) (Version: - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Dark Souls Prepare to Die Edition (HKLM-x32\...\GFWL_{4E4D0FA1-F880-4CCB-999A-501000008200}) (Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.)
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0000.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
Dark Souls Prepare to Die Edition (x32 Version: 1.0.0002.130 - NAMCO BANDAI Games Europe S.A.S.) Hidden
DARK SOULS™ II (HKLM-x32\...\Steam App 236430) (Version: - FromSoftware, Inc)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Dragon Age II (HKLM-x32\...\{F2E23139-3404-4E3C-9855-7724415D62A5}) (Version: 1.04 - Electronic Arts, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
Empire: Total War (HKLM-x32\...\Steam App 10500) (Version: - The Creative Assembly)
F.E.A.R. Mission Perseus (HKLM-x32\...\{99889189-C739-4A46-BA02-3B271A118957}) (Version: 1.00.0000 - Sierra Entertainment, Inc.)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Far Cry 3 (HKLM-x32\...\{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}) (Version: 1.05 - Ubisoft)
Gangsters (HKLM-x32\...\Gangsters) (Version: - )
Gemeinsam genutzte Internet-Komponenten von Westwood (HKLM-x32\...\WOLAPI) (Version: - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
Hitman: Absolution (HKLM-x32\...\Steam App 203140) (Version: - Square Enix)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2712 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.1.209 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan)
Jagged Alliance 2 (HKLM-x32\...\Jagged Alliance 2) (Version: - )
Jagged Alliance 2: Unfinished Business (HKLM-x32\...\Jagged Alliance 2: Unfinished Business) (Version: - )
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
King’s Bounty – Gold Edition (HKLM-x32\...\King’s Bounty – Gold Edition_is1) (Version: - dtp)
King’s Bounty: The Legend (Nur entfernen) (HKLM-x32\...\{E43ED0A0-C85E-40F0-807C-6A8A9D2FAEF3}_is1) (Version: 1.0.0.0 - Nobilis)
King's Bounty - Armored Princess (HKLM-x32\...\King's Bounty - Armored Princess_is1) (Version: - dtp)
King's Bounty: Dark Side (HKLM-x32\...\Steam App 289520) (Version: - 1C-SoftClub)
King's Bounty: Warriors of the North (HKLM-x32\...\Steam App 203350) (Version: - 1C-SoftClub)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Mafia II (HKLM-x32\...\Steam App 50130) (Version: - 2K Czech)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
Microsoft Office Excel Viewer (HKLM-x32\...\{95120000-003F-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office XP Professional (HKLM-x32\...\{90110407-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2701.01 - Microsoft Corporation)
Microsoft Rise Of Nations (HKLM-x32\...\RiseOfNations 1.0) (Version: - Microsoft)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Myth II (HKLM-x32\...\Myth II) (Version: - )
Nox (HKLM-x32\...\Nox) (Version: - )
NVIDIA GeForce Experience 2.1.4.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.0.107 - Panda Security)
Planescape - Torment (HKLM-x32\...\Planescape - Torment) (Version: - )
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.50.1123.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6716 - Realtek Semiconductor Corp.)
Rise of Nations Thrones and Patriots (HKLM-x32\...\RiseofNationsExpansion 1.0) (Version: - )
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.69 - NVIDIA Corporation) Hidden
Shredder Classic 4 (HKLM-x32\...\{C0FA6973-0ED6-4523-9593-BE50927A28BB}_is1) (Version: - Stefan Meyer-Kahlen)
Silent Storm Complete (HKLM-x32\...\{90A62700-3425-4400-BF2E-43C023850F0B}_is1) (Version: - Nordic Games GmbH)
Snes9x (HKLM-x32\...\Snes9x) (Version: - )
Star Wars(TM): Knights of the Old Republic (TM) (HKLM-x32\...\{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Stronghold Crusader (HKLM-x32\...\{8C3727F2-8E37-49E4-820C-03B1677F53B6}) (Version: - )
Sudden Strike - Resource War (HKLM-x32\...\Sudden Strike - Resource War) (Version: - )
Sudden Strike 2 (HKLM-x32\...\{6FF2A524-CB35-4EF4-A71D-4CB938304E66}_is1) (Version: - UIG GmbH)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.13 - TeamSpeak Systems GmbH)
The Gladiators (HKLM-x32\...\The Gladiators_is1) (Version: - )
Titan Quest (HKLM-x32\...\{412B69AF-C352-4F6F-A318-B92B3CB9ACC6}) (Version: 1.00.0000 - Iron Lore)
Titan Quest Immortal Throne (HKLM-x32\...\{B5C5C17E-FEF6-4062-8151-A427AE8AF9D7}) (Version: 1.00.0000 - Iron Lore)
TP-LINK TL-WN725N_TL-WN723N Treiber (HKLM-x32\...\{3C3F9CEB-2C5A-4A47-8EAA-DA76037546BA}) (Version: 1.3.1 - TP-LINK)
TP-LINK-Konfigurationstool (HKLM-x32\...\{319D91C6-3D44-436C-9F79-36C0D22372DC}) (Version: 1.3.1 - TP-LINK)
Tropico 3 1.00 (HKLM-x32\...\Tropico3) (Version: 1.00 - Kalypso Media)
Unity Web Player (HKU\S-1-5-21-1645163302-150369767-2613642291-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
Uplay (HKLM-x32\...\Uplay) (Version: 2.0 - Ubisoft)
Warcraft III (HKLM-x32\...\Warcraft III) (Version: - )
Warcraft III: All Products (HKU\S-1-5-21-1645163302-150369767-2613642291-1000\...\Warcraft III) (Version: - )
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xfire (remove only) (HKLM-x32\...\Xfire) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
10-02-2015 13:48:02 Windows Update
13-02-2015 15:37:19 Windows Update
13-02-2015 23:48:13 Windows Update
14-02-2015 15:59:12 Windows Update
17-02-2015 19:14:10 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0A50031B-B8DC-48E7-B840-6E285F585039} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {1A3AB73E-9F43-41F4-AE11-1E1F8A308796} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {2840D10F-B2E6-48E6-A27F-D5B1C4CBB9E5} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {3990ADB8-55DF-4670-8B41-66F14792B968} - System32\Tasks\{27405193-80C5-44EB-AEF4-AF781FD66D9B} => pcalua.exe -a "C:\Users\Stefan\Desktop\diverse exen\Office Open\setup.exe" -d "C:\Users\Stefan\Desktop\diverse exen\Office Open"
Task: {39F030CF-F766-4131-99C4-60C8A7D658ED} - System32\Tasks\{B09BC8F9-958B-45C2-A159-209D0439B979} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {3D33E3CD-4523-4E1D-B157-24816846901D} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {5A5E9FD3-E34B-4CD9-89B2-86BF100B97CA} - System32\Tasks\{9977C83F-A47B-42AD-8C34-DF826719B986} => pcalua.exe -a C:\Users\Stefan\Desktop\SWKotOR1_03.exe -d C:\Users\Stefan\Desktop
Task: {5ADDF5AF-EEED-4777-8FB3-5DD5B67911C1} - System32\Tasks\{B9CE3858-1BA0-428A-A32D-CE1CC9B8C37C} => pcalua.exe -a C:\Users\Stefan\Desktop\JA2_113_FullRelease_German_4870.exe -d C:\Users\Stefan\Desktop
Task: {61C4FF1F-9D6F-4894-A753-C9B2053E3E18} - System32\Tasks\{2DEA0082-6B4B-47DC-B53E-CE433F9FC986} => pcalua.exe -a C:\Treiber\Sound\Setup.exe -d C:\Treiber\Sound
Task: {667218A6-C213-4406-AE77-8CAB75B883BD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {8EE00299-F4C7-4FD2-AD1B-34CD2679B119} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {91372162-277E-4A4F-88F7-0E798174F13E} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {A1EA04D8-6DD5-4D2E-9045-8137ECB0E93C} - System32\Tasks\{E1733654-6272-4843-9B0A-CE0B987D124F} => pcalua.exe -a "C:\Users\Stefan\Desktop\Ja 2 Edit\Proedit_Se_Ja2.exe" -d "C:\Users\Stefan\Desktop\Ja 2 Edit"
Task: {AB70B14E-641C-4373-83C6-4C8B7D1AE4BC} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-05-15] (Samsung Electronics Co., Ltd.)
Task: {CF6E8753-9D53-4E1D-B0E8-86F7FE506BC9} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-12 01:05 - 2014-11-13 01:20 - 00013120 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-12 01:10 - 2014-11-12 22:56 - 00118080 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2014-01-15 19:24 - 2014-01-15 19:24 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-12-01 21:34 - 2012-02-13 15:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2012-03-26 16:33 - 2013-04-12 06:30 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-12-12 01:05 - 2014-11-13 01:20 - 00010952 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
2014-12-01 21:34 - 2011-02-17 01:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-12-01 21:34 - 2006-08-12 12:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1645163302-150369767-2613642291-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Stefan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-1645163302-150369767-2613642291-500 - Administrator - Disabled)
Gast (S-1-5-21-1645163302-150369767-2613642291-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1645163302-150369767-2613642291-1004 - Limited - Enabled)
Stefan (S-1-5-21-1645163302-150369767-2613642291-1000 - Administrator - Enabled) => C:\Users\Stefan
==================== Faulty Device Manager Devices =============
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/18/2015 10:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Steam.exe, Version 2.59.12.64 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: ce0
Startzeit: 01d04b5a4b6870f0
Endzeit: 1264
Anwendungspfad: C:\Program Files (x86)\Steam\Steam.exe
Berichts-ID: 36a7bb77-b750-11e4-bca3-c48508557e03
Error: (02/18/2015 10:06:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 08:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x408
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/15/2015 08:27:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x8c8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/15/2015 08:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x140c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/15/2015 08:27:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0xae8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/14/2015 04:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
System errors:
=============
Error: (02/18/2015 10:06:49 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\DRIVERS\PSKMAD.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/18/2015 10:05:23 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\DRIVERS\PSKMAD.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/18/2015 10:04:44 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\DRIVERS\PSKMAD.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/18/2015 10:03:30 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {078AEF33-C48A-49F7-AFF3-A0EE810BFE7C}
Error: (02/18/2015 09:25:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\System32\DRIVERS\PSKMAD.sys nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (02/17/2015 07:07:07 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFAN-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.34
registriert werden. Der Computer mit IP-Adresse 192.168.178.31 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/17/2015 07:07:07 PM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFAN-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.34
registriert werden. Der Computer mit IP-Adresse 192.168.178.31 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/17/2015 07:07:07 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{34A4ED3E-3044-49F0-9E3C-7C004A008A4C} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (02/14/2015 00:13:47 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFAN-PC :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.34
registriert werden. Der Computer mit IP-Adresse 192.168.178.31 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Error: (02/14/2015 00:13:46 AM) (Source: NetBT) (EventID: 4321) (User: )
Description: Der Name "STEFAN-PC :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.34
registriert werden. Der Computer mit IP-Adresse 192.168.178.31 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.
Microsoft Office Sessions:
=========================
Error: (02/18/2015 10:26:36 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Steam.exe2.59.12.64ce001d04b5a4b6870f01264C:\Program Files (x86)\Steam\Steam.exe36a7bb77-b750-11e4-bca3-c48508557e03
Error: (02/18/2015 10:06:05 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/15/2015 08:27:22 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f224800000030000142540801d048f0b28c227aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll14934d08-b4e4-11e4-b07b-c48508557e03
Error: (02/15/2015 08:27:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f22480000003000014258c801d048f074702d6aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll13188e5c-b4e4-11e4-b07b-c48508557e03
Error: (02/15/2015 08:27:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425140c01d048f07482cb50C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll12551470-b4e4-11e4-b07b-c48508557e03
Error: (02/15/2015 08:27:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425ae801d048f0745c2fefC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1023fb69-b4e4-11e4-b07b-c48508557e03
Error: (02/14/2015 04:15:35 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD initialization failed [6]
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcFailed to set NvVAD endpoint as default Audio endpoint [0]
Error: (02/14/2015 04:14:04 PM) (Source: NvStreamSvc) (EventID: 1) (User: )
Description: NvStreamSvcNvVAD endpoint registration failed [0]
CodeIntegrity Errors:
===================================
Date: 2015-02-18 01:35:18.925
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 01:35:18.924
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 01:35:18.923
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 01:35:18.894
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 01:35:18.893
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-18 01:35:18.892
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-15 02:26:32.915
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-15 02:26:32.915
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-15 02:26:32.915
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2015-02-15 02:26:32.899
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-3210M CPU @ 2.50GHz
Percentage of memory in use: 24%
Total physical RAM: 8087.88 MB
Available physical RAM: 6117.48 MB
Total Pagefile: 16173.95 MB
Available Pagefile: 14030.61 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:175.76 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B561149F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
==================== End Of Log ============================
--- --- ---
Ich habe inzwischen durch einen früheren Verdacht ( der sich nicht erhärtete) eine ganze Reihe solcher Tools wie z.B. AdwCleaner , mbar usw.
Kann es sein das die sich gegenseitig erkennen?So hat mbar z.B. nichts gefunden.
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-02-2015
Ran by Stefan (administrator) on STEFAN-PC on 18-02-2015 11:06:08
Running from C:\Users\Stefan\Desktop
Loaded Profiles: Stefan (Available profiles: Stefan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-20] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2465088 2014-11-17] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1645163302-150369767-2613642291-1000\...\Policies\system: [DisableLockWorkstationMythBackup] 0
BootExecute: autocheck autochk * PCloudBroom64.exe \systemroot\system32\BroomData.bitPCloudBroom64.exe \systemroot\system32\BroomData.bit
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1645163302-150369767-2613642291-1000\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1645163302-150369767-2613642291-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://localoem.msn.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1645163302-150369767-2613642291-1000 -> {13F4DD3D-4124-4F61-97DB-C8D02BD8DE85} URL =
SearchScopes: HKU\S-1-5-21-1645163302-150369767-2613642291-1000 -> {3ECC6F9B-7E2E-4A2C-8414-40585326257B} URL =
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Stefan\AppData\Roaming\Mozilla\Firefox\Profiles\orux7ehe.default-1423440389579
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1645163302-150369767-2613642291-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Stefan\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-1645163302-150369767-2613642291-1000: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2015-01-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2015-01-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2015-01-18]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1149760 2014-11-17] (NVIDIA Corporation)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe [270336 2001-02-23] (Microsoft Corporation) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1796928 2014-11-17] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19821376 2014-11-17] (NVIDIA Corporation)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1903472 2014-12-18] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-01-15] ()
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2014-10-02] ()
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2015-01-18] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2015-01-18] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2015-01-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2014-10-02] ()
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20800 2014-11-17] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [47632 2013-04-29] (Panda Security, S.L.)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1528976 2013-03-05] (Realtek Semiconductor Corporation )
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 11:02 - 2015-02-18 11:02 - 00033593 _____ () C:\Users\Stefan\Desktop\Addition.txt
2015-02-18 11:01 - 2015-02-18 11:06 - 00014218 _____ () C:\Users\Stefan\Desktop\FRST.txt
2015-02-18 11:01 - 2015-02-18 11:01 - 00000000 ____D () C:\Users\Stefan\Desktop\FRST-OlderVersion
2015-02-14 13:24 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-14 13:24 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-14 13:24 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-14 13:24 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-11 21:24 - 2015-02-11 21:24 - 00000772 _____ () C:\Users\Stefan\Desktop\JRT.txt
2015-02-11 21:18 - 2015-02-11 21:18 - 01388274 _____ (Thisisu) C:\Users\Stefan\Desktop\JRT.exe
2015-02-11 21:11 - 2015-02-11 21:12 - 00000000 ____D () C:\AdwCleaner
2015-02-11 21:10 - 2015-02-11 21:10 - 02112512 _____ () C:\Users\Stefan\Desktop\AdwCleaner_4.110.exe
2015-02-11 19:29 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 19:29 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 19:29 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 19:29 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 19:29 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 19:29 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 19:29 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 19:29 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 19:29 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 19:29 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 19:29 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 19:29 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 19:28 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 19:28 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 19:28 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 19:28 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 19:28 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 19:28 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 19:28 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 19:28 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 19:28 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 19:28 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 19:28 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 19:28 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 19:28 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 19:28 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 19:28 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 19:28 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 19:28 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 19:28 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 19:28 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 19:28 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 19:28 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 19:28 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 19:28 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 19:28 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 19:28 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 19:28 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 19:28 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 19:28 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 19:28 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 19:28 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 19:28 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 19:28 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 19:28 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 19:28 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 19:28 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 19:28 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 19:28 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 19:28 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 19:28 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 19:28 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 19:28 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 19:28 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 19:27 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 19:27 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 19:27 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 19:27 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 19:27 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 19:27 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 19:27 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 19:27 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 19:27 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 19:27 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 19:27 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 19:27 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 19:27 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 19:27 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 19:27 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 19:27 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 19:27 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 19:27 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 19:27 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 19:27 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 19:27 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 19:27 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 19:27 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 19:27 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 19:27 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 19:27 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 19:27 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 19:27 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 19:27 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 19:26 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 19:26 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 19:26 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 19:26 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 19:26 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 19:26 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 19:26 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-11 19:26 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 19:26 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 19:26 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-09 16:34 - 2015-02-18 11:00 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-09 16:34 - 2015-02-18 10:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-09 16:34 - 2015-02-09 16:34 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-09 16:33 - 2015-02-18 11:00 - 00000000 ____D () C:\Users\Stefan\Desktop\mbar
2015-02-09 16:33 - 2015-02-18 10:44 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-09 16:32 - 2015-02-09 16:32 - 16466552 _____ (Malwarebytes Corp.) C:\Users\Stefan\Desktop\mbar-1.08.3.1004.exe
2015-02-09 15:49 - 2015-02-18 11:06 - 00000000 ____D () C:\FRST
2015-02-09 15:49 - 2015-02-18 11:01 - 02085888 _____ (Farbar) C:\Users\Stefan\Desktop\FRST64.exe
2015-02-09 01:10 - 2015-02-09 01:10 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-09 01:10 - 2015-02-09 01:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-02-09 01:06 - 2015-02-09 01:06 - 00000000 ____D () C:\Users\Stefan\Desktop\Old Firefox Data
2015-02-04 15:04 - 2015-02-04 15:04 - 00000000 ____D () C:\Users\Stefan\Desktop\Geomatik
2015-02-03 12:23 - 2015-02-02 10:40 - 03942400 _____ () C:\Users\Stefan\Desktop\vorlage-pp - Kopie.ppt
2015-01-22 18:46 - 2015-01-22 18:48 - 00000000 ____D () C:\Users\Stefan\Desktop\lernen ws 2014
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-18 11:05 - 2013-04-05 17:33 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-18 10:11 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-18 10:11 - 2009-07-14 05:45 - 00028320 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-18 10:08 - 2013-04-12 20:13 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-18 10:08 - 2013-04-05 17:09 - 01704449 _____ () C:\Windows\WindowsUpdate.log
2015-02-18 10:05 - 2013-04-05 18:34 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-02-18 10:04 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-18 10:04 - 2009-07-14 05:51 - 00104261 _____ () C:\Windows\setupact.log
2015-02-18 10:03 - 2013-08-30 21:21 - 00000000 ____D () C:\Users\Stefan\AppData\Roaming\TS3Client
2015-02-18 10:02 - 2014-10-20 11:08 - 00000630 _____ () C:\Windows\SysWOW64\BroomData.bit
2015-02-14 21:29 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-13 23:54 - 2009-07-14 05:45 - 00315584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-13 23:53 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-13 23:52 - 2014-12-12 00:37 - 00000000 ____D () C:\ProgramData\Package Cache
2015-02-13 23:52 - 2010-11-21 04:47 - 00118596 _____ () C:\Windows\PFRO.log
2015-02-13 23:43 - 2013-04-12 07:29 - 00000000 ____D () C:\Program Files (x86)\Atheros
2015-02-13 23:43 - 2013-04-12 06:52 - 00000184 _____ () C:\setup.log
2015-02-13 23:43 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-09 01:16 - 2013-04-05 22:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-09 01:10 - 2013-04-05 22:07 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-05 22:05 - 2013-04-05 17:33 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 22:05 - 2013-04-05 17:33 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 22:05 - 2013-04-05 17:33 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 21:20 - 2013-04-06 22:33 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Adobe
2015-02-02 13:04 - 2014-03-13 23:01 - 00000000 ____D () C:\Users\Stefan\AppData\Local\Battle.net
2015-02-02 12:32 - 2014-03-22 01:16 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2015-02-02 12:26 - 2013-04-12 18:56 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2015-02-02 12:19 - 2014-03-13 23:01 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2015-02-02 10:43 - 2011-04-12 08:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2015-02-02 10:43 - 2011-04-12 08:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2015-02-02 10:43 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 06:01 - 2014-12-11 18:42 - 00000000 ____D () C:\ProgramData\Origin
2015-01-26 20:33 - 2014-12-11 18:42 - 00000000 ____D () C:\Program Files (x86)\Origin
==================== Files in the root of some directories =======
2014-12-10 18:01 - 2014-12-10 18:01 - 0109563 _____ () C:\Users\Stefan\AppData\Local\ars.cache
2014-12-10 18:01 - 2014-12-10 18:01 - 0223255 _____ () C:\Users\Stefan\AppData\Local\census.cache
2014-12-10 17:46 - 2014-12-10 17:46 - 0000036 _____ () C:\Users\Stefan\AppData\Local\housecall.guid.cache
Some content of TEMP:
====================
C:\Users\Stefan\AppData\Local\Temp\APNSetup.exe
C:\Users\Stefan\AppData\Local\Temp\bxf_6jmt.dll
C:\Users\Stefan\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Stefan\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Stefan\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Stefan\AppData\Local\Temp\drm_dyndata_7330017.dll
C:\Users\Stefan\AppData\Local\Temp\drm_dyndata_7380006.dll
C:\Users\Stefan\AppData\Local\Temp\EBU287C.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU5D42.EXE
C:\Users\Stefan\AppData\Local\Temp\EBU6158.DLL
C:\Users\Stefan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Stefan\AppData\Local\Temp\lxm3beva.dll
C:\Users\Stefan\AppData\Local\Temp\PCloudCleanerUpdater.exe
C:\Users\Stefan\AppData\Local\Temp\Quarantine.exe
C:\Users\Stefan\AppData\Local\Temp\sdan.exe
C:\Users\Stefan\AppData\Local\Temp\sdapk.exe
C:\Users\Stefan\AppData\Local\Temp\sdaspwn.exe
C:\Users\Stefan\AppData\Local\Temp\SIntf16.dll
C:\Users\Stefan\AppData\Local\Temp\SIntf32.dll
C:\Users\Stefan\AppData\Local\Temp\SIntfNT.dll
C:\Users\Stefan\AppData\Local\Temp\sqlite3.dll
C:\Users\Stefan\AppData\Local\Temp\war3_Install.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-13 04:43
==================== End Of Log ============================
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit