| |
| |||||||
Log-Analyse und Auswertung: paar probleme mit maleware und adwareWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.07.2013, 14:00
| #1 |
| |  paar probleme mit maleware und adware hallo in letzter zeit läüft mein firefox schlecht ich habe mit malewarebytes anti maleware einen scan durchgeführt. Eine frage dazu kann ich die gesamten PUP Blabbers löschen oder zerschieß ich mir mein system, weil es verschiedene registry einträge sind auch welche von windows glaub ich? Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.24.03 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 James Bond :: JAMESBOND-PC [Administrator] 24.07.2013 11:03:25 MBAM-log-2013-07-24 (14-18-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 663967 Laufzeit: 3 Stunde(n), 4 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Program Files\GinyasBrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungsschlüssel: 23 HKCR\CLSID\{00cbb66b-1d3b-46d3-9577-323a336acb50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{8830DDF0-3042-404D-A62C-384A85E34833} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO.2 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\wit4ie.WitBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{830B56CB-FD22-44AA-9887-7898F4F4158D} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\tdataprotocol.CTData (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO.1 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\updatebho.TimerBHO (PUP.Blabbers) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\BASE64 (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\CHROME (PUP.Blabbers) -> Keine Aktion durchgeführt. HKCR\PROTOCOLS\HANDLER\PROX (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 3 HKCR\protocols\Handler\base64|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\chrome|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. HKCR\protocols\Handler\prox|CLSID (PUP.Blabbers) -> Daten: {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache (PUP.Blabbers) -> Keine Aktion durchgeführt. Infizierte Dateien: 142 C:\Program Files\GinyasBrowserCompanion\jsloader.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Program Files\GinyasBrowserCompanion\updatebhoWin32.dll (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Games\company2\rld-bbc2.exe (RiskWare.Tool.HCK) -> Keine Aktion durchgeführt. C:\Program Files\NirSoft\WirelessNetView\WirelessNetView.exe (PUP.WirelessNetworkTool) -> Keine Aktion durchgeführt. C:\Users\James Bond\Desktop\windows\sources\$oem$\$$\Setup\Scripts\Windows7Loader.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. C:\Windows\Setup\Scripts\Windows7Loader.exe (RiskWare.Tool.CK) -> Keine Aktion durchgeführt. D:\downloads\ftphacker\brutus-aet2.zip (HackTool.Brutus) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cmpchanged.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cmpguid.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fix2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fix3.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fix4.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fix5.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_71_2.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\fixJQ1_83.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\icon.png (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\jquery4toolbar183.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\lock.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\witapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\witmain.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\wittoolbar.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\witwidgetapi.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\xcodechange.js (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\0f0773a0a4d06eb721db0d7bdc8a048a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\0f0773a0a4d06eb721db0d7bdc8a048a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\0f0773a0a4d06eb721db0d7bdc8a048a_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\1048fa0383ec8c1a4365d4bd4fed1de5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\211ffae2c8a2b411d85c8541ffcbfe9c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\211ffae2c8a2b411d85c8541ffcbfe9c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\211ffae2c8a2b411d85c8541ffcbfe9c_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a4978ceb564459d3d64682b37d89bbe3_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a8e78a6006a812766277d1f827e58be6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a8e78a6006a812766277d1f827e58be6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\b05d96ac67439cfd5fe7b0e92a12aad7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\b05d96ac67439cfd5fe7b0e92a12aad7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\b1ee91b2ef2163f40d85f38713cdc027_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\bc417bfcd62af75b6bf321501f63d514 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\bc417bfcd62af75b6bf321501f63d514_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\4d3d10bd28ff623813254a49b26be41f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\4e6cace4f315fec36500e6b8d99cc694 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\4e6cace4f315fec36500e6b8d99cc694_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\559d3b97ddd036cd43981f82bb643a6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\559d3b97ddd036cd43981f82bb643a6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\5d08671f40e6e9c2ff0f3c5f3d47f726 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\5d08671f40e6e9c2ff0f3c5f3d47f726_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\5d08671f40e6e9c2ff0f3c5f3d47f726_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\6a59bf9d4c8395ed4fffeed4a668bda2 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\ee2135fec207a636822e2513020c079a_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f03527c67e08602d2e4c18ae7867300d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f4ccea2a6ad53baa45d89d9f7e154d52 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f4ccea2a6ad53baa45d89d9f7e154d52_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\6d0e7c50b1f5d67f61ee9a2f5654f096 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\6d0e7c50b1f5d67f61ee9a2f5654f096_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\71466e089995731fd7f41c06f77bc6db (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\71466e089995731fd7f41c06f77bc6db_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\71466e089995731fd7f41c06f77bc6db_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\72891ec935a3d247f2da6562ef29a005_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\477177151e09e6e11822eacf0cc8bdc5_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\6a59bf9d4c8395ed4fffeed4a668bda2_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\867f10e9a70010ef71d15c41fd2874be_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\bf73732e1f0b76bac435293ba3880579_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\e919434ec29526b28593c426e4264271 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f533eb92f0947be539a3f9a7d664740d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\266efba29a8dc2649e413548c9af865c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\266efba29a8dc2649e413548c9af865c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\277a8fa54e28ecd52962c65ae09f7923 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\277a8fa54e28ecd52962c65ae09f7923_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\292124057d00cb0fa73db6b90d079658_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\37091c82e454e973f83aa9f9bf210de7 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\37091c82e454e973f83aa9f9bf210de7_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\37091c82e454e973f83aa9f9bf210de7_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\477177151e09e6e11822eacf0cc8bdc5 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\8f43b50088266b9870b42ce6ef7ffbde_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\9f19d2c7f497b1b304104fc69cbb3edc (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\9f19d2c7f497b1b304104fc69cbb3edc_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\a38dbdd1af07f4236d43e8fd995f57a6 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\c75261e846ce457d11060410767952c4_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\cf7237815e1d6e308528f35aa14a7d67 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\cf7237815e1d6e308528f35aa14a7d67_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\e7d8325da90d91d3c4e7720f0e629e17_version (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f533eb92f0947be539a3f9a7d664740d_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f74a531fb1de737c8688c7f788c8c80e (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\f74a531fb1de737c8688c7f788c8c80e_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\fd2b14a1599592bd893eafc7d4583112 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\fd2b14a1599592bd893eafc7d4583112_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\fd2b14a1599592bd893eafc7d4583112_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\7bd3aa56e980a7e140e8f472f611f921 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\7bd3aa56e980a7e140e8f472f611f921_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\7c0022298b948a99e406a6310bffea7f_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\860f295e523c85f15d93b8c9b1abb411 (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\860f295e523c85f15d93b8c9b1abb411_expire (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\860f295e523c85f15d93b8c9b1abb411_gb (PUP.Blabbers) -> Keine Aktion durchgeführt. C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb\content\cache\867f10e9a70010ef71d15c41fd2874be (PUP.Blabbers) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Exportierte Ereignisse:
24.07.2013 10:02 [System-Scanner] Suchlauf
Suchlauf beendet [Der Suchlauf wurde vollständig durchgeführt.].
Anzahl Dateien: 2382218
Anzahl Verzeichnisse: 58767
Anzahl Malware: 13
Anzahl Warnungen: 14
Code:
ATTFilter Die Datei 'C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Dropper.MSIL.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e8a6821.qua' verschoben!
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 23. Juli 2013 20:54
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Ultimate
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : James Bond
Computername : JAMESBOND-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3884 Bytes 18.07.2013 22:03:00
AVSCAN.EXE : 13.6.0.1722 634936 Bytes 24.06.2013 08:53:44
AVSCANRC.DLL : 13.6.0.1550 62520 Bytes 24.06.2013 08:53:44
LUKE.DLL : 13.6.0.1550 65080 Bytes 24.06.2013 08:53:52
AVSCPLR.DLL : 13.6.0.1712 92216 Bytes 24.06.2013 08:53:44
AVREG.DLL : 13.6.0.1550 247864 Bytes 24.06.2013 08:53:43
avlode.dll : 13.6.2.1704 449592 Bytes 24.06.2013 08:53:43
avlode.rdf : 13.0.1.22 26240 Bytes 15.07.2013 07:28:15
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 09:00:13
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 13:53:15
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 09:51:44
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 01:19:34
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 18:53:09
VBASE005.VDF : 7.11.91.177 2048 Bytes 23.07.2013 18:53:09
VBASE006.VDF : 7.11.91.178 2048 Bytes 23.07.2013 18:53:10
VBASE007.VDF : 7.11.91.179 2048 Bytes 23.07.2013 18:53:10
VBASE008.VDF : 7.11.91.180 2048 Bytes 23.07.2013 18:53:10
VBASE009.VDF : 7.11.91.181 2048 Bytes 23.07.2013 18:53:10
VBASE010.VDF : 7.11.91.182 2048 Bytes 23.07.2013 18:53:10
VBASE011.VDF : 7.11.91.183 2048 Bytes 23.07.2013 18:53:10
VBASE012.VDF : 7.11.91.184 2048 Bytes 23.07.2013 18:53:10
VBASE013.VDF : 7.11.91.185 2048 Bytes 23.07.2013 18:53:10
VBASE014.VDF : 7.11.91.186 2048 Bytes 23.07.2013 18:53:10
VBASE015.VDF : 7.11.91.187 2048 Bytes 23.07.2013 18:53:10
VBASE016.VDF : 7.11.91.188 2048 Bytes 23.07.2013 18:53:10
VBASE017.VDF : 7.11.91.189 2048 Bytes 23.07.2013 18:53:10
VBASE018.VDF : 7.11.91.190 2048 Bytes 23.07.2013 18:53:10
VBASE019.VDF : 7.11.91.191 2048 Bytes 23.07.2013 18:53:10
VBASE020.VDF : 7.11.91.192 2048 Bytes 23.07.2013 18:53:10
VBASE021.VDF : 7.11.91.193 2048 Bytes 23.07.2013 18:53:10
VBASE022.VDF : 7.11.91.194 2048 Bytes 23.07.2013 18:53:10
VBASE023.VDF : 7.11.91.195 2048 Bytes 23.07.2013 18:53:10
VBASE024.VDF : 7.11.91.196 2048 Bytes 23.07.2013 18:53:10
VBASE025.VDF : 7.11.91.197 2048 Bytes 23.07.2013 18:53:10
VBASE026.VDF : 7.11.91.198 2048 Bytes 23.07.2013 18:53:10
VBASE027.VDF : 7.11.91.199 2048 Bytes 23.07.2013 18:53:10
VBASE028.VDF : 7.11.91.200 2048 Bytes 23.07.2013 18:53:10
VBASE029.VDF : 7.11.91.201 2048 Bytes 23.07.2013 18:53:10
VBASE030.VDF : 7.11.91.202 2048 Bytes 23.07.2013 18:53:10
VBASE031.VDF : 7.11.92.12 107008 Bytes 23.07.2013 18:53:11
Engineversion : 8.2.12.88
AEVDF.DLL : 8.1.3.4 102774 Bytes 13.06.2013 16:09:59
AESCRIPT.DLL : 8.1.4.134 491902 Bytes 20.07.2013 21:11:57
AESCN.DLL : 8.1.10.4 131446 Bytes 26.03.2013 14:54:32
AESBX.DLL : 8.2.5.12 606578 Bytes 29.11.2012 10:25:33
AERDL.DLL : 8.2.0.128 688504 Bytes 13.06.2013 16:09:59
AEPACK.DLL : 8.3.2.24 749945 Bytes 20.06.2013 08:47:32
AEOFFICE.DLL : 8.1.2.70 205181 Bytes 16.07.2013 19:50:19
AEHEUR.DLL : 8.1.4.486 6021498 Bytes 20.07.2013 21:11:56
AEHELP.DLL : 8.1.27.4 266617 Bytes 27.06.2013 20:48:14
AEGEN.DLL : 8.1.7.8 442742 Bytes 04.07.2013 15:51:22
AEEXP.DLL : 8.4.1.28 266615 Bytes 16.07.2013 19:50:19
AEEMU.DLL : 8.1.3.2 393587 Bytes 29.11.2012 10:25:29
AECORE.DLL : 8.1.31.6 201081 Bytes 27.06.2013 20:48:14
AEBB.DLL : 8.1.1.4 53619 Bytes 29.11.2012 10:25:29
AVWINLL.DLL : 13.6.0.1550 23608 Bytes 24.06.2013 08:53:41
AVPREF.DLL : 13.6.0.1550 48184 Bytes 24.06.2013 08:53:43
AVREP.DLL : 13.6.0.1550 175672 Bytes 24.06.2013 08:53:44
AVARKT.DLL : 13.6.0.1626 258104 Bytes 24.06.2013 08:53:42
AVEVTLOG.DLL : 13.6.0.1550 164920 Bytes 24.06.2013 08:53:43
SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.01.2013 08:25:19
AVSMTP.DLL : 13.6.0.1550 59960 Bytes 24.06.2013 08:53:44
NETNT.DLL : 13.6.0.1550 13368 Bytes 24.06.2013 08:53:52
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 07.12.2012 07:39:21
RCTEXT.DLL : 13.6.0.1624 67128 Bytes 24.06.2013 08:53:41
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, Q:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 23. Juli 2013 20:54
Der Suchlauf über die Masterbootsektoren wird begonnen:
Der Suchlauf über die Bootsektoren wird begonnen:
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'CodeMeterCC.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdAware.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'RocketDock.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'TBNotifier.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'adawarebp.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '174' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '40' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '4179' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\Program Files\MAGIX\Movie_Edit_Pro_MX_Premium_Download_Version\magic.dll
[FUND] Ist das Trojanische Pferd TR/Black.Gen2
C:\Program Files\Square Enix\Sleeping Dogs\buddha.dll
[FUND] Ist das Trojanische Pferd TR/Black.Gen2
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen
C:\Users\James Bond\AppData\Local\Alt.Binz\download\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar
[0] Archivtyp: RAR
--> Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.exe
[1] Archivtyp: AutoIt
--> Windows\TEMP\aut2B42.tmp
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\James Bond\AppData\Local\Temp\jar_cache2261367248405667444.tmp
[0] Archivtyp: ZIP
--> eQAesqOYWn.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.58
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> GupxAJ.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/Dldr.Java.O
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> JMUdUwXQR.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.85
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> pAe.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.78
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> pvxGV.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.80
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> TqEXI.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.77
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> VOYMKOxvN.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.84
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> XjnSkkpBUd.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.59
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
--> XuRDhyziu.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.74
[WARNUNG] Infizierte Dateien in Archiven können nicht repariert werden
Beginne mit der Suche in 'D:\' <DATA>
D:\pagefile.sys
[WARNUNG] Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'Q:\' <Volume>
Beginne mit der Desinfektion:
C:\Users\James Bond\AppData\Local\Temp\jar_cache2261367248405667444.tmp
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2012-4681.A.74
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '547e27c7.qua' verschoben!
C:\Users\James Bond\AppData\Local\Alt.Binz\download\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar
[FUND] Ist das Trojanische Pferd TR/Dropper.Gen
[WARNUNG] Die Datei wurde ignoriert.
C:\ProgramData\Microsoft\Windows\Time\WindowsTime.exe
[FUND] Ist das Trojanische Pferd TR/Dropper.MSIL.Gen
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1e8a6821.qua' verschoben!
C:\Program Files\Square Enix\Sleeping Dogs\buddha.dll
[FUND] Ist das Trojanische Pferd TR/Black.Gen2
[WARNUNG] Die Datei wurde ignoriert.
C:\Program Files\MAGIX\Movie_Edit_Pro_MX_Premium_Download_Version\magic.dll
[FUND] Ist das Trojanische Pferd TR/Black.Gen2
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Mittwoch, 24. Juli 2013 10:02
Benötigte Zeit: 4:05:40 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
58767 Verzeichnisse wurden überprüft
2382218 Dateien wurden geprüft
13 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
2 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
1 Dateien konnten nicht durchsucht werden
2382204 Dateien ohne Befall
20775 Archive wurden durchsucht
14 Warnungen
2 Hinweise
930004 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
vielen dank im voraus und hier das logfile von otl OTL Logfile: Code:
ATTFilter OTL logfile created on: 24.07.2013 15:01:57 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\James Bond\Downloads Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,85 Gb Available Physical Memory | 42,45% Memory free 4,00 Gb Paging File | 1,99 Gb Available in Paging File | 49,84% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 285,80 Gb Total Space | 13,80 Gb Free Space | 4,83% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 11,68 Gb Free Space | 7,75% Space Free | Partition Type: NTFS Drive E: | 7,93 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive F: | 7,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS Drive Q: | 29,17 Gb Total Space | 0,85 Gb Free Space | 2,91% Space Free | Partition Type: NTFS Computer Name: JAMESBOND-PC | User Name: James Bond | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\James Bond\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) PRC - C:\Programme\MOTU\motuDNSResponder.exe (MOTU Inc.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - Q:\Program Files\AdAwareService.exe (Lavasoft Limited) PRC - Q:\Program Files\AdAware.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Programme\Web Assistant\ExtensionUpdaterService.exe () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated) PRC - Q:\Program Files\SBAMSvc.exe (GFI Software) PRC - C:\Programme\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - D:\Program Files\RocketDock\RocketDock.exe () ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_94.dll () MOD - D:\Program Files\RocketDock\RocketDock.exe () MOD - D:\Program Files\RocketDock\RocketDock.dll () ========== Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MOTU_ZeroConf) -- C:\Programme\MOTU\motuDNSResponder.exe (MOTU Inc.) SRV - (Ad-Aware Service) -- Q:\Program Files\AdAwareService.exe (Lavasoft Limited) SRV - (Web Assistant) -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe () SRV - (SBAMSvc) -- Q:\Program Files\SBAMSvc.exe (GFI Software) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (wampapache) -- q:\wamp\bin\apache\apache2.2.22\bin\httpd.exe (Apache Software Foundation) SRV - (wampmysqld) -- q:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe () SRV - (StumbleUponUpdater) -- C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () SRV - (CodeMeter.exe) -- C:\Programme\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (D-Link Wireless N DWA-140_WPS) -- C:\Programme\D-Link\DWA-140 revB\ANIWConnService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found DRV - (SBRE) -- C:\Windows\system32\drivers\SBREDrv.sys File not found DRV - (athr) -- system32\DRIVERS\athr.sys File not found DRV - (ALSysIO) -- C:\Users\JAMESB~1\AppData\Local\Temp\ALSysIO.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (gfibto) -- C:\Windows\System32\drivers\gfibto.sys (GFI Software) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys () DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys () DRV - (epmntdrv) -- C:\Windows\System32\epmntdrv.sys () DRV - (EuGdiDrv) -- C:\Windows\System32\EuGdiDrv.sys () DRV - (VBoxDrv) -- C:\Windows\System32\drivers\VBoxDrv.sys (Oracle Corporation) DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV - (VBoxNetFlt) -- C:\Windows\System32\drivers\VBoxNetFlt.sys (Oracle Corporation) DRV - (VBoxUSBMon) -- C:\Windows\System32\drivers\VBoxUSBMon.sys (Oracle Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (nmwcd) -- C:\Windows\System32\drivers\ccdcmb.sys (Nokia) DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation) DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation) DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (netr28u) -- C:\Windows\System32\drivers\Dnetr28u.sys (Ralink Technology Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (anodlwf) -- C:\Windows\System32\drivers\anodlwf.sys () DRV - (MarvinBus) -- C:\Windows\System32\drivers\MarvinBus.sys (Pinnacle Systems GmbH) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.incredibar.com/mb17 [Binary data over 200 bytes] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 3B F9 57 4D 65 6F CD 01 [binary data] IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss&mntrId=C8A100192148FF7B IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6PQFKt4X3z&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: bbrs_002%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@www.flatcast.com/FlatViewer 5.2: C:\Users\JAMESB~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2013.03.16 19:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}: C:\Program Files\Web Assistant\Firefox [2013.03.16 19:07:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.07.03 01:51:11 | 000,000,000 | ---D | M] [2013.07.04 01:14:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\Extensions [2013.07.04 01:23:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\Firefox\Profiles\2cg3b8em.default\extensions [2013.07.04 01:23:19 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\James Bond\AppData\Roaming\mozilla\Firefox\Profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com [2013.07.04 02:10:14 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\074de0e9170cce0e12ad4ab035a2f25e_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\0f0773a0a4d06eb721db0d7bdc8a048a_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\1245d6afb4a71dcd6870616545b4a5b5_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\211ffae2c8a2b411d85c8541ffcbfe9c_expire [2013.07.24 09:59:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\24779e9d2de93d13d7e07b527a1684d4_expire [2013.07.15 09:23:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2a0cbe22138b6d0570c78fc21e3970b5_expire [2013.07.24 14:10:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\2e699bb621ffe89ade68eaef9df0d2d9_expire [2013.07.21 12:21:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\3f2d1a0fa646e929d0efbbcc78cbbad6_expire [2013.07.21 12:21:06 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\429dfea0ce4d8f918cc5d5c4f89d52c4_expire [2013.07.24 09:58:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\477177151e09e6e11822eacf0cc8bdc5_expire [2013.07.15 09:23:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4b352ed771c9dc6b0720f81301324a5d_expire [2013.07.06 10:57:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4c7eae55af2636f504a8cdac3d0f4e50_expire [2013.07.22 09:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013.07.24 09:58:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\51716f24df4acf6ef8f8e2c1a2fd1a2e_expire [2013.07.06 10:57:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5207542164cd554bba60486eb52baeab_expire [2013.07.21 12:21:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\56db527f2e9582d44a17da1273106264_expire [2013.07.06 10:57:53 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\57c07884f57384196a270aa273f5ac2c_expire [2013.07.21 12:21:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5af3eddea6a48242cc6be576662082fe_expire [2013.07.24 14:10:38 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\5d08671f40e6e9c2ff0f3c5f3d47f726_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6107628e8e8b45f82cd780da403f3358_expire [2013.07.24 09:58:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\6d0e7c50b1f5d67f61ee9a2f5654f096_expire [2013.07.24 14:10:41 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\71466e089995731fd7f41c06f77bc6db_expire [2013.07.24 09:58:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\73e93d4cd68e3fb4411c52d0ecaa2759_expire [2013.07.20 23:07:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\7c0022298b948a99e406a6310bffea7f_expire [2013.07.24 14:10:43 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\860f295e523c85f15d93b8c9b1abb411_expire [2013.07.24 14:10:37 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\8f43b50088266b9870b42ce6ef7ffbde_expire [2013.07.06 10:57:54 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\905152d17c13d0b6f5879dd4768176d7_expire [2013.07.24 09:59:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\99d788ca736751302bd0281545e1cbf7_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\9e6255e586d98a926494b2c955427c35_expire [2013.07.21 12:21:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a00866372c363c048c144d186db7e930_expire [2013.07.15 09:24:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a4978ceb564459d3d64682b37d89bbe3_expire [2013.07.24 09:59:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a8e78a6006a812766277d1f827e58be6_expire [2013.07.15 09:23:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\a9e30b6d006cf92591b3c548aa8fa6e8_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b0da755d7f41dae8a057655b3bb17eb2_expire [2013.07.15 10:43:27 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b1ee91b2ef2163f40d85f38713cdc027_expire [2013.07.06 10:57:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\b8c8f624b95df9f3c19aa588cd4ccde8_expire [2013.07.06 10:57:55 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\bc9017e75da4959a0f33426aa126c2e1_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c5b54a1c1421856d63a4e4c00f668f8b_expire [2013.07.15 09:23:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c5fae8806e453b29bc4aa426af31e488_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\c75261e846ce457d11060410767952c4_expire [2013.07.24 09:59:03 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\cf28706faad49b5cccfc9e9e3ebbd818_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\dealsdb_expire [2013.07.15 09:23:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e391ebc0ab4ca95ffc195c4d0a9ec458_expire [2013.07.24 09:58:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e440d29f88739418e905adc0a155a174_expire [2013.07.15 09:23:50 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e4835c8829a3a703be000f19685a99da_expire [2013.07.21 12:21:07 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e70ed4bdae6da47c8376eeaae2849e02_expire [2013.07.24 09:58:49 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2013.07.24 14:10:40 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ee2135fec207a636822e2513020c079a_expire [2013.07.24 09:58:51 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\f40d602e45498a228640fb02ec51fdb6_expire [2013.07.22 09:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013.07.24 09:59:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\fd2b14a1599592bd893eafc7d4583112_expire [2013.07.22 09:43:58 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2013.07.03 01:51:10 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions [2013.07.04 01:14:37 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2011.09.23 15:43:02 | 001,623,552 | ---- | M] (1 mal 1 Software GmbH) -- C:\Program Files\mozilla firefox\plugins\NpFv530.dll ========== Chrome ========== CHR - default_search_provider: Ask Search (Enabled) CHR - default_search_provider: search_url = hxxp://www.search.ask.com/web?p2=%5EAKE%5EOSJ000%5EYY%5EDE&gct=&o=APN10452&tpid=ORJ-V7&itbv=12.0.1.100&doi=2013-06-28&apn_uid=CB30F764-1C19-4949-BEC1-4E193456A4D1&apn_ptnrs=AKE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_27.0.1453.116&psv=&trgb=CR&q={searchTerms} CHR - default_search_provider: suggest_url = hxxp://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchTerms}, CHR - homepage: hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B CHR - plugin: Shockwave Flash (Enabled) = C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Flatcast Viewer Plugin 5.3.0.784 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll CHR - plugin: AdobeAAMDetect (Enabled) = C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll CHR - plugin: Java(TM) Platform SE 7 U21 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll CHR - Extension: Ask Toolbar = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\16.49183_0\ CHR - Extension: Google Docs = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: FTdownloader V3.0 = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0\ CHR - Extension: YouTube = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Hedgehog in the fog = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0\ CHR - Extension: StumbleUpon = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0\ CHR - Extension: Google Mail = C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Ginyas Browser Companion) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Programme\GinyasBrowserCompanion\jsloader.dll ( ) O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Ginyas Browser Companion Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Programme\GinyasBrowserCompanion\updatebhoWin32.dll ( ) O2 - BHO: (StumbleUpon) - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] Q:\Program Files\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnTBMon] C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKCU..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Programme\PokerStars.EU\PokerStarsUpdate.exe (PokerStars) O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{476396B7-D813-457D-AE74-169064AA5A7D}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FF26E0A-7B7D-4990-85D5-4D17BC90FABD}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE40BACC-2D3F-47EE-B1A1-8B8E3EDD1772}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Programme\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f1a7ca1d-5764-11e2-b5e7-00192148ff7b}\Shell - "" = AutoRun O33 - MountPoints2\{f1a7ca1d-5764-11e2-b5e7-00192148ff7b}\Shell\AutoRun\command - "" = M:\Startme.exe O33 - MountPoints2\{f9fc7c01-79f2-11e2-9cd3-00192148ff7b}\Shell - "" = AutoRun O33 - MountPoints2\{f9fc7c01-79f2-11e2-9cd3-00192148ff7b}\Shell\AutoRun\command - "" = M:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.07.24 11:02:22 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.07.24 11:02:21 | 000,000,000 | ---D | C] -- C:\Users\James Bond\AppData\Roaming\Malwarebytes [2013.07.24 11:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.07.24 11:02:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.07.24 11:02:02 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.07.24 11:02:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.24 10:03:25 | 000,000,000 | ---D | C] -- C:\Users\James Bond\Desktop\virenreport [2013.07.21 23:13:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.07.16 23:04:09 | 000,000,000 | ---D | C] -- C:\filme [2013.07.15 13:09:11 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.07.15 13:09:10 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.07.15 13:09:10 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.07.15 13:09:10 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.07.15 13:09:10 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.07.15 13:09:09 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.07.15 13:09:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.07.15 13:09:08 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.07.15 09:35:48 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.07.15 09:35:46 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.07.15 09:35:46 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013.07.15 09:35:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.07.04 18:51:15 | 000,000,000 | ---D | C] -- C:\Users\James Bond\AppData\Roaming\MKKE [2013.07.03 01:51:10 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.07.02 18:36:43 | 000,000,000 | ---D | C] -- C:\Users\James Bond\AppData\Roaming\Line 6 [2013.07.02 18:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Line 6 [2013.07.02 18:36:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Line 6 [2013.07.02 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Propellerhead Software [2013.07.02 18:35:34 | 000,000,000 | ---D | C] -- C:\Program Files\CodeMeter [2013.07.02 18:35:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CodeMeter [2013.07.02 17:33:46 | 000,000,000 | ---D | C] -- C:\Users\James Bond\Desktop\fürrestaurant [2013.06.29 21:01:08 | 000,000,000 | ---D | C] -- C:\Users\James Bond\Desktop\autohaus [2013.06.28 08:43:26 | 000,000,000 | ---D | C] -- C:\ProgramData\AskPartnerNetwork [2013.06.28 08:43:26 | 000,000,000 | ---D | C] -- C:\Program Files\AskPartnerNetwork [2013.06.28 08:43:22 | 000,000,000 | ---D | C] -- C:\ProgramData\APN [2013.06.28 08:41:08 | 000,263,592 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.28 08:41:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.28 08:41:01 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.28 08:41:01 | 000,094,632 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.27 02:12:50 | 000,000,000 | ---D | C] -- C:\Users\James Bond\AppData\Roaming\Blue Orb [2013.06.27 02:11:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Joystix Pro [2013.06.27 02:11:05 | 000,000,000 | ---D | C] -- C:\Program Files\Joystix Pro [2013.06.27 01:04:55 | 141,512,528 | ---- | C] (Blue Orb, Inc.) -- C:\Users\James Bond\Desktop\setup.exe [2013.06.25 01:18:36 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.06.25 01:18:36 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.06.25 01:18:36 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.06.25 01:18:36 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.06.25 01:18:36 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.06.25 01:18:36 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.06.25 01:18:36 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.06.25 01:18:36 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.06.25 01:18:36 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.06.25 01:18:36 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.06.25 01:18:36 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.06.25 01:18:36 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.06.25 01:18:36 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.06.25 01:18:36 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.06.25 01:18:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.06.25 01:18:36 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.06.25 01:18:36 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.06.25 01:18:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.06.25 01:18:36 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.06.25 01:18:36 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.06.25 01:18:36 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.06.25 01:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.06.25 01:18:36 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.06.25 01:18:36 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.06.24 22:30:10 | 000,000,000 | ---D | C] -- C:\Users\James Bond\Desktop\Neuer Ordner (2) [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.07.24 14:59:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion FireFox Watcher.job [2013.07.24 14:53:00 | 000,001,140 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job [2013.07.24 14:45:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Stats Report.job [2013.07.24 14:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.07.24 11:02:40 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.07.24 11:02:04 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.24 10:03:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\SBRC.dat [2013.07.24 09:53:00 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job [2013.07.24 02:05:00 | 000,000,948 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Update Checker.job [2013.07.24 01:45:01 | 000,001,016 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanion Chrome Watcher.job [2013.07.23 20:55:40 | 000,021,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.07.23 20:55:40 | 000,021,072 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.07.23 20:47:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.07.23 20:47:45 | 1610,063,872 | -HS- | M] () -- C:\hiberfil.sys [2013.07.23 11:13:14 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.23 11:13:14 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.23 11:13:14 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.23 11:13:14 | 000,120,836 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.21 15:17:19 | 000,786,484 | ---- | M] () -- C:\Users\James Bond\Desktop\ABERDANN.reason [2013.07.15 19:37:07 | 000,478,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.15 18:42:26 | 050,739,116 | ---- | M] () -- C:\Users\James Bond\Desktop\Florian Alter .wav [2013.07.15 18:42:26 | 000,396,392 | ---- | M] () -- C:\Users\James Bond\Desktop\Florian Alter .H0 [2013.07.15 18:42:26 | 000,002,570 | ---- | M] () -- C:\Users\James Bond\Desktop\Florian Alter .HDP [2013.07.15 16:15:21 | 224,271,666 | ---- | M] () -- C:\Users\James Bond\Desktop\2013-07-15.mp4 [2013.07.15 15:59:41 | 000,019,606 | ---- | M] () -- C:\Users\James Bond\.recently-used.xbel [2013.07.15 15:59:41 | 000,016,898 | ---- | M] () -- C:\Users\James Bond\Desktop\alter.png [2013.07.15 14:48:01 | 004,194,356 | ---- | M] () -- C:\Users\James Bond\Desktop\nulib.reason [2013.07.15 12:17:21 | 000,001,185 | ---- | M] () -- C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk [2013.07.06 20:55:51 | 000,015,277 | ---- | M] () -- C:\Users\James Bond\Desktop\verschiebungderkündigung.odt [2013.07.03 20:07:39 | 000,437,661 | ---- | M] () -- C:\Users\James Bond\Desktop\segaone.jpg [2013.07.02 18:35:42 | 000,002,157 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013.06.28 08:40:56 | 000,867,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.06.28 08:40:56 | 000,789,416 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.06.28 08:40:56 | 000,263,592 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2013.06.28 08:40:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.06.28 08:40:56 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.06.28 08:40:56 | 000,094,632 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.06.27 01:06:24 | 141,512,528 | ---- | M] (Blue Orb, Inc.) -- C:\Users\James Bond\Desktop\setup.exe [2013.06.26 19:57:59 | 000,104,800 | ---- | M] () -- C:\Users\James Bond\Desktop\iw5m-client.zip [2013.06.25 01:18:36 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.06.25 01:18:36 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.06.25 01:18:36 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.06.25 01:18:36 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.06.25 01:18:36 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.06.25 01:18:36 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.06.25 01:18:36 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.06.25 01:18:36 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.06.25 01:18:36 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.06.25 01:18:36 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.06.25 01:18:36 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.06.25 01:18:36 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.06.25 01:18:36 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.06.25 01:18:36 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.06.25 01:18:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.06.25 01:18:36 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.06.25 01:18:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.06.25 01:18:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.06.25 01:18:36 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.06.25 01:18:36 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.06.25 01:18:36 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.06.25 01:18:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.06.25 01:18:36 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.06.25 01:18:36 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.07.24 11:02:04 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.07.24 10:03:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\SBRC.dat [2013.07.21 15:10:04 | 000,786,484 | ---- | C] () -- C:\Users\James Bond\Desktop\ABERDANN.reason [2013.07.15 16:07:50 | 224,271,666 | ---- | C] () -- C:\Users\James Bond\Desktop\2013-07-15.mp4 [2013.07.15 15:59:41 | 000,019,606 | ---- | C] () -- C:\Users\James Bond\.recently-used.xbel [2013.07.15 15:17:11 | 000,016,898 | ---- | C] () -- C:\Users\James Bond\Desktop\alter.png [2013.07.15 14:47:36 | 000,396,392 | ---- | C] () -- C:\Users\James Bond\Desktop\Florian Alter .H0 [2013.07.15 14:47:36 | 000,002,570 | ---- | C] () -- C:\Users\James Bond\Desktop\Florian Alter .HDP [2013.07.15 14:43:40 | 050,739,116 | ---- | C] () -- C:\Users\James Bond\Desktop\Florian Alter .wav [2013.07.15 14:39:15 | 004,194,356 | ---- | C] () -- C:\Users\James Bond\Desktop\nulib.reason [2013.07.15 12:17:32 | 000,001,185 | ---- | C] () -- C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk [2013.07.06 20:55:50 | 000,015,277 | ---- | C] () -- C:\Users\James Bond\Desktop\verschiebungderkündigung.odt [2013.07.04 01:14:42 | 000,001,121 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.07.03 20:07:39 | 000,437,661 | ---- | C] () -- C:\Users\James Bond\Desktop\segaone.jpg [2013.07.02 18:35:42 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk [2013.06.26 19:57:57 | 000,104,800 | ---- | C] () -- C:\Users\James Bond\Desktop\iw5m-client.zip [2013.05.11 21:36:41 | 000,438,272 | ---- | C] () -- C:\Windows\System32\PaintX.dll [2013.04.28 11:56:40 | 000,119,296 | ---- | C] () -- C:\Windows\System32\zlib.dll [2013.04.28 11:56:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll [2013.04.28 11:56:40 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dxinputdll.dll [2013.04.22 12:37:35 | 000,139,128 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.04.22 12:37:35 | 000,138,056 | ---- | C] () -- C:\Users\James Bond\AppData\Roaming\PnkBstrK.sys [2013.04.22 12:37:11 | 000,215,128 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013.04.22 12:37:09 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2013.04.22 12:37:09 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013.04.01 18:04:35 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE [2013.03.27 21:09:06 | 000,715,038 | ---- | C] () -- C:\Windows\unins000.exe [2013.03.27 21:07:07 | 000,004,173 | ---- | C] () -- C:\Windows\unins000.dat [2013.01.24 02:07:54 | 002,468,520 | ---- | C] () -- C:\Windows\System32\BootMan.exe [2013.01.24 02:07:54 | 000,087,112 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe [2013.01.24 02:07:54 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll [2013.01.24 02:07:54 | 000,014,920 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys [2013.01.24 02:07:54 | 000,009,160 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys [2013.01.23 23:10:47 | 000,000,258 | ---- | C] () -- C:\Users\James Bond\AppData\Roaming\ANICONFIG_{5C03A0A3-AC47-47E7-B9CE-3D8AF3943BB9}.ini [2013.01.22 02:14:27 | 000,014,051 | ---- | C] () -- C:\Windows\System32\RaCoInst.dat [2013.01.22 02:14:27 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\anodlwf.sys [2013.01.05 00:33:50 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2013.01.05 00:33:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.09.21 11:42:39 | 000,007,605 | ---- | C] () -- C:\Users\James Bond\AppData\Local\Resmon.ResmonCfg [2012.08.07 16:17:40 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll [2012.08.01 14:20:15 | 000,017,408 | ---- | C] () -- C:\Users\James Bond\AppData\Local\WebpageIcons.db [2012.07.31 23:16:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.02.01 14:06:14 | 000,072,256 | ---- | C] () -- C:\Windows\System32\ntrights.exe ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:SummaryInformation @Alternate Data Stream - 128 bytes -> C:\Windows\System32\zlib.dll:DocumentSummaryInformation < End of report > [/code] Anhang 58210 Geändert von behaender (24.07.2013 um 14:38 Uhr) |
|
24.07.2013, 14:03
| #2 |
| /// the machine /// TB-Ausbilder    | paar probleme mit maleware und adware hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
24.07.2013, 14:47
| #3 |
| | paar probleme mit maleware und adware Danke für die schnelle Antwort
__________________FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-07-2013 Ran by James Bond (administrator) on 24-07-2013 15:43:26 Running from C:\Users\James Bond\Desktop Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Lavasoft Limited) Q:\Program Files\AdAwareService.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe (MOTU Inc.) C:\Program Files\MOTU\motuDNSResponder.exe () C:\Windows\system32\PnkBstrA.exe () C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe () C:\Program Files\Web Assistant\ExtensionUpdaterService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe () D:\Program Files\RocketDock\RocketDock.exe (Lavasoft Limited) Q:\PROGRA~1\AdAware.exe (WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (GFI Software) Q:\Program Files\SBAMSvc.exe (MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM\...\Run: [avgnt] - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-24] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft) HKLM\...\Run: [Ad-Aware Antivirus] - "Q:\Program Files\AdAwareLauncher" --windows-run [x] HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM\...\Run: [ApnTBMon] - C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1541584 2013-06-07] (APN) HKLM\...\RunOnce: [ Malwarebytes Anti-Malware ] - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [532040 2013-04-04] (Malwarebytes Corporation) HKCU\...\Run: [RocketDock] - "D:\Program Files\RocketDock\RocketDock.exe" [x] HKCU\...\Run: [Google Update] - C:\Users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-18] (Google Inc.) MountPoints2: {f1a7ca1d-5764-11e2-b5e7-00192148ff7b} - M:\Startme.exe MountPoints2: {f9fc7c01-79f2-11e2-9cd3-00192148ff7b} - M:\AutoRun.exe HKU\Default\...\RunOnce: [mctadmin] - C:\Windows\System32\mctadmin.exe [ 2009-07-14] (Microsoft Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.incredibar.com/mb174?a=6PQFKt4X3z&i=26 HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6PQFKt4X3z&i=26 SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www2.delta-search.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss&mntrId=C8A100192148FF7B SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = hxxp://mystart.incredibar.com/mb174/?search={searchTerms}&loc=IB_DS&a=6PQFKt4X3z&i=26 BHO: Ginyas Browser Companion - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files\GinyasBrowserCompanion\jsloader.dll ( ) BHO: Web Assistant - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\Web Assistant\Extension32.dll () BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Ginyas Browser Companion Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files\GinyasBrowserCompanion\updatebhoWin32.dll ( ) BHO: StumbleUpon - {DB616CFF-D989-48A8-9C85-E2A8D56AB2CA} - C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll (StumbleUpon Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files\GinyasBrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd) Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\JAMESB~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH) FF Extension: Ginyas Browser Companion - C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default\Extensions\bbrs_002@blabbers.com FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] C:\Program Files\Web Assistant\Firefox FF Extension: Web Assistant - C:\Program Files\Web Assistant\Firefox Chrome: ======= CHR HomePage: hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B CHR RestoreOnStartup: "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B" CHR DefaultSearchURL: (Ask Search) - hxxp://www.search.ask.com/web?p2=%5EAKE%5EOSJ000%5EYY%5EDE&gct=&o=APN10452&tpid=ORJ-V7&itbv=12.0.1.100&doi=2013-06-28&apn_uid=CB30F764-1C19-4949-BEC1-4E193456A4D1&apn_ptnrs=AKE&apn_dtid=%5EOSJ000%5EYY%5EDE&apn_dbr=cr_27.0.1453.116&psv=&trgb=CR&q={searchTerms} CHR DefaultSuggestURL: (Ask Search) - hxxp://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH) CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Google Update) - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Extension: (Ask Toolbar) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\16.49183_0 CHR Extension: (Google Docs) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (FTdownloader V3.0) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn\3.0_0 CHR Extension: (YouTube) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Hedgehog in the fog) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0 CHR Extension: (StumbleUpon) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg\3.97.1_0 CHR Extension: (Gmail) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx CHR HKLM\...\Chrome\Extension: [bbffdhejhaoiflnpooogkckfdcmmjppn] - C:\Program Files\FTDownloader.com\FTDownloader10.crx CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\Web Assistant\source.crx CHR HKLM\...\Chrome\Extension: [pgifblbjgdjhcelbanblbhkhmbnnmhfg] - C:\Users\James Bond\AppData\LocalLow\StumbleUpon\CHROME\StumbleUpon.crx ========================== Services (Whitelisted) ================= R2 Ad-Aware Service; Q:\Program Files\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [84024 2013-06-24] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-24] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [169632 2013-06-07] (APN LLC.) R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG) R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] () R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG) S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.) R2 MOTU_ZeroConf; C:\Program Files\MOTU\motuDNSResponder.exe [390544 2013-04-29] (MOTU Inc.) R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2013-04-22] () R2 SBAMSvc; Q:\Program Files\SBAMSvc.exe [3677000 2012-09-20] (GFI Software) R2 StumbleUponUpdater; C:\Users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [18432 2011-11-22] () S3 wampapache; q:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation) S3 wampmysqld; q:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] () R2 Web Assistant; C:\Program Files\Web Assistant\ExtensionUpdaterService.exe [188760 2013-01-31] () ==================== Drivers (Whitelisted) ==================== R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-01-05] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-02-27] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-02-27] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-03-06] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-08-03] (DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] () R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-12] (GFI Software) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-05] () S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) R3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-24] (Malwarebytes Corporation) S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation) S3 ALSysIO; \??\C:\Users\JAMESB~1\AppData\Local\Temp\ALSysIO.sys [x] S3 athr; system32\DRIVERS\athr.sys [x] S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x] S3 VGPU; System32\drivers\rdvgkmd.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST 2013-07-24 15:42 - 2013-07-24 15:42 - 01220240 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe 2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt 2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt 2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar 2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt 2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-24 11:02 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar 2013-07-24 10:49 - 2013-07-24 14:15 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part 2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport 2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe 2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET 2013-07-21 23:10 - 2013-07-24 15:17 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt 2013-07-21 23:09 - 2013-07-24 15:16 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt 2013-07-21 23:07 - 2013-07-21 23:08 - 00012350 _____ C:\AdwCleaner[R1].txt 2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe 2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe 2013-07-21 15:10 - 2013-07-21 15:17 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason 2013-07-16 23:04 - 2013-07-16 23:23 - 00000000 ____D C:\filme 2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt 2013-07-15 16:07 - 2013-07-15 16:15 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4 2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel 2013-07-15 14:47 - 2013-07-15 18:42 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0 2013-07-15 14:47 - 2013-07-15 18:42 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP 2013-07-15 14:43 - 2013-07-15 18:42 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav 2013-07-15 14:39 - 2013-07-15 14:48 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason 2013-07-15 13:09 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-07-15 13:09 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-07-15 13:09 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-07-15 13:09 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2013-07-15 13:09 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-07-15 13:09 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-07-15 13:09 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2013-07-15 13:09 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-07-15 13:09 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2013-07-15 13:09 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2013-07-15 13:09 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-07-15 13:09 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-07-15 13:09 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-07-15 13:09 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-07-15 13:09 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2013-07-15 13:09 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk 2013-07-15 09:35 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-07-15 09:35 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2013-07-15 09:35 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-07-15 09:35 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll 2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt 2013-07-04 18:51 - 2013-07-04 18:52 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE 2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe 2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe 2013-07-03 01:51 - 2013-07-04 01:14 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-02 18:36 - 2013-07-02 18:50 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6 2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6 2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter 2013-07-02 17:33 - 2013-07-03 01:50 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant 2013-06-29 21:01 - 2013-07-01 17:40 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\ProgramData\APN 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-06-28 08:41 - 2013-06-28 08:40 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-06-28 08:41 - 2013-06-28 08:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-06-27 02:12 - 2013-07-24 12:28 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb 2013-06-27 02:11 - 2013-06-27 02:16 - 00000000 ____D C:\Program Files\Joystix Pro 2013-06-27 01:04 - 2013-06-27 01:06 - 141512528 _____ (Blue Orb, Inc.) C:\Users\James Bond\Desktop\setup.exe 2013-06-26 23:05 - 2013-06-30 00:58 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt 2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip 2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-25 01:16 - 2013-07-24 13:04 - 00239227 _____ C:\Windows\IE10_main.log 2013-06-24 22:30 - 2013-07-02 18:49 - 00000000 ____D C:\Users\James Bond\Desktop\Neuer Ordner (2) ==================== One Month Modified Files and Folders ======= 2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST 2013-07-24 15:42 - 2013-07-24 15:42 - 01220240 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe 2013-07-24 15:42 - 2012-07-31 23:22 - 00000000 ___RD C:\Users\James Bond\Desktop 2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt 2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt 2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar 2013-07-24 15:31 - 2012-08-15 22:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-07-24 15:29 - 2013-01-22 02:45 - 00001064 _____ C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job 2013-07-24 15:19 - 2013-01-22 02:45 - 00000000 ____D C:\ProgramData\GinyasBrowserCompanion 2013-07-24 15:17 - 2013-07-21 23:10 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt 2013-07-24 15:16 - 2013-07-21 23:09 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt 2013-07-24 15:15 - 2013-01-22 02:45 - 00001064 _____ C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job 2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt 2013-07-24 14:53 - 2013-04-18 19:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job 2013-07-24 14:18 - 2012-07-31 23:17 - 02084852 _____ C:\Windows\WindowsUpdate.log 2013-07-24 14:15 - 2013-07-24 10:49 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part 2013-07-24 13:04 - 2013-06-25 01:16 - 00239227 _____ C:\Windows\IE10_main.log 2013-07-24 12:28 - 2013-06-27 02:12 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb 2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys 2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-07-24 11:02 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop 2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe 2013-07-24 10:52 - 2013-05-11 13:18 - 00000689 _____ C:\Users\James Bond\Desktop\darknet.txt 2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar 2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport 2013-07-24 09:53 - 2013-04-18 19:25 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job 2013-07-24 02:05 - 2013-01-22 02:45 - 00000948 _____ C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job 2013-07-24 02:00 - 2012-08-01 01:29 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Adobe 2013-07-24 01:45 - 2013-01-22 02:45 - 00001016 _____ C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job 2013-07-23 21:37 - 2012-05-09 15:09 - 00074447 _____ C:\Windows\setupact.log 2013-07-23 20:55 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-07-23 20:55 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-07-23 20:47 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-07-23 11:13 - 2010-11-20 23:01 - 01612448 _____ C:\Windows\system32\PerfStringBackup.INI 2013-07-22 12:23 - 2012-08-06 18:35 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\vlc 2013-07-22 00:16 - 2012-07-31 23:58 - 00000000 ____D C:\Users\James Bond\Documents\888poker 2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe 2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET 2013-07-21 23:08 - 2013-07-21 23:07 - 00012350 _____ C:\AdwCleaner[R1].txt 2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe 2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe 2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe 2013-07-21 15:17 - 2013-07-21 15:10 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason 2013-07-16 23:23 - 2013-07-16 23:04 - 00000000 ____D C:\filme 2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt 2013-07-15 20:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-15 19:37 - 2009-07-14 06:33 - 00478512 _____ C:\Windows\system32\FNTCACHE.DAT 2013-07-15 19:34 - 2011-04-12 03:38 - 00000000 ____D C:\Program Files\Windows Journal 2013-07-15 19:34 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender 2013-07-15 18:42 - 2013-07-15 14:47 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0 2013-07-15 18:42 - 2013-07-15 14:47 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP 2013-07-15 18:42 - 2013-07-15 14:43 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav 2013-07-15 18:42 - 2012-08-01 00:27 - 00000000 ____D C:\Users\James Bond\.gimp-2.6 2013-07-15 16:15 - 2013-07-15 16:07 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4 2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel 2013-07-15 15:59 - 2012-08-05 16:13 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\gtk-2.0 2013-07-15 15:59 - 2012-07-31 23:22 - 00000000 ____D C:\Users\James Bond 2013-07-15 14:48 - 2013-07-15 14:39 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason 2013-07-15 13:05 - 2012-05-09 14:35 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk 2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt 2013-07-04 18:52 - 2013-07-04 18:51 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE 2013-07-04 11:45 - 2010-11-20 23:48 - 00190122 _____ C:\Windows\PFRO.log 2013-07-04 01:14 - 2013-07-03 01:51 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-07-04 01:14 - 2012-08-01 00:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-07-04 01:14 - 2012-07-31 23:43 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Mozilla 2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe 2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe 2013-07-03 23:08 - 2012-08-08 21:11 - 00000000 ____D C:\Program Files\PokerStars.NET 2013-07-03 23:08 - 2012-08-01 00:30 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\PokerStars.NET 2013-07-03 01:50 - 2013-07-02 17:33 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant 2013-07-02 18:50 - 2013-07-02 18:36 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6 2013-07-02 18:49 - 2013-06-24 22:30 - 00000000 ____D C:\Users\James Bond\Desktop\Neuer Ordner (2) 2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6 2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software 2013-07-02 18:36 - 2012-08-01 00:30 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Propellerhead Software 2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter 2013-07-02 18:35 - 2012-08-06 23:49 - 00000000 ____D C:\Program Files\Propellerhead 2013-07-02 01:42 - 2013-05-10 19:09 - 00000435 _____ C:\Users\James Bond\Desktop\webneeders.txt 2013-07-01 17:40 - 2013-06-29 21:01 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus 2013-06-30 00:58 - 2013-06-26 23:05 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\ProgramData\AskPartnerNetwork 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\ProgramData\APN 2013-06-28 08:43 - 2013-06-28 08:43 - 00000000 ____D C:\Program Files\AskPartnerNetwork 2013-06-28 08:40 - 2013-06-28 08:41 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe 2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe 2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe 2013-06-28 08:40 - 2013-06-28 08:41 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll 2013-06-28 08:40 - 2012-08-05 12:10 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll 2013-06-28 08:40 - 2012-08-05 12:10 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll 2013-06-27 14:01 - 2012-07-31 23:36 - 00147568 _____ C:\Users\JAMESB~1\AppData\Local\GDIPFONTCACHEV1.DAT 2013-06-27 02:16 - 2013-06-27 02:11 - 00000000 ____D C:\Program Files\Joystix Pro 2013-06-27 02:09 - 2012-09-09 23:21 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Downloaded Installations 2013-06-27 01:54 - 2012-08-09 00:40 - 00000000 ____D C:\Program Files\Common Files\Steam 2013-06-27 01:06 - 2013-06-27 01:04 - 141512528 _____ (Blue Orb, Inc.) C:\Users\James Bond\Desktop\setup.exe 2013-06-26 21:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache 2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR 2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE 2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-06-24 10:53 - 2013-05-08 15:53 - 00067168 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-07-23 23:37 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-07-2013 Ran by James Bond at 2013-07-24 15:44:20 Running from C:\Users\James Bond\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= 2.0 (Version: 2.0) 888poker Ableton Live 8 (Version: 8.0.0.0) ACE30 Plug-in 32 bit DLL (Version: 0.0.57025.0) ACE30 Plug-in Data (Version: 0.0.57025.0) Ad-Aware Antivirus (Version: 10.5.2.4379) Ad-Aware Browsing Protection (Version: 1.0.1.94) Adobe AIR (Version: 3.1.0.4880) Adobe Dreamweaver CS5.5 (Version: 11.5) Adobe Dreamweaver CS6 (Version: 12) Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Help Manager (Version: 4.0.244) Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7) Adobe Widget Browser (Version: 2.0 Build 230) Adobe Widget Browser (Version: 2.0.230) Aliens: Colonial Marines Alt.Binz 0.39.4 (Version: 0.39.4) AnalogChorus Plug-in 32 bit DLL (Version: 0.0.57025.0) AnalogChorus Plug-in Data (Version: 0.0.57025.0) AnalogDelay Plug-in 32 bit DLL (Version: 0.0.57025.0) AnalogDelay Plug-in Data (Version: 0.0.57025.0) AnalogFlanger Plug-in 32 bit DLL (Version: 0.0.57025.0) AnalogFlanger Plug-in Data (Version: 0.0.57025.0) AnalogPhaser Plug-in 32 bit DLL (Version: 0.0.57025.0) AnalogPhaser Plug-in Data (Version: 0.0.57025.0) Android SDK Tools (Version: 1.16) Apple Application Support (Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (Version: 2.1.3.127) Arc Panner Plug-in 32 bit DLL (Version: 0.0.57025.0) Arc Panner Plug-in Data (Version: 0.0.57025.0) Artisteer 4 (Version: 4.1) ASIO4ALL (Version: 2.11 Beta1) Ask Toolbar (Version: 12.0.1.100) Astroburn Lite (Version: 1.7.0.0175) Auralizer Plug-in 32 bit DLL (Version: 0.0.57025.0) Auralizer Plug-in Data (Version: 0.0.57025.0) Authorizer 2.0.2 (Version: 2.0.2) Authorizer Ignition Key Support (Version: 1.0.3.0) AutoPan Plug-in 32 bit DLL (Version: 0.0.57025.0) AutoPan Plug-in Data (Version: 0.0.57025.0) Avira Free Antivirus (Version: 13.0.0.3884) AviSynth 2.5 Bass Manager Plug-in 32 bit DLL (Version: 0.0.57025.0) Bass Manager Plug-in Data (Version: 0.0.57025.0) BassLine Plug-in 32 bit DLL (Version: 0.0.57025.0) BassLine Plug-in Data (Version: 0.0.57025.0) Battlefield: Bad Company™ 2 (Version: 1.0.0.0) BioShock Infinite Blender (Version: 2.66a) Bonjour (Version: 3.0.0.10) BrowserMaster v2.5 (Version: 2.5) BrowserProtect Buffy Plug-in 32 bit DLL (Version: 0.0.57025.0) Buffy Plug-in Data (Version: 0.0.57025.0) Calibration Plug-in 32 bit DLL (Version: 0.0.57025.0) Calibration Plug-in Data (Version: 0.0.57025.0) Call of Duty: Black Ops Chorus Plug-in 32 bit DLL (Version: 0.0.57025.0) Chorus Plug-in Data (Version: 0.0.57025.0) Cities XL Platinum version 1.00 (Version: 1.00) ClearPebble Plug-in 32 bit DLL (Version: 0.0.57025.0) ClearPebble Plug-in Data (Version: 0.0.57025.0) Counter-Strike: Source Custom59 Plug-in 32 bit DLL (Version: 0.0.57025.0) Custom59 Plug-in Data (Version: 0.0.57025.0) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.45.4.0314) DCNotch Plug-in 32 bit DLL (Version: 0.0.57025.0) DCNotch Plug-in Data (Version: 0.0.57025.0) Dead Island Riptide (c) Deep Silver version 1 (Version: 1) Dead Space 3 DeEsser Plug-in 32 bit DLL (Version: 0.0.57025.0) DeEsser Plug-in Data (Version: 0.0.57025.0) Delay Plug-in Data (Version: 0.0.57025.0) DeltaFuzz Plug-in 32 bit DLL (Version: 0.0.57025.0) DeltaFuzz Plug-in Data (Version: 0.0.57025.0) DiamondDrive Plug-in 32 bit DLL (Version: 0.0.57025.0) DiamondDrive Plug-in Data (Version: 0.0.57025.0) Digital Performer 8.0 (Version: 8.0.57475.0) Digital Performer 8.0 x86 (Version: 8.0.57475.0) Digital Performer Data (Version: 8.0.57475.0) Digital Performer Plug-ins x86 (Version: 8.0.57475.0) D-Link DWA-140 DMC Devi May Cry (c) Capcom version 1 (Version: 1) DPlus Plug-in 32 bit DLL (Version: 0.0.57025.0) DPlus Plug-in Data (Version: 0.0.57025.0) DynamicEQ Plug-in 32 bit DLL (Version: 0.0.57025.0) DynamicEQ Plug-in Data (Version: 0.0.57025.0) Dynamics Plug-in 32 bit DLL (Version: 0.0.57025.0) Dynamics Plug-in Data (Version: 0.0.57025.0) DynaSquash Plug-in 32 bit DLL (Version: 0.0.57025.0) DynaSquash Plug-in Data (Version: 0.0.57025.0) EaseUS Partition Master 9.2.1 Home Edition Echo Plug-in 32 bit DLL (Version: 0.0.57025.0) Echo Plug-in Data (Version: 0.0.57025.0) EnsembleChorus Plug-in 32 bit DLL (Version: 0.0.57025.0) EnsembleChorus Plug-in Data (Version: 0.0.57025.0) ESET Online Scanner v3 eVerb Plug-in 32 bit DLL (Version: 0.0.57025.0) eVerb Plug-in Data (Version: 0.0.57025.0) F1 2012 ffdshow [rev 2583] [2009-01-05] (Version: 1.0) FIFA 13 (Version: 1.1.0.0) Firebird SQL Server - MAGIX Edition (Version: 2.1.31.0) FL Studio 10 Flanger Plug-in 32 bit DLL (Version: 0.0.57025.0) Flanger Plug-in Data (Version: 0.0.57025.0) Flatcast Viewer Plugin 5.3.0.784 FTDownloader (Version: 2.1 Build 26473) GinyasBrowserCompanion Google Chrome (HKCU Version: 28.0.1500.72) Haali Media Splitter HiTop Plug-in 32 bit DLL (Version: 0.0.57025.0) HiTop Plug-in Data (Version: 0.0.57025.0) I Am Alive (Version: 1.00.0) IL Shared Libraries IntelligentNoiseGate Plug-in 32 bit DLL (Version: 0.0.57025.0) IntelligentNoiseGate Plug-in Data (Version: 0.0.57025.0) iTunes (Version: 11.0.1.12) Java 7 Update 25 (Version: 7.0.250) Java Auto Updater (Version: 2.1.9.5) Java(TM) SE Development Kit 7 (Version: 1.7.0.0) JavaFX 2.1.1 (Version: 2.1.1) Joystix Pro (Version: 2.0.0.0) Kabel Deutschland Installations-Software (Version: 3.6.0.0) Line 6 Uninstaller (Version: ) LiveRoomB Plug-in 32 bit DLL (Version: 0.0.57025.0) LiveRoomB Plug-in Data (Version: 0.0.57025.0) LiveRoomB Plug-in Data Library (Version: 0.0.50894.0) LiveRoomG Plug-in 32 bit DLL (Version: 0.0.57025.0) LiveRoomG Plug-in Data (Version: 0.0.57025.0) LiveRoomG Plug-in Data Library (Version: 0.0.50858.0) LiveStage Plug-in 32 bit DLL (Version: 0.0.57025.0) LiveStage Plug-in Data (Version: 0.0.57025.0) LiveStage Plug-in Data Library (Version: 0.0.50858.0) MAGIX Speed burnR (MSI) (Version: 7.0.2.6) MAGIX Video deluxe 2013 (Version: 12.0.0.32) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MasterWorks Compressor Plug-in 32 bit DLL (Version: 0.0.57025.0) MasterWorks Compressor Plug-in Data (Version: 0.0.57025.0) MasterWorks EQ Plug-in 32 bit DLL (Version: 0.0.57025.0) MasterWorks EQ Plug-in Data (Version: 0.0.57025.0) MasterWorks Gate Plug-in 32 bit DLL (Version: 0.0.57025.0) MasterWorks Gate Plug-in Data (Version: 0.0.57025.0) MasterWorks Leveler Plug-in 32 bit DLL (Version: 0.0.57025.0) MasterWorks Leveler Plug-in Data (Version: 0.0.57025.0) MasterWorks Limiter Plug-in 32 bit DLL (Version: 0.0.57025.0) MasterWorks Limiter Plug-in Data (Version: 0.0.57025.0) McAfee Security Scan Plus (Version: 3.0.285.6) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6012.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (Version: 3.5.30730.0) Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0) Microsoft Games for Windows Marketplace (Version: 3.5.50.0) Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 Express - DEU (Version: 10.0.30319) Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (Version: 11.0.51106.1) Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (Version: 11.0.51106) Microsoft XNA Framework Redistributable 3.1 (Version: 3.1.10527.0) Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053) Microsoft_VC90_ATL_x86 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000) Model12 Plug-in 32 bit DLL (Version: 0.0.57025.0) Model12 Plug-in Data (Version: 0.0.57025.0) Model12 Plug-in Data Library (Version: 0.0.53357.0) Modulo Plug-in 32 bit DLL (Version: 0.0.57025.0) Modulo Plug-in Data (Version: 0.0.57025.0) Mortal Kombat Komplete Edition Mozilla Firefox 22.0 (x86 de) (Version: 22.0) Mozilla Maintenance Service (Version: 22.0) MS Decoder Plug-in 32 bit DLL (Version: 0.0.57025.0) MS Decoder Plug-in Data (Version: 0.0.57025.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT Redists (Version: 1.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) Multimode Filter Plug-in 32 bit DLL (Version: 0.0.57025.0) Multimode Filter Plug-in Data (Version: 0.0.57025.0) My Game Long Name nanosampler Plug-in 32 bit DLL (Version: 0.0.57025.0) nanosampler Plug-in Data (Version: 0.0.57025.0) nanosampler Plug-in Data Library (Version: 0.0.53106.0) Native Instruments Traktor 2 Native Instruments Traktor 2 (Version: 2.6.0.14627) NirSoft WirelessNetView Notepad++ (Version: 6.2.1) n-Panner Plug-in 32 bit DLL (Version: 0.0.57025.0) n-Panner Plug-in Data (Version: 0.0.57025.0) NVIDIA PhysX (Version: 9.12.0213) OpenAL OpenOffice.org 3.4.1 (Version: 3.41.9593) Oracle VM VirtualBox 4.2.6 (Version: 4.2.6) ParaEQ Plug-in 32 bit DLL (Version: 0.0.57025.0) ParaEQ Plug-in Data (Version: 0.0.57025.0) Paragon Partition Manager™ 12 Free (Version: 90.00.0003) PatternGate Plug-in 32 bit DLL (Version: 0.0.57025.0) PatternGate Plug-in Data (Version: 0.0.57025.0) Phaser Plug-in 32 bit DLL (Version: 0.0.57025.0) Phaser Plug-in Data (Version: 0.0.57025.0) PicGrab 2.8.0 (Version: 2.8.0) Plate Plug-in 32 bit DLL (Version: 0.0.57025.0) Plate Plug-in Data (Version: 0.0.57025.0) PokerStars.eu PokerStars.net PolySynth Plug-in 32 bit DLL (Version: 0.0.57025.0) PolySynth Plug-in Data (Version: 0.0.57025.0) Preamp-1 Plug-in 32 bit DLL (Version: 0.0.57025.0) Preamp-1 Plug-in Data (Version: 0.0.57025.0) PrecisionDelay Plug-in 32 bit DLL (Version: 0.0.57025.0) PrecisionDelay Plug-in Data (Version: 0.0.57025.0) Proton Plug-in 32 bit DLL (Version: 0.0.57025.0) Proton Plug-in Data (Version: 0.0.57025.0) ProVerb Plug-in 32 bit DLL (Version: 0.0.57025.0) ProVerb Plug-in Data (Version: 0.0.57025.0) ProVerb Plug-in Data Library (Version: 0.0.52079.0) PunkBuster Services (Version: 0.988) Quan Jr Plug-in 32 bit DLL (Version: 0.0.57025.0) Quan Jr Plug-in Data (Version: 0.0.57025.0) QuickPar 0.9 (Version: 0.9) Rapture3D 2.4.8 Game Reason 5.0 (Version: 5.0) Reason 6.5.3 (Version: 6.5.3) Resident Evil 6 version 1 (Version: 1) Resident Evil Revelations Reverb Plug-in 32 bit DLL (Version: 0.0.57025.0) Reverb Plug-in Data (Version: 0.0.57025.0) RingMod Plug-in 32 bit DLL (Version: 0.0.57025.0) RingMod Plug-in Data (Version: 0.0.57025.0) RXT Plug-in 32 bit DLL (Version: 0.0.57025.0) RXT Plug-in Data (Version: 0.0.57025.0) Silent Hill Homecoming Sleeping Dogs Soloist Plug-in 32 bit DLL (Version: 0.0.57025.0) Soloist Plug-in Data (Version: 0.0.57025.0) Sonic Modulator Plug-in 32 bit DLL (Version: 0.0.57025.0) Sonic Modulator Plug-in Data (Version: 0.0.57025.0) SpatialMaximizer Plug-in 32 bit DLL (Version: 0.0.57025.0) SpatialMaximizer Plug-in Data (Version: 0.0.57025.0) Springamabob Plug-in 32 bit DLL (Version: 0.0.57025.0) Springamabob Plug-in Data (Version: 0.0.57025.0) Springamabob Plug-in Data Library (Version: 0.0.50858.0) Steam (Version: 1.0.0.0) SubKick Plug-in 32 bit DLL (Version: 0.0.57025.0) SubKick Plug-in Data (Version: 0.0.57025.0) Syndicate The Elder Scrolls V: Skyrim - GotY Edition (Version: 1.9.32.0.8) Tomb Raider (Version: 1.0) Tremolo Plug-in 32 bit DLL (Version: 0.0.57025.0) Tremolo Plug-in Data (Version: 0.0.57025.0) Trigger Plug-in 32 bit DLL (Version: 0.0.57025.0) Trigger Plug-in Data (Version: 0.0.57025.0) Trim Plug-in 32 bit DLL (Version: 0.0.57025.0) Trim Plug-in Data (Version: 0.0.57025.0) Trine 2 - Complete Story TriPan Plug-in 32 bit DLL (Version: 0.0.57025.0) TriPan Plug-in Data (Version: 0.0.57025.0) TubeWailer Plug-in 32 bit DLL (Version: 0.0.57025.0) TubeWailer Plug-in Data (Version: 0.0.57025.0) Tuner Plug-in 32 bit DLL (Version: 0.0.57025.0) Tuner Plug-in Data (Version: 0.0.57025.0) UberTube Plug-in 32 bit DLL (Version: 0.0.57025.0) UberTube Plug-in Data (Version: 0.0.57025.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Virtual DJ Pro Full - Atomix Productions VLC media player 2.0.2 (Version: 2.0.2) WahPedal Plug-in 32 bit DLL (Version: 0.0.57025.0) WahPedal Plug-in Data (Version: 0.0.57025.0) Waldorf Edition (Version: 1.7.3) WampServer 2.2 WAV To MP3 V2 Web Assistant 2.0.0.570 (Version: 2.0.0.570) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live Fotogalerie (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) WinHTTrack Website Copier 3.47-7 (Version: 3.47.7) WinRAR 4.20 (32-Bit) (Version: 4.20.0) WordpressThemeGen (HKCU Version: 1.0.0.15) Youtube Downloader HD v. 2.9.4 ==================== Restore Points ========================= 24-07-2013 11:00:35 Windows Update ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {0E2609B8-49A7-44BD-93B5-CC6DF55DBC5C} - System32\Tasks\GoforFilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe No File Task: {1DEB3473-CA92-40EE-908B-ECCD7B26592A} - System32\Tasks\GinyasBrowserCompanion Chrome Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-01-16] (Blabbers Communications Ltd) Task: {50565B69-EBFA-4934-B5B2-01EA6B7E9C20} - System32\Tasks\Go for FilesUpdate => C:\Program Files\GoforFiles\GFFUpdater.exe No File Task: {52EB2949-5324-4249-B783-F409C1553C7C} - System32\Tasks\GinyasBrowserCompanion Update Checker => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-01-16] (Blabbers Communications Ltd) Task: {72D97636-6BF2-451B-BA25-DFDA115B6794} - System32\Tasks\GinyasBrowserCompanion FireFox Watcher => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-01-16] (Blabbers Communications Ltd) Task: {7E68C4A8-C95F-4A3F-A5B5-8D670DFF62FA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-09] (Adobe Systems Incorporated) Task: {A5B63FA3-3AE6-4A9B-8CF1-7FFB4085DE03} - System32\Tasks\Microsoft\Windows\MemDiag => C:\Windows\system32\mdres.exe [2009-07-14] (Microsoft Corporation) Task: {B3C83E2B-12DC-42C2-8871-7378429F2866} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core => C:\Users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.) Task: {B7CD1E31-E6BE-4618-A749-21032B6B863F} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => Q:\PROGRA~1\AdAwareLauncher.exe [2013-03-18] (Lavasoft Limited) Task: {D90E243E-CEF2-4E7B-B816-3C4FC822EAF8} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA => C:\Users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.) Task: {E289FE00-E65E-4E24-834F-D918CD4DCB00} - System32\Tasks\BrowserProtect => C:\Windows\system32\sc.exe [2009-07-14] (Microsoft Corporation) Task: {E3A5CF9C-174B-4E1B-94E3-F86C27612CEB} - System32\Tasks\GinyasBrowserCompanion Stats Report => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe [2013-01-16] (Blabbers Communications Ltd) Task: {FA02FC39-9AA7-456C-8CF9-E4266D9129CE} - System32\Tasks\Microsoft\Windows Live\SOXE\Extractor Definitions Update Task Task: {FBBAC465-A4F2-4369-A9AC-723313E658AB} - System32\Tasks\AdobeAAMUpdater-1.0-JamesBond-PC-James Bond => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20] (Adobe Systems Incorporated) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Task: C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Task: C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Task: C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job => C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job => C:\Users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job => C:\Users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/24/2013 02:53:34 AM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Die Virendefinitionsdatei konnte nicht geladen werden! Fehlercode: 0x4 Error: (07/24/2013 02:53:17 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avguard.exe, Version: 13.6.0.1550, Zeitstempel: 0x519ceb41 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000c380b ID des fehlerhaften Prozesses: 0x718 Startzeit der fehlerhaften Anwendung: 0xavguard.exe0 Pfad der fehlerhaften Anwendung: avguard.exe1 Pfad des fehlerhaften Moduls: avguard.exe2 Berichtskennung: avguard.exe3 Error: (07/24/2013 01:45:00 AM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel: 0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel: 0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses: 0x165c Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0 Pfad der fehlerhaften Anwendung: tbhcn.exe1 Pfad des fehlerhaften Moduls: tbhcn.exe2 Berichtskennung: tbhcn.exe3 Error: (07/24/2013 01:20:50 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/24/2013 01:19:40 AM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/23/2013 11:42:53 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/23/2013 11:40:34 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontextes für "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error: (07/23/2013 09:36:21 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: svchost.exe_SysMain, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: sysmain.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7ba10 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00004a01 ID des fehlerhaften Prozesses: 0x3bc Startzeit der fehlerhaften Anwendung: 0xsvchost.exe_SysMain0 Pfad der fehlerhaften Anwendung: svchost.exe_SysMain1 Pfad des fehlerhaften Moduls: svchost.exe_SysMain2 Berichtskennung: svchost.exe_SysMain3 Error: (07/23/2013 08:49:35 PM) (Source: WinMgmt) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/23/2013 08:48:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel: 0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel: 0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses: 0xcf4 Startzeit der fehlerhaften Anwendung: 0xtbhcn.exe0 Pfad der fehlerhaften Anwendung: tbhcn.exe1 Pfad des fehlerhaften Moduls: tbhcn.exe2 Berichtskennung: tbhcn.exe3 System errors: ============= Error: (07/24/2013 01:04:28 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT-AUTORITÄT) Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070643 fehlgeschlagen: Internet Explorer 10 für Windows 7 Error: (07/24/2013 02:53:34 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem Fehler beendet: %%306. Error: (07/24/2013 02:53:30 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Avira Echtzeit-Scanner" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts. Error: (07/24/2013 02:53:30 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/24/2013 02:53:30 AM) (Source: Service Control Manager) (User: ) Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen: %%5 Error: (07/24/2013 01:25:25 AM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (07/24/2013 01:25:06 AM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy7" den Befehl "chkdsk" aus. Error: (07/23/2013 11:51:56 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (07/23/2013 11:51:36 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Error: (07/23/2013 11:51:32 PM) (Source: Ntfs) (User: ) Description: Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy6" den Befehl "chkdsk" aus. Microsoft Office Sessions: ========================= Error: (07/24/2013 02:53:34 AM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x4 Error: (07/24/2013 02:53:17 AM) (Source: Application Error)(User: ) Description: avguard.exe13.6.0.1550519ceb41ntdll.dll6.1.7601.177254ec49b60c0000374000c380b71801ce87d52496b30aC:\Program Files\Avira\AntiVir Desktop\avguard.exeC:\Windows\SYSTEM32\ntdll.dll6cf2c522-f3fb-11e2-a3fb-00192148ff7b Error: (07/24/2013 01:45:00 AM) (Source: Application Error)(User: ) Description: tbhcn.exe1.0.0.550f25761tbhcn.exe1.0.0.550f25761400000150007a2fd165c01ce87fea51108e6C:\ProgramData\GinyasBrowserCompanion\tbhcn.exeC:\ProgramData\GinyasBrowserCompanion\tbhcn.exee3244004-f3f1-11e2-a3fb-00192148ff7b Error: (07/24/2013 01:20:50 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe Error: (07/24/2013 01:19:40 AM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe Error: (07/23/2013 11:42:53 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe Error: (07/23/2013 11:40:34 PM) (Source: SideBySide)(User: ) Description: Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"c:\program files\asio4all v2\a4apanel64.exe Error: (07/23/2013 09:36:21 PM) (Source: Application Error)(User: ) Description: svchost.exe_SysMain6.1.7600.163854a5bc100sysmain.dll6.1.7601.175144ce7ba10c000000500004a013bc01ce87d523642eb8C:\Windows\System32\svchost.exec:\windows\system32\sysmain.dll263f05b4-f3cf-11e2-a3fb-00192148ff7b Error: (07/23/2013 08:49:35 PM) (Source: WinMgmt)(User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (07/23/2013 08:48:46 PM) (Source: Application Error)(User: ) Description: tbhcn.exe1.0.0.550f25761tbhcn.exe1.0.0.550f25761400000150007a2fdcf401ce87d5421fd8baC:\ProgramData\GinyasBrowserCompanion\tbhcn.exeC:\ProgramData\GinyasBrowserCompanion\tbhcn.exe80aa456c-f3c8-11e2-a3fb-00192148ff7b ==================== Memory info =========================== Percentage of memory in use: 70% Total physical RAM: 2047.3 MB Available physical RAM: 599.7 MB Total Pagefile: 4094.61 MB Available Pagefile: 1907.55 MB Total Virtual: 2047.88 MB Available Virtual: 1893.33 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:285.8 GB) (Free:18.7 GB) NTFS Drive d: (DATA) (Fixed) (Total:150.69 GB) (Free:11.68 GB) NTFS Drive e: (Beat_Workzone02) (CDROM) (Total:7.93 GB) (Free:0 GB) UDF Drive f: (Beat_DVD86) (CDROM) (Total:7.95 GB) (Free:0 GB) CDFS Drive q: (Volume) (Fixed) (Total:29.17 GB) (Free:0.85 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 5DF693C9) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=286 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended) Partition 4: (Not Active) - (Size=151 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
24.07.2013, 15:56
| #4 | |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adwareCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.07.2013, 23:30
| #5 |
| | paar probleme mit maleware und adware mein avira lies sich nicht ausschalten deshalb habe ich es vorher deinstaliert Code:
ATTFilter ComboFix 13-07-24.02 - James Bond 24.07.2013 17:52:50.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.2047.714 [GMT 2:00]
ausgeführt von:: c:\users\James Bond\Desktop\ComboFix.exe
AV: Lavasoft Ad-Aware *Disabled/Updated* {E0D97DD4-42BA-B3F2-A5A7-22E9ACE81FC7}
FW: Lavasoft Ad-Aware *Disabled* {D8E2FCF1-08D5-B2AA-8EF8-8BDC523B58BC}
SP: Lavasoft Ad-Aware *Disabled/Updated* {5BB89C30-6480-BC7C-9F17-199BD76F557A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\James Bond\Desktop\Setup.exe
c:\windows\system32\tmp568D.tmp
c:\windows\system32\tmp569E.tmp
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-24 bis 2013-07-24 ))))))))))))))))))))))))))))))
.
.
2013-07-24 16:04 . 2013-07-24 16:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-24 13:43 . 2013-07-24 13:43 -------- d-----w- C:\FRST
2013-07-24 09:02 . 2013-07-24 09:02 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-07-24 09:02 . 2013-07-24 09:02 -------- d-----w- c:\users\James Bond\AppData\Roaming\Malwarebytes
2013-07-24 09:02 . 2013-07-24 09:02 -------- d-----w- c:\programdata\Malwarebytes
2013-07-24 09:02 . 2013-07-24 09:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-24 09:02 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-07-21 21:13 . 2013-07-21 21:13 -------- d-----w- c:\program files\ESET
2013-07-16 21:04 . 2013-07-16 21:23 -------- d-----w- C:\filme
2013-07-15 07:35 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-15 07:35 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-15 07:35 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-15 07:35 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-15 07:35 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-15 07:35 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-15 07:35 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-15 07:35 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-15 07:35 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-15 07:35 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-15 07:35 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-04 16:51 . 2013-07-04 16:52 -------- d-----w- c:\users\James Bond\AppData\Roaming\MKKE
2013-07-02 16:36 . 2013-07-02 16:50 -------- d-----w- c:\users\James Bond\AppData\Roaming\Line 6
2013-07-02 16:36 . 2013-07-02 16:36 -------- d-----w- c:\programdata\Line 6
2013-07-02 16:36 . 2013-07-02 16:36 -------- d-----w- c:\program files\Common Files\Propellerhead Software
2013-07-02 16:35 . 2013-07-02 16:35 -------- d-----w- c:\program files\CodeMeter
2013-06-28 06:43 . 2013-06-28 06:43 -------- d-----w- c:\programdata\AskPartnerNetwork
2013-06-28 06:43 . 2013-06-28 06:43 -------- d-----w- c:\program files\AskPartnerNetwork
2013-06-28 06:43 . 2013-06-28 06:43 -------- d-----w- c:\programdata\APN
2013-06-28 06:41 . 2013-06-28 06:40 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-06-27 00:12 . 2013-07-24 10:28 -------- d-----w- c:\users\James Bond\AppData\Roaming\Blue Orb
2013-06-27 00:11 . 2013-06-27 00:16 -------- d-----w- c:\program files\Joystix Pro
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 06:40 . 2012-08-05 10:10 867240 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-06-28 06:40 . 2012-08-05 10:10 789416 ----a-w- c:\windows\system32\deployJava1.dll
2013-06-16 23:06 . 2013-06-16 23:06 569680 ----a-w- c:\programdata\Microsoft\Windows\Time\msvcp90.dll
2013-06-16 23:06 . 2013-06-16 23:06 49664 ----a-w- c:\programdata\Microsoft\Windows\Time\w9xpopen.exe
2013-06-16 23:06 . 2013-06-16 23:06 24064 ----a-w- c:\programdata\Microsoft\Windows\Time\TimeServer.exe
2013-06-16 23:06 . 2013-06-16 23:06 2303488 ----a-w- c:\programdata\Microsoft\Windows\Time\python27.dll
2013-06-16 23:06 . 2013-06-16 23:06 219648 ----a-w- c:\programdata\Microsoft\Windows\Time\boost_python-vc90-mt-1_48.dll
2013-06-16 23:06 . 2013-06-16 23:06 10752 ----a-w- c:\programdata\Microsoft\Windows\Time\Time-svc.exe
2013-05-14 18:46 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-13 04:45 . 2013-06-12 09:43 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 09:43 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 09:43 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 09:43 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 09:43 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-12 00:15 . 2013-05-12 00:15 13560 ----a-w- c:\windows\system32\drivers\gfibto.sys
2013-05-12 00:15 . 2013-05-12 00:15 44424 ----a-w- c:\windows\system32\sbbd.exe
2013-05-09 15:15 . 2012-07-31 21:56 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-09 15:15 . 2012-07-31 21:56 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-08 05:38 . 2013-06-12 09:43 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-06 05:06 . 2013-06-12 09:43 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-05-06 05:06 . 2013-06-12 09:43 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-02 00:06 . 2012-05-09 12:25 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-28 11:13 . 2013-04-22 10:37 139128 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-28 11:13 . 2013-04-28 10:40 215128 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-28 11:13 . 2013-04-22 10:37 215128 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-28 09:58 . 2013-04-28 09:56 119296 ----a-w- c:\windows\system32\zlib.dll
2013-04-26 04:55 . 2013-06-12 09:43 492544 ----a-w- c:\windows\system32\win32spl.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}]
2011-11-22 08:59 269824 ----a-w- c:\users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUpon.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-Aware Antivirus"="q:\program files\AdAwareLauncher --windows-run" [X]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2013-01-31 542632]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ApnTBMon"="c:\program files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-06-06 1541584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
CodeMeter Control Center.lnk - c:\program files\CodeMeter\Runtime\bin\CodeMeterCC.exe [2011-7-6 6904208]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service]
@="Ad-Aware Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^James Bond^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk]
path=c:\users\James Bond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5.5ServiceManager]
2011-01-12 05:08 1523360 ----a-w- c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
2012-03-09 14:26 1073312 ----a-w- c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-11-28 13:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\D-Link D-Link Wireless N DWA-140]
2010-06-30 09:32 1024000 ----a-w- c:\program files\D-Link\DWA-140 revB\AirNCFG.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2012-04-11 09:54 3672384 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EaseUS EPM tray]
2012-11-29 09:32 2086984 ----a-w- c:\program files\EaseUS\EaseUS Partition Master 9.2.1 Home Edition\bin\EpmNews.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-12-12 12:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-06-06 22:06 1641896 ----a-w- d:\steam\Steam.exe
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [x]
R2 SBAMSvc;Ad-Aware;q:\program files\SBAMSvc.exe [2012-09-20 3677000]
R3 ALSysIO;ALSysIO;c:\users\JAMESB~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2012-12-21 14920]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2012-12-21 9160]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-07-24 40776]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-09-05 234776]
R3 netr28u;D-Link dnetr28u USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\Dnetr28u.sys [2010-05-05 855392]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-20 77184]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-20 25600]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 gfibto;gfibto;c:\windows\system32\drivers\gfibto.sys [2013-05-12 13560]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwf.sys [2009-03-06 12800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-03 242240]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 188328]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 94632]
S2 Ad-Aware Service;Ad-Aware Service;q:\program files\AdAwareService.exe [2013-03-18 1236336]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files\AskPartnerNetwork\Toolbar\apnmcp.exe [2013-06-06 169632]
S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]
S2 D-Link Wireless N DWA-140_WPS;D-Link Wireless N DWA-140_WPS Service;c:\program files\D-Link\DWA-140 revB\ANIWConnService.exe [2010-06-03 53248]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2011-05-24 1840128]
S2 MOTU_ZeroConf;MOTU_ZeroConf;c:\program files\MOTU\motuDNSResponder.exe [2013-04-29 390544]
S2 StumbleUponUpdater;StumbleUpon Updater;c:\users\James Bond\AppData\LocalLow\StumbleUpon\IE\StumbleUponUpdater.exe [2011-11-22 18432]
S2 Web Assistant;Web Assistant;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2013-01-31 188760]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 104872]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 116136]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-31 15:15]
.
2013-07-24 c:\windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-01-16 16:43]
.
2013-07-24 c:\windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-01-16 16:43]
.
2013-07-24 c:\windows\Tasks\GinyasBrowserCompanion Stats Report.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-01-16 16:43]
.
2013-07-24 c:\windows\Tasks\GinyasBrowserCompanion Update Checker.job
- c:\programdata\GinyasBrowserCompanion\tbhcn.exe [2013-01-16 16:43]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job
- c:\users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-18 17:25]
.
2013-07-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job
- c:\users\James Bond\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-18 17:25]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B
IE: {{07BA1DA9-F501-4796-8728-74D1B91A6CD5} - c:\program files\PokerStars.EU\PokerStarsUpdate.exe
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-UDK-99303645-5488-49cc-8d0f-2fe202619788 - c:\program files\Antichamber\Binaries\UnSetup.exe
AddRemove-{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693} - c:\programdata\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3969571550-3735532996-2681142998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*le:///C:/Users/James Bond/Music/AfrojackRockTheHouseOfficialVideo_4790.mp3*3]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3969571550-3735532996-2681142998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*le:///C:/Users/James Bond/Music/AfrojackRockTheHouseOfficialVideo_4790.mp3*3\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-3969571550-3735532996-2681142998-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*le:///C:/Users/James Bond/Music/AfrojackRockTheHouseOfficialVideo_4790.mp3*3]
"0"=hex:43,3a,5c,55,73,65,72,73,5c,4a,61,6d,65,73,20,42,6f,6e,64,5c,4d,75,73,
69,63,5c,44,69,6c,6c,6f,6e,46,72,61,6e,63,69,73,41,6d,70,4b,69,6c,6c,54,68,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3192)
d:\program files\RocketDock\RocketDock.dll
c:\programdata\Ad-Aware Browsing Protection\adawarebp.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-24 18:14:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-24 16:14
.
Vor Suchlauf: 11 Verzeichnis(se), 20.611.026.944 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 21.390.397.440 Bytes frei
.
- - End Of File - - FADC93BD29E3FC90B0C4FA9135C1DE95
A36C5E4F47E84449FF07ED3517B43A31
war es das jetzt kann ich alle pup blabbers löschen wegen den regestry einträgen Geändert von behaender (24.07.2013 um 17:37 Uhr) |
|
25.07.2013, 08:27
| #6 |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adware Is noch ein wenig arbeit  Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> paar probleme mit maleware und adware |
|
25.07.2013, 10:56
| #7 |
| | paar probleme mit maleware und adware danke für deine antwort hab alles gemacht wie beschrieben ging ziemlich schnell adwcleaner Code:
ATTFilter # AdwCleaner v2.306 - Datei am 25/07/2013 um 11:37:32 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : James Bond - JAMESBOND-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\James Bond\Desktop\adwcleaner06(1).exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : APNMCP
Gestoppt & Gelöscht : StumbleUponUpdater
Gestoppt & Gelöscht : Web Assistant
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Chrome Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion FireFox Watcher.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Stats Report.job
Datei Gelöscht : C:\Windows\Tasks\GinyasBrowserCompanion Update Checker.job
Gelöscht mit Neustart : C:\Program Files\GinyasBrowserCompanion
Gelöscht mit Neustart : C:\ProgramData\GinyasBrowserCompanion
Ordner Gelöscht : C:\Program Files\adawaretb
Ordner Gelöscht : C:\Program Files\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files\FTDownloader.com
Ordner Gelöscht : C:\Program Files\Web Assistant
Ordner Gelöscht : C:\ProgramData\APN
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\BrowserProtect
Ordner Gelöscht : C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Ordner Gelöscht : C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\bodddioamolcibagionmmobehnbhiakf
Ordner Gelöscht : C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Ordner Gelöscht : C:\Users\James Bond\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\James Bond\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\James Bond\AppData\LocalLow\bbrs_002.tb
Ordner Gelöscht : C:\Users\James Bond\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\James Bond\AppData\LocalLow\StumbleUpon
Ordner Gelöscht : C:\Users\James Bond\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect
Ordner Gelöscht : C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Ordner Gelöscht : C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default\extensions\bbrs_002@blabbers.com
Ordner Gelöscht : C:\Users\JAMESB~1\AppData\Local\Temp\APN
Ordner Gelöscht : C:\Windows\system32\WNLT
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\1ClickDownload
Schlüssel Gelöscht : HKCU\Software\8e8fd8b369eb15
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\StumbleUpon
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StumbleUpon
Schlüssel Gelöscht : HKLM\SOFTWARE\8e8fd8b369eb15
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\StumbleUpon.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{817923CB-4744-4216-B250-CF7EDA8F1767}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9F0C17EB-EF2C-4278-9136-2D547656BC03}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\StumbleUpon.QTimeCpio.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{955B782E-CDC8-4CEE-B6F6-AD7D541A8D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\updatebho.TimerBHO.1
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bbffdhejhaoiflnpooogkckfdcmmjppn
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pgifblbjgdjhcelbanblbhkhmbnnmhfg
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DB616CFF-D989-48A8-9C85-E2A8D56AB2CA}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16496
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF7B --> hxxp://www.google.com
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v28.0.1500.72
Datei : C:\Users\James Bond\AppData\Local\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.48] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.55] : search_url = "hxxp://www.search.ask.com/web?p2=%5EAKE%5EOSJ000%5EYY%5EDE&gct=&o=APN10452&tpid[...]
Gelöscht [l.56] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc={qsrc}&li=ff&sstype=prefix&q={searchTer[...]
Gelöscht [l.2506] : homepage = "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_ss&mntrId=C8A100192148FF[...]
Gelöscht [l.2914] : urls_to_restore_on_startup = [ "hxxp://www2.delta-search.com/?affID=119777&tt=gc_&babsrc=HP_s[...]
*************************
AdwCleaner[R1].txt - [12350 octets] - [21/07/2013 23:07:30]
AdwCleaner[S1].txt - [9360 octets] - [25/07/2013 11:37:32]
########## EOF - C:\AdwCleaner[S1].txt - [9420 octets] ##########
JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.2.2 (07.22.2013:2)
OS: Windows 7 Ultimate x86
Ran by James Bond on 25.07.2013 at 11:45:58,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-3969571550-3735532996-2681142998-1000\software\web assistant"
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ginyasbrowsercompanion"
Successfully deleted: [Folder] "C:\ProgramData\pc1data"
Successfully deleted: [Folder] "C:\Users\James Bond\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Users\James Bond\AppData\Roaming\pc cleaners"
Successfully deleted: [Folder] "C:\Users\James Bond\AppData\Roaming\pcpro"
Successfully deleted: [Folder] "C:\Users\James Bond\appdata\local\adawarebp"
Successfully deleted: [Folder] "C:\Program Files\ginyasbrowsercompanion"
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{0081472F-830B-4ED9-8934-626B3A8B53D1}
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{29BECBF8-C916-4915-9628-72FE550AFB61}
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{2BCBA50B-F6DA-44FF-B6C4-B282FA6CE140}
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{6752C7C7-6FC5-42E9-ADD3-C1AEA2A86C01}
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{7DAEE9E8-468F-4CEC-92CA-BFA69E7689D2}
Successfully deleted: [Empty Folder] C:\Users\James Bond\appdata\local\{AF051924-9874-4713-99F8-B7B37620674E}
~~~ FireFox
Emptied folder: C:\Users\James Bond\AppData\Roaming\mozilla\firefox\profiles\2cg3b8em.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.07.2013 at 11:47:27,75
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by James Bond (administrator) on 25-07-2013 11:50:54
Running from C:\Users\James Bond\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft Limited) Q:\Program Files\AdAwareService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(MOTU Inc.) C:\Program Files\MOTU\motuDNSResponder.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() D:\Program Files\RocketDock\RocketDock.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "Q:\Program Files\AdAwareLauncher" --windows-run [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [RocketDock] - "D:\Program Files\RocketDock\RocketDock.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\JAMESB~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\16.49183_0
CHR Extension: (Google Docs) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Hedgehog in the fog) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (Gmail) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx
========================== Services (Whitelisted) =================
R2 Ad-Aware Service; Q:\Program Files\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 MOTU_ZeroConf; C:\Program Files\MOTU\motuDNSResponder.exe [390544 2013-04-29] (MOTU Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2013-04-22] ()
S2 SBAMSvc; Q:\Program Files\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 wampapache; q:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; q:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
==================== Drivers (Whitelisted) ====================
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-01-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-08-03] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-12] (GFI Software)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-05] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-24] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\JAMESB~1\AppData\Local\Temp\ALSysIO.sys [x]
S3 athr; system32\DRIVERS\athr.sys [x]
S3 catchme; \??\C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys [x]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 11:49 - 2013-07-25 11:49 - 01220306 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe
2013-07-25 11:48 - 2013-07-25 11:48 - 00002351 _____ C:\Users\James Bond\Desktop\JRT2.txt
2013-07-25 11:47 - 2013-07-25 11:47 - 00002351 _____ C:\Users\James Bond\Desktop\JRT.txt
2013-07-25 11:45 - 2013-07-25 11:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 11:44 - 2013-07-25 11:44 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\James Bond\Desktop\JRT_5.2.2.exe
2013-07-25 11:41 - 2013-07-25 11:41 - 00009489 _____ C:\Users\James Bond\Desktop\AdwCleaner[S1].txt
2013-07-25 11:37 - 2013-07-25 11:38 - 00009489 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:37 - 2013-07-25 11:38 - 00000160 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 11:34 - 2013-07-25 11:34 - 00666633 _____ C:\Users\James Bond\Desktop\adwcleaner06(1).exe
2013-07-24 20:00 - 2013-07-24 20:00 - 00018379 _____ C:\Users\James Bond\Desktop\loeger.txt
2013-07-24 18:14 - 2013-07-24 18:14 - 00018379 _____ C:\ComboFix.txt
2013-07-24 17:51 - 2013-07-24 18:15 - 00000000 ____D C:\Qoobox
2013-07-24 17:51 - 2013-07-24 18:15 - 00000000 ____D C:\ComboFix
2013-07-24 17:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 17:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 17:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 17:50 - 2013-07-24 18:12 - 00000000 ____D C:\Windows\erdnt
2013-07-24 17:31 - 2013-07-24 17:31 - 05092950 ____R (Swearware) C:\Users\James Bond\Desktop\ComboFix.exe
2013-07-24 15:44 - 2013-07-24 15:44 - 00030186 _____ C:\Users\James Bond\Desktop\Addition.txt
2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST
2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar
2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt
2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 11:02 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar
2013-07-24 10:49 - 2013-07-24 14:15 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part
2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport
2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe
2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET
2013-07-21 23:10 - 2013-07-24 15:17 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt
2013-07-21 23:09 - 2013-07-24 15:16 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt
2013-07-21 23:07 - 2013-07-21 23:08 - 00012350 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe
2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe
2013-07-21 15:10 - 2013-07-21 15:17 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason
2013-07-16 23:04 - 2013-07-16 23:23 - 00000000 ____D C:\filme
2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt
2013-07-15 16:07 - 2013-07-15 16:15 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4
2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel
2013-07-15 14:47 - 2013-07-15 18:42 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0
2013-07-15 14:47 - 2013-07-15 18:42 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP
2013-07-15 14:43 - 2013-07-15 18:42 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav
2013-07-15 14:39 - 2013-07-15 14:48 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason
2013-07-15 13:09 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-15 13:09 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-15 13:09 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-15 13:09 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-15 13:09 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-15 13:09 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-15 13:09 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-15 13:09 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-15 13:09 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-15 13:09 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-15 13:09 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-15 13:09 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-15 13:09 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-15 13:09 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-15 13:09 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-15 13:09 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk
2013-07-15 09:35 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 09:35 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 09:35 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 09:35 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt
2013-07-04 18:51 - 2013-07-04 18:52 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe
2013-07-03 01:51 - 2013-07-04 01:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 18:36 - 2013-07-02 18:50 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter
2013-07-02 17:33 - 2013-07-03 01:50 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant
2013-06-29 21:01 - 2013-07-01 17:40 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus
2013-06-28 08:41 - 2013-06-28 08:40 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-27 02:12 - 2013-07-24 12:28 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb
2013-06-27 02:11 - 2013-06-27 02:16 - 00000000 ____D C:\Program Files\Joystix Pro
2013-06-26 23:05 - 2013-06-30 00:58 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt
2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip
2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 01:16 - 2013-07-25 00:39 - 00250493 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-07-25 11:50 - 2012-07-31 23:22 - 00000000 ___RD C:\Users\James Bond\Desktop
2013-07-25 11:49 - 2013-07-25 11:49 - 01220306 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe
2013-07-25 11:49 - 2012-08-01 01:29 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Adobe
2013-07-25 11:48 - 2013-07-25 11:48 - 00002351 _____ C:\Users\James Bond\Desktop\JRT2.txt
2013-07-25 11:47 - 2013-07-25 11:47 - 00002351 _____ C:\Users\James Bond\Desktop\JRT.txt
2013-07-25 11:47 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:47 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:45 - 2013-07-25 11:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 11:44 - 2013-07-25 11:44 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\James Bond\Desktop\JRT_5.2.2.exe
2013-07-25 11:41 - 2013-07-25 11:41 - 00009489 _____ C:\Users\James Bond\Desktop\AdwCleaner[S1].txt
2013-07-25 11:39 - 2012-05-09 15:09 - 00074671 _____ C:\Windows\setupact.log
2013-07-25 11:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 11:38 - 2013-07-25 11:37 - 00009489 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:38 - 2013-07-25 11:37 - 00000160 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 11:38 - 2012-07-31 23:17 - 01624075 _____ C:\Windows\WindowsUpdate.log
2013-07-25 11:34 - 2013-07-25 11:34 - 00666633 _____ C:\Users\James Bond\Desktop\adwcleaner06(1).exe
2013-07-25 11:31 - 2012-08-15 22:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 00:39 - 2013-06-25 01:16 - 00250493 _____ C:\Windows\IE10_main.log
2013-07-24 20:00 - 2013-07-24 20:00 - 00018379 _____ C:\Users\James Bond\Desktop\loeger.txt
2013-07-24 19:53 - 2013-04-18 19:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job
2013-07-24 18:15 - 2013-07-24 17:51 - 00000000 ____D C:\Qoobox
2013-07-24 18:15 - 2013-07-24 17:51 - 00000000 ____D C:\ComboFix
2013-07-24 18:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-24 18:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-24 18:14 - 2013-07-24 18:14 - 00018379 _____ C:\ComboFix.txt
2013-07-24 18:12 - 2013-07-24 17:50 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:07 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-24 18:06 - 2010-11-20 23:48 - 00191696 _____ C:\Windows\PFRO.log
2013-07-24 18:06 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:32 - 2013-05-12 02:15 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Ad-Aware Antivirus
2013-07-24 17:31 - 2013-07-24 17:31 - 05092950 ____R (Swearware) C:\Users\James Bond\Desktop\ComboFix.exe
2013-07-24 16:11 - 2013-04-01 21:34 - 00000000 ____D C:\Program Files\Resident Evil 6
2013-07-24 15:44 - 2013-07-24 15:44 - 00030186 _____ C:\Users\James Bond\Desktop\Addition.txt
2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST
2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar
2013-07-24 15:17 - 2013-07-21 23:10 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt
2013-07-24 15:16 - 2013-07-21 23:09 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt
2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt
2013-07-24 14:15 - 2013-07-24 10:49 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part
2013-07-24 12:28 - 2013-06-27 02:12 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb
2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 11:02 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 10:52 - 2013-05-11 13:18 - 00000689 _____ C:\Users\James Bond\Desktop\darknet.txt
2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar
2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport
2013-07-24 09:53 - 2013-04-18 19:25 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job
2013-07-23 11:13 - 2010-11-20 23:01 - 01612448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-22 12:23 - 2012-08-06 18:35 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\vlc
2013-07-22 00:16 - 2012-07-31 23:58 - 00000000 ____D C:\Users\James Bond\Documents\888poker
2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe
2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET
2013-07-21 23:08 - 2013-07-21 23:07 - 00012350 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe
2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe
2013-07-21 15:17 - 2013-07-21 15:10 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason
2013-07-16 23:23 - 2013-07-16 23:04 - 00000000 ____D C:\filme
2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt
2013-07-15 20:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-15 19:37 - 2009-07-14 06:33 - 00478512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-15 19:34 - 2011-04-12 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 19:34 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 18:42 - 2013-07-15 14:47 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0
2013-07-15 18:42 - 2013-07-15 14:47 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP
2013-07-15 18:42 - 2013-07-15 14:43 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav
2013-07-15 18:42 - 2012-08-01 00:27 - 00000000 ____D C:\Users\James Bond\.gimp-2.6
2013-07-15 16:15 - 2013-07-15 16:07 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4
2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel
2013-07-15 15:59 - 2012-08-05 16:13 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\gtk-2.0
2013-07-15 15:59 - 2012-07-31 23:22 - 00000000 ____D C:\Users\James Bond
2013-07-15 14:48 - 2013-07-15 14:39 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason
2013-07-15 13:05 - 2012-05-09 14:35 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk
2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt
2013-07-04 18:52 - 2013-07-04 18:51 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE
2013-07-04 01:14 - 2013-07-03 01:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 01:14 - 2012-08-01 00:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-04 01:14 - 2012-07-31 23:43 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Mozilla
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe
2013-07-03 23:08 - 2012-08-08 21:11 - 00000000 ____D C:\Program Files\PokerStars.NET
2013-07-03 23:08 - 2012-08-01 00:30 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\PokerStars.NET
2013-07-03 01:50 - 2013-07-02 17:33 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant
2013-07-02 18:50 - 2013-07-02 18:36 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6
2013-07-02 18:49 - 2013-06-24 22:30 - 00000000 ____D C:\Users\James Bond\Desktop\Neuer Ordner (2)
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2013-07-02 18:36 - 2012-08-01 00:30 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Propellerhead Software
2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter
2013-07-02 18:35 - 2012-08-06 23:49 - 00000000 ____D C:\Program Files\Propellerhead
2013-07-02 01:42 - 2013-05-10 19:09 - 00000435 _____ C:\Users\James Bond\Desktop\webneeders.txt
2013-07-01 17:40 - 2013-06-29 21:01 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus
2013-06-30 00:58 - 2013-06-26 23:05 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt
2013-06-28 08:40 - 2013-06-28 08:41 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-28 08:40 - 2012-08-05 12:10 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 08:40 - 2012-08-05 12:10 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-27 14:01 - 2012-07-31 23:36 - 00147568 _____ C:\Users\JAMESB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-27 02:16 - 2013-06-27 02:11 - 00000000 ____D C:\Program Files\Joystix Pro
2013-06-27 02:09 - 2012-09-09 23:21 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Downloaded Installations
2013-06-27 01:54 - 2012-08-09 00:40 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-26 21:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 23:37
==================== End Of Log ============================
vielen dank soweit wie gehts weiter schöne grüße |
|
25.07.2013, 12:38
| #8 |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adwareESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.07.2013, 19:07
| #9 |
| | paar probleme mit maleware und adware ja hallo habe es gemacht log Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=8bd90e5fcb9af44fbf082d116d2f9f22
# engine=14524
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-07-25 03:37:59
# local_time=2013-07-25 05:37:59 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 856991 126397870 0 0
# scanned=451794
# found=5
# cleaned=0
# scan_time=13018
sh=9264B4C04F0D86E41248A33A9F52F52B3FE0B50D ft=1 fh=bfce6cf46d0ba010 vn="a variant of Win32/Packed.VMProtect.ABD trojan" ac=I fn="C:\Program Files\MAGIX\Movie_Edit_Pro_MX_Premium_Download_Version\magic.dll"
sh=7D85A8A8F04013DFA9E895999CED80D31475C29E ft=1 fh=6ea06a1e9519710f vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="C:\Program Files\Resident Evil 6\steam_api.dll"
sh=CF5510107597F7A236764C7B30B54E45AACE4C3F ft=1 fh=e9028220a11ba965 vn="a variant of Win32/Packed.VMProtect.AAA trojan" ac=I fn="C:\Program Files\Square Enix\Sleeping Dogs\buddha.dll"
sh=8E6EBA27FFCFB64C4E1DE223EEA818731A1D2FD4 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.Autoit.FX trojan" ac=I fn="C:\Users\James Bond\AppData\Local\Alt.Binz\download\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar\Call.of.Duty.Black.Ops.II.Update.3-SKIDROW.rar"
sh=783B11E9A6D9FD64239890B04B2E625B3A513217 ft=1 fh=04f0e3cea2d4e851 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="D:\Program Files\2K Games\BioShock Infinite\Binaries\Win32\steam_api.dll"
Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED!
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-07-2013
Ran by James Bond (administrator) on 25-07-2013 20:04:44
Running from C:\Users\James Bond\Desktop
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Lavasoft Limited) Q:\Program Files\AdAwareService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe
(MOTU Inc.) C:\Program Files\MOTU\motuDNSResponder.exe
() C:\Windows\system32\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() D:\Program Files\RocketDock\RocketDock.exe
(WIBU-SYSTEMS AG) C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [542632 2013-01-31] (Lavasoft)
HKLM\...\Run: [Ad-Aware Antivirus] - "Q:\Program Files\AdAwareLauncher" --windows-run [x]
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKCU\...\Run: [RocketDock] - "D:\Program Files\RocketDock\RocketDock.exe" [x]
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodeMeter Control Center.lnk
ShortcutTarget: CodeMeter Control Center.lnk -> C:\Program Files\CodeMeter\Runtime\bin\CodeMeterCC.exe (WIBU-SYSTEMS AG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - "C:\Program Files\Internet Explorer\iexplore.exe"
SearchScopes: HKLM - DefaultScope value is missing.
BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\James Bond\AppData\Roaming\Mozilla\Firefox\Profiles\2cg3b8em.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @www.flatcast.com/FlatViewer 5.2 - C:\Users\JAMESB~1\AppData\Roaming\Mozilla\Plugins\NpFv530.dll (1 mal 1 Software GmbH)
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Ask Search) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\James Bond\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll (1 mal 1 Software GmbH)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\James Bond\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Extension: (Ask Toolbar) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaajpkhjdkhhnkmgfjodbkfpbmibkkk\16.49183_0
CHR Extension: (Google Docs) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Hedgehog in the fog) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\haocganpkafanhkfldbbmhcpaelmkejg\3_0
CHR Extension: (Gmail) - C:\Users\JAMESB~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [aaaajpkhjdkhhnkmgfjodbkfpbmibkkk] - C:\ProgramData\AskPartnerNetwork\Toolbar\ORJ-V7\CRX\ToolbarCR.crx
========================== Services (Whitelisted) =================
R2 Ad-Aware Service; Q:\Program Files\AdAwareService.exe [1236336 2013-03-18] (Lavasoft Limited)
R2 CodeMeter.exe; C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe [2304912 2011-07-06] (WIBU-SYSTEMS AG)
R2 D-Link Wireless N DWA-140_WPS; C:\Program Files\D-Link\DWA-140 revB\ANIWConnService.exe [53248 2010-06-03] ()
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1840128 2011-05-24] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 MOTU_ZeroConf; C:\Program Files\MOTU\motuDNSResponder.exe [390544 2013-04-29] (MOTU Inc.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75064 2013-04-22] ()
S2 SBAMSvc; Q:\Program Files\SBAMSvc.exe [3677000 2012-09-20] (GFI Software)
S3 wampapache; q:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [18432 2012-05-13] (Apache Software Foundation)
S3 wampmysqld; q:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [8177664 2012-04-19] ()
==================== Drivers (Whitelisted) ====================
R1 anodlwf; C:\Windows\System32\DRIVERS\anodlwf.sys [12800 2009-03-06] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2013-01-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-08-03] (DT Soft Ltd)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [14920 2012-12-21] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9160 2012-12-21] ()
R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [13560 2013-05-12] (GFI Software)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2013-01-05] ()
S3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-07-24] (Malwarebytes Corporation)
S3 netr28u; C:\Windows\System32\DRIVERS\Dnetr28u.sys [855392 2010-05-05] (Ralink Technology Corp.)
S3 xnacc; C:\Windows\System32\DRIVERS\xnacc.sys [465408 2009-07-14] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\JAMESB~1\AppData\Local\Temp\ALSysIO.sys [x]
S3 athr; system32\DRIVERS\athr.sys [x]
S3 catchme; \??\C:\Users\JAMESB~1\AppData\Local\Temp\catchme.sys [x]
S1 SBRE; \SystemRoot\system32\drivers\SBREDrv.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-07-25 20:04 - 2013-07-25 20:04 - 00000041 _____ C:\Users\James Bond\Desktop\checkup.txt
2013-07-25 20:03 - 2013-07-25 20:03 - 00891062 _____ C:\Users\James Bond\Desktop\SecurityCheck.exe
2013-07-25 13:56 - 2013-07-25 13:56 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu(1).exe
2013-07-25 11:52 - 2013-07-25 11:52 - 00040135 _____ C:\Users\James Bond\Desktop\FRST2.txt
2013-07-25 11:49 - 2013-07-25 11:49 - 01220306 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe
2013-07-25 11:48 - 2013-07-25 11:48 - 00002351 _____ C:\Users\James Bond\Desktop\JRT2.txt
2013-07-25 11:47 - 2013-07-25 11:47 - 00002351 _____ C:\Users\James Bond\Desktop\JRT.txt
2013-07-25 11:45 - 2013-07-25 11:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 11:44 - 2013-07-25 11:44 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\James Bond\Desktop\JRT_5.2.2.exe
2013-07-25 11:41 - 2013-07-25 11:41 - 00009489 _____ C:\Users\James Bond\Desktop\AdwCleaner[S1].txt
2013-07-25 11:37 - 2013-07-25 11:38 - 00009489 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:37 - 2013-07-25 11:38 - 00000160 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 11:34 - 2013-07-25 11:34 - 00666633 _____ C:\Users\James Bond\Desktop\adwcleaner06(1).exe
2013-07-24 20:00 - 2013-07-24 20:00 - 00018379 _____ C:\Users\James Bond\Desktop\loeger.txt
2013-07-24 18:14 - 2013-07-24 18:14 - 00018379 _____ C:\ComboFix.txt
2013-07-24 17:51 - 2013-07-24 18:15 - 00000000 ____D C:\Qoobox
2013-07-24 17:51 - 2013-07-24 18:15 - 00000000 ____D C:\ComboFix
2013-07-24 17:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-07-24 17:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-07-24 17:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-07-24 17:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-07-24 17:50 - 2013-07-24 18:12 - 00000000 ____D C:\Windows\erdnt
2013-07-24 17:31 - 2013-07-24 17:31 - 05092950 ____R (Swearware) C:\Users\James Bond\Desktop\ComboFix.exe
2013-07-24 15:44 - 2013-07-24 15:44 - 00030186 _____ C:\Users\James Bond\Desktop\Addition.txt
2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST
2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar
2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt
2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 11:02 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar
2013-07-24 10:49 - 2013-07-24 14:15 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part
2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport
2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe
2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET
2013-07-21 23:10 - 2013-07-24 15:17 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt
2013-07-21 23:09 - 2013-07-24 15:16 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt
2013-07-21 23:07 - 2013-07-21 23:08 - 00012350 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe
2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe
2013-07-21 15:10 - 2013-07-21 15:17 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason
2013-07-16 23:04 - 2013-07-16 23:23 - 00000000 ____D C:\filme
2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt
2013-07-15 16:07 - 2013-07-15 16:15 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4
2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel
2013-07-15 14:47 - 2013-07-15 18:42 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0
2013-07-15 14:47 - 2013-07-15 18:42 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP
2013-07-15 14:43 - 2013-07-15 18:42 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav
2013-07-15 14:39 - 2013-07-15 14:48 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason
2013-07-15 13:09 - 2013-05-29 03:56 - 12333568 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-15 13:09 - 2013-05-29 03:50 - 01800704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-15 13:09 - 2013-05-29 03:48 - 09738752 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-15 13:09 - 2013-05-29 03:41 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-15 13:09 - 2013-05-29 03:41 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-15 13:09 - 2013-05-29 03:41 - 01104384 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-15 13:09 - 2013-05-29 03:40 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-15 13:09 - 2013-05-29 03:38 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-15 13:09 - 2013-05-29 03:37 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-15 13:09 - 2013-05-29 03:36 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-15 13:09 - 2013-05-29 03:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-15 13:09 - 2013-05-29 03:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-15 13:09 - 2013-05-29 03:33 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-15 13:09 - 2013-05-29 03:33 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-15 13:09 - 2013-05-29 03:33 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-15 13:09 - 2013-05-29 03:29 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk
2013-07-15 09:35 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-15 09:35 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-15 09:35 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-15 09:35 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt
2013-07-04 18:51 - 2013-07-04 18:52 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe
2013-07-03 01:51 - 2013-07-04 01:14 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-02 18:36 - 2013-07-02 18:50 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter
2013-07-02 17:33 - 2013-07-03 01:50 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant
2013-06-29 21:01 - 2013-07-01 17:40 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus
2013-06-28 08:41 - 2013-06-28 08:40 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 08:41 - 2013-06-28 08:40 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-27 02:12 - 2013-07-24 12:28 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb
2013-06-27 02:11 - 2013-06-27 02:16 - 00000000 ____D C:\Program Files\Joystix Pro
2013-06-26 23:05 - 2013-06-30 00:58 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt
2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip
2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-25 01:16 - 2013-07-25 13:01 - 00256126 _____ C:\Windows\IE10_main.log
==================== One Month Modified Files and Folders =======
2013-07-25 20:04 - 2013-07-25 20:04 - 00000041 _____ C:\Users\James Bond\Desktop\checkup.txt
2013-07-25 20:04 - 2012-07-31 23:22 - 00000000 ___RD C:\Users\James Bond\Desktop
2013-07-25 20:03 - 2013-07-25 20:03 - 00891062 _____ C:\Users\James Bond\Desktop\SecurityCheck.exe
2013-07-25 20:00 - 2013-05-09 17:15 - 00002004 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-07-25 20:00 - 2013-05-09 17:15 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-07-25 20:00 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Desktop
2013-07-25 19:53 - 2013-04-18 19:25 - 00001140 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000UA.job
2013-07-25 19:31 - 2012-08-15 22:28 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-07-25 17:11 - 2012-07-31 23:17 - 01910015 _____ C:\Windows\WindowsUpdate.log
2013-07-25 15:01 - 2012-08-06 18:35 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\vlc
2013-07-25 14:00 - 2010-11-20 23:01 - 01612448 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-25 13:56 - 2013-07-25 13:56 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu(1).exe
2013-07-25 13:01 - 2013-06-25 01:16 - 00256126 _____ C:\Windows\IE10_main.log
2013-07-25 11:52 - 2013-07-25 11:52 - 00040135 _____ C:\Users\James Bond\Desktop\FRST2.txt
2013-07-25 11:49 - 2013-07-25 11:49 - 01220306 _____ (Farbar) C:\Users\James Bond\Desktop\FRST.exe
2013-07-25 11:49 - 2012-08-01 01:29 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Adobe
2013-07-25 11:48 - 2013-07-25 11:48 - 00002351 _____ C:\Users\James Bond\Desktop\JRT2.txt
2013-07-25 11:47 - 2013-07-25 11:47 - 00002351 _____ C:\Users\James Bond\Desktop\JRT.txt
2013-07-25 11:47 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:47 - 2009-07-14 06:34 - 00021072 _____ C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-25 11:45 - 2013-07-25 11:45 - 00000000 ____D C:\Windows\ERUNT
2013-07-25 11:44 - 2013-07-25 11:44 - 00560934 _____ (Oleg N. Scherbakov) C:\Users\James Bond\Desktop\JRT_5.2.2.exe
2013-07-25 11:41 - 2013-07-25 11:41 - 00009489 _____ C:\Users\James Bond\Desktop\AdwCleaner[S1].txt
2013-07-25 11:39 - 2012-05-09 15:09 - 00074671 _____ C:\Windows\setupact.log
2013-07-25 11:39 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-07-25 11:38 - 2013-07-25 11:37 - 00009489 _____ C:\AdwCleaner[S1].txt
2013-07-25 11:38 - 2013-07-25 11:37 - 00000160 _____ C:\Windows\DeleteOnReboot.bat
2013-07-25 11:34 - 2013-07-25 11:34 - 00666633 _____ C:\Users\James Bond\Desktop\adwcleaner06(1).exe
2013-07-24 20:00 - 2013-07-24 20:00 - 00018379 _____ C:\Users\James Bond\Desktop\loeger.txt
2013-07-24 18:15 - 2013-07-24 17:51 - 00000000 ____D C:\Qoobox
2013-07-24 18:15 - 2013-07-24 17:51 - 00000000 ____D C:\ComboFix
2013-07-24 18:15 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-07-24 18:15 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-07-24 18:14 - 2013-07-24 18:14 - 00018379 _____ C:\ComboFix.txt
2013-07-24 18:12 - 2013-07-24 17:50 - 00000000 ____D C:\Windows\erdnt
2013-07-24 18:07 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-07-24 18:06 - 2010-11-20 23:48 - 00191696 _____ C:\Windows\PFRO.log
2013-07-24 18:06 - 2009-07-14 06:53 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-24 17:32 - 2013-05-12 02:15 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Ad-Aware Antivirus
2013-07-24 17:31 - 2013-07-24 17:31 - 05092950 ____R (Swearware) C:\Users\James Bond\Desktop\ComboFix.exe
2013-07-24 16:11 - 2013-04-01 21:34 - 00000000 ____D C:\Program Files\Resident Evil 6
2013-07-24 15:44 - 2013-07-24 15:44 - 00030186 _____ C:\Users\James Bond\Desktop\Addition.txt
2013-07-24 15:43 - 2013-07-24 15:43 - 00000000 ____D C:\FRST
2013-07-24 15:39 - 2013-07-24 15:39 - 00115146 _____ C:\Users\James Bond\Desktop\OTL.Txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00124162 _____ C:\Users\James Bond\Desktop\Extrasotl.txt
2013-07-24 15:36 - 2013-07-24 15:36 - 00021481 _____ C:\Users\James Bond\Desktop\Extrasotl.rar
2013-07-24 15:17 - 2013-07-21 23:10 - 00124162 _____ C:\Users\James Bond\Downloads\Extras.Txt
2013-07-24 15:16 - 2013-07-21 23:09 - 00115146 _____ C:\Users\James Bond\Downloads\OTL.Txt
2013-07-24 14:54 - 2013-07-24 14:54 - 00000532 _____ C:\Users\James Bond\Desktop\Ereignisse.txt
2013-07-24 14:15 - 2013-07-24 10:49 - 311422340 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar.part
2013-07-24 12:28 - 2013-06-27 02:12 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Blue Orb
2013-07-24 11:02 - 2013-07-24 11:02 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-07-24 11:02 - 2013-07-24 11:02 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-07-24 11:02 - 2013-07-24 11:02 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-07-24 11:01 - 2013-07-24 11:01 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Bond\Downloads\mbam-setup-1.75.0.1300.exe
2013-07-24 10:52 - 2013-05-11 13:18 - 00000689 _____ C:\Users\James Bond\Desktop\darknet.txt
2013-07-24 10:50 - 2013-07-24 10:50 - 00000000 _____ C:\Users\James Bond\Downloads\Propellerhead.REASON.v6.5.3.x86.Included.Alpha.Patch-CHAOS.part1.rar
2013-07-24 10:03 - 2013-07-24 10:03 - 00000000 ____D C:\Users\James Bond\Desktop\virenreport
2013-07-24 09:53 - 2013-04-18 19:25 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3969571550-3735532996-2681142998-1000Core.job
2013-07-22 00:16 - 2012-07-31 23:58 - 00000000 ____D C:\Users\James Bond\Documents\888poker
2013-07-21 23:13 - 2013-07-21 23:13 - 02347384 _____ (ESET) C:\Users\James Bond\Downloads\esetsmartinstaller_enu.exe
2013-07-21 23:13 - 2013-07-21 23:13 - 00000000 ____D C:\Program Files\ESET
2013-07-21 23:08 - 2013-07-21 23:07 - 00012350 _____ C:\AdwCleaner[R1].txt
2013-07-21 23:06 - 2013-07-21 23:06 - 00666633 _____ C:\Users\James Bond\Downloads\adwcleaner06.exe
2013-07-21 23:02 - 2013-07-21 23:02 - 00377856 _____ C:\Users\James Bond\Downloads\gmer_2.1.19163.exe
2013-07-21 22:56 - 2013-07-21 22:56 - 00602112 _____ (OldTimer Tools) C:\Users\James Bond\Downloads\OTL.exe
2013-07-21 15:17 - 2013-07-21 15:10 - 00786484 _____ C:\Users\James Bond\Desktop\ABERDANN.reason
2013-07-16 23:23 - 2013-07-16 23:04 - 00000000 ____D C:\filme
2013-07-16 10:03 - 2013-07-16 10:03 - 00000120 _____ C:\Users\James Bond\Desktop\Neues Textdokument (2).txt
2013-07-15 20:17 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-15 19:37 - 2009-07-14 06:33 - 00478512 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-15 19:34 - 2011-04-12 03:38 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-15 19:34 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-15 18:42 - 2013-07-15 14:47 - 00396392 _____ C:\Users\James Bond\Desktop\Florian Alter .H0
2013-07-15 18:42 - 2013-07-15 14:47 - 00002570 _____ C:\Users\James Bond\Desktop\Florian Alter .HDP
2013-07-15 18:42 - 2013-07-15 14:43 - 50739116 _____ C:\Users\James Bond\Desktop\Florian Alter .wav
2013-07-15 18:42 - 2012-08-01 00:27 - 00000000 ____D C:\Users\James Bond\.gimp-2.6
2013-07-15 16:15 - 2013-07-15 16:07 - 224271666 _____ C:\Users\James Bond\Desktop\2013-07-15.mp4
2013-07-15 15:59 - 2013-07-15 15:59 - 00019606 _____ C:\Users\James Bond\.recently-used.xbel
2013-07-15 15:59 - 2012-08-05 16:13 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\gtk-2.0
2013-07-15 15:59 - 2012-07-31 23:22 - 00000000 ____D C:\Users\James Bond
2013-07-15 14:48 - 2013-07-15 14:39 - 04194356 _____ C:\Users\James Bond\Desktop\nulib.reason
2013-07-15 13:05 - 2012-05-09 14:35 - 75699896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-07-15 12:17 - 2013-07-15 12:17 - 00001185 _____ C:\Users\James Bond\Desktop\Reason - Verknüpfung.lnk
2013-07-06 20:55 - 2013-07-06 20:55 - 00015277 _____ C:\Users\James Bond\Desktop\verschiebungderkündigung.odt
2013-07-04 18:52 - 2013-07-04 18:51 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\MKKE
2013-07-04 01:14 - 2013-07-03 01:51 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-07-04 01:14 - 2012-08-01 00:03 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-07-04 01:14 - 2012-07-31 23:43 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Mozilla
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0.exe
2013-07-04 01:13 - 2013-07-04 01:13 - 21703480 _____ (Mozilla) C:\Users\James Bond\Downloads\Firefox Setup 22.0 (1).exe
2013-07-03 23:08 - 2012-08-08 21:11 - 00000000 ____D C:\Program Files\PokerStars.NET
2013-07-03 23:08 - 2012-08-01 00:30 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\PokerStars.NET
2013-07-03 01:50 - 2013-07-02 17:33 - 00000000 ____D C:\Users\James Bond\Desktop\fürrestaurant
2013-07-02 18:50 - 2013-07-02 18:36 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Line 6
2013-07-02 18:49 - 2013-06-24 22:30 - 00000000 ____D C:\Users\James Bond\Desktop\Neuer Ordner (2)
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\ProgramData\Line 6
2013-07-02 18:36 - 2013-07-02 18:36 - 00000000 ____D C:\Program Files\Common Files\Propellerhead Software
2013-07-02 18:36 - 2012-08-01 00:30 - 00000000 ____D C:\Users\James Bond\AppData\Roaming\Propellerhead Software
2013-07-02 18:35 - 2013-07-02 18:35 - 00000000 ____D C:\Program Files\CodeMeter
2013-07-02 18:35 - 2012-08-06 23:49 - 00000000 ____D C:\Program Files\Propellerhead
2013-07-02 01:42 - 2013-05-10 19:09 - 00000435 _____ C:\Users\James Bond\Desktop\webneeders.txt
2013-07-01 17:40 - 2013-06-29 21:01 - 00000000 ____D C:\Users\James Bond\Desktop\autohaus
2013-06-30 00:58 - 2013-06-26 23:05 - 00000701 _____ C:\Users\James Bond\Desktop\Neues Textdokument.txt
2013-06-28 08:40 - 2013-06-28 08:41 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-06-28 08:40 - 2013-06-28 08:41 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-06-28 08:40 - 2012-08-05 12:10 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-06-28 08:40 - 2012-08-05 12:10 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-06-27 14:01 - 2012-07-31 23:36 - 00147568 _____ C:\Users\JAMESB~1\AppData\Local\GDIPFONTCACHEV1.DAT
2013-06-27 02:16 - 2013-06-27 02:11 - 00000000 ____D C:\Program Files\Joystix Pro
2013-06-27 02:09 - 2012-09-09 23:21 - 00000000 ____D C:\Users\JAMESB~1\AppData\Local\Downloaded Installations
2013-06-27 01:54 - 2012-08-09 00:40 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-26 21:36 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-06-26 19:57 - 2013-06-26 19:57 - 00104800 _____ C:\Users\James Bond\Desktop\iw5m-client.zip
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-06-25 12:33 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-06-25 01:18 - 2013-06-25 01:18 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01504768 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-25 01:18 - 2013-06-25 01:18 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-07-23 23:37
==================== End Of Log ============================
--- --- --- schon mal vielen dank soweit wie gehts weiter kannst du mir ein gutes antivirenprogramm empfehlen? |
|
26.07.2013, 09:16
| #10 |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adware Die Funde von Eset bitte alles deinstallieren. Avast oder Emsisoft Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.07.2013, 12:05
| #11 |
| | paar probleme mit maleware und adware bitte noch nicht den threat schließen muss jetzt erstmal kurz weg kann mich erst heute abend ransetzen |
|
26.07.2013, 13:20
| #12 |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adware Der wird nicht geschlossen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2013, 12:47
| #13 |
| | paar probleme mit maleware und adware Sorry Schrauber das ich mich jetzt erst melde habe viele probleme konnte deswegen nicht online gehen. Erstmal tausend dank für deine hilfe wirklich super probs ***** stars es ging danach mein rocketdock nicht mehr aber irgendwie nach ein paar neustarts ging rocketdock wieder ich brauch rocketdock. Vieleicht kannst du mir bitte bei etwas helfen ich habe ein paar probleme bei der installation von windows updates erst wollte ich den internet eplorer updaten da hatte er mir einen fehlercode angezeigt kann ihn nicht mehr wiedergeben ich hatte in der systemsteuerung/programme deinstalieren dort habe ich den alten IE deaktiviert dann ging es zu instalieren jetzt wollte ich microsoft visual studio 2010 service pack 1 instalieren und er gibt mir einen fehlercode Fehler 80200053 dann wollte ich ein spiel instalieren dead rising da kahm folgender fehler "The cabinet file ´Media1.cab´required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package." Das spuckt er mir bei der Installation mit Daemontools aus. da kahm noch nen log file raus. ich weis gerade nur nicht welches das richtige ist ich glaube das hier ich schick trotzdem alle erstmal gamemsi.log Code:
ATTFilter === Logging started: 01.09.2013 13:28:10 ===
Action start 13:28:10: INSTALL.
Action start 13:28:10: LaunchConditions.
Action ended 13:28:10: LaunchConditions. Return value 0.
Action start 13:28:10: SetBASEROOTFOLDER.
Action ended 13:28:10: SetBASEROOTFOLDER. Return value 1.
Action start 13:28:10: ValidateProductID.
Action ended 13:28:10: ValidateProductID. Return value 1.
Action start 13:28:10: CostInitialize.
Action ended 13:28:10: CostInitialize. Return value 1.
Action start 13:28:10: FileCost.
Action ended 13:28:10: FileCost. Return value 1.
Action start 13:28:10: CostFinalize.
Action ended 13:28:10: CostFinalize. Return value 1.
Action start 13:28:10: InstallValidate.
Action ended 13:28:10: InstallValidate. Return value 1.
Action start 13:28:10: SetARPINSTALLLOCATION.
Action ended 13:28:10: SetARPINSTALLLOCATION. Return value 1.
Action start 13:28:10: SetCA4001GameUXRollBackAddAsAdmin.
Action ended 13:28:10: SetCA4001GameUXRollBackAddAsAdmin. Return value 1.
Action start 13:28:10: SetCA4003GameUXAddAsAdmin.
Action ended 13:28:10: SetCA4003GameUXAddAsAdmin. Return value 1.
Action start 13:28:10: InstallInitialize.
Action ended 13:28:11: InstallInitialize. Return value 1.
Action start 13:28:11: ProcessComponents.
Action ended 13:28:11: ProcessComponents. Return value 1.
Action start 13:28:11: UnpublishFeatures.
Action ended 13:28:11: UnpublishFeatures. Return value 1.
Action start 13:28:11: RemoveRegistryValues.
Action ended 13:28:11: RemoveRegistryValues. Return value 1.
Action start 13:28:11: RemoveShortcuts.
Action ended 13:28:11: RemoveShortcuts. Return value 1.
Action start 13:28:11: WixSchedFirewallExceptionsUninstall.
SchedFirewallExceptions: Component 'Fid_54BF5808_E740_B8BB_04E9_7D955FF87630' action state (1) doesn't match request (2)
SchedFirewallExceptions: No firewall exceptions scheduled
Action ended 13:28:11: WixSchedFirewallExceptionsUninstall. Return value 1.
Action start 13:28:11: RemoveFiles.
Action ended 13:28:11: RemoveFiles. Return value 1.
Action start 13:28:11: WixSchedInternetShortcuts.
Action ended 13:28:12: WixSchedInternetShortcuts. Return value 1.
Action start 13:28:12: RemoveFolders.
Action ended 13:28:12: RemoveFolders. Return value 1.
Action start 13:28:12: CreateFolders.
Action ended 13:28:12: CreateFolders. Return value 1.
Action start 13:28:12: InstallFiles.
Action ended 13:28:12: InstallFiles. Return value 1.
Action start 13:28:12: CA4001GameUXRollBackAddAsAdmin.
Action ended 13:28:12: CA4001GameUXRollBackAddAsAdmin. Return value 1.
Action start 13:28:12: CA4003GameUXAddAsAdmin.
Action ended 13:28:12: CA4003GameUXAddAsAdmin. Return value 1.
Action start 13:28:12: WixSchedFirewallExceptionsInstall.
SchedFirewallExceptions: Scheduling firewall exception (1€Dead Rising 2: OTR€*€1€2€C:\Games\deadrising2otr.exe)
Action start 13:28:12: WixRollbackFirewallExceptionsInstall.
Action ended 13:28:12: WixRollbackFirewallExceptionsInstall. Return value 1.
Action start 13:28:12: WixExecFirewallExceptionsInstall.
Action ended 13:28:12: WixExecFirewallExceptionsInstall. Return value 1.
Action ended 13:28:12: WixSchedFirewallExceptionsInstall. Return value 1.
Action start 13:28:12: CreateShortcuts.
Action ended 13:28:12: CreateShortcuts. Return value 1.
Action start 13:28:12: WixRollbackInternetShortcuts.
Action ended 13:28:12: WixRollbackInternetShortcuts. Return value 1.
Action start 13:28:12: WixCreateInternetShortcuts.
Action ended 13:28:12: WixCreateInternetShortcuts. Return value 1.
Action start 13:28:12: WriteRegistryValues.
Action ended 13:28:12: WriteRegistryValues. Return value 1.
Action start 13:28:12: RegisterUser.
Action ended 13:28:12: RegisterUser. Return value 1.
Action start 13:28:12: RegisterProduct.
Action ended 13:28:12: RegisterProduct. Return value 1.
Action start 13:28:12: PublishFeatures.
Action ended 13:28:12: PublishFeatures. Return value 1.
Action start 13:28:12: PublishProduct.
Action ended 13:28:12: PublishProduct. Return value 1.
Action start 13:28:12: InstallFinalize.
MSI (s) (44:74) [13:30:37:127]: Product: Dead Rising 2: OTR -- Error 1335. The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
Error 1335. The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
Action ended 13:30:37: InstallFinalize. Return value 3.
Action ended 13:30:39: INSTALL. Return value 3.
Property(S): WixRollbackFirewallExceptionsInstall = 1€Dead Rising 2: OTR€*€1€2€C:\Games\deadrising2otr.exe
Property(S): WixExecFirewallExceptionsInstall = 1€Dead Rising 2: OTR€*€1€2€C:\Games\deadrising2otr.exe
Property(S): APPLICATIONROOTDIRECTORY = C:\Games\
Property(S): Fid_8C2E1EEB_E6A7_3D0A_64D9_63D81835185B = C:\Games\data\
Property(S): Fid_DB4FBCFD_51A0_E5BE_F6DA_E31A255482CE = C:\Games\data\anim\
Property(S): Fid_A6864421_9EC1_7D52_E974_BFC0D6D3B079 = C:\Games\data\anim\battle\
Property(S): Fid_260D2826_DBC7_9C9F_5350_EE074491468A = C:\Games\data\anim\survivor_custom\
Property(S): Fid_660DBB02_BA20_8330_2EB7_18F25B02F1E3 = C:\Games\data\audio\
Property(S): Fid_91DD02D1_B05D_7446_A580_479C4810C2AE = C:\Games\data\cinematics\
Property(S): Fid_56017F83_F66D_8F44_8830_8F436B00A730 = C:\Games\data\controls\
Property(S): Fid_04C2CC32_8CAB_1925_C466_4691BD06FE32 = C:\Games\data\datafile\
Property(S): Fid_24008C2F_BFD6_FDF2_7E96_C2C62FB5FB60 = C:\Games\data\frontend\
Property(S): Fid_32F6F885_3F0F_0162_91E5_AE4C73FFBDBD = C:\Games\data\misc\
Property(S): Fid_CD74DB03_61FC_0509_1F90_DA93AD5023ED = C:\Games\data\misc\textures\
Property(S): Fid_F6FC37C1_8F33_A389_01DD_892205130274 = C:\Games\data\models\
Property(S): Fid_9F7FB1F8_D154_D96F_DED2_95E28610BD91 = C:\Games\data\models\crowd\
Property(S): Fid_45D89BB8_FEDD_AAFF_55CC_0FC43E5DE916 = C:\Games\data\models\environment\
Property(S): Fid_026FA09C_A2E6_2E66_BEBD_8E5B01DEA9EB = C:\Games\data\models\environment\americana_casino\
Property(S): Fid_DD24AF87_9D35_ECB0_8625_777EF6087C8F = C:\Games\data\models\environment\arena_backstage\
Property(S): Fid_54F3D83F_834C_BC0D_C666_713936154428 = C:\Games\data\models\environment\atlantica_casino\
Property(S): Fid_E128B58F_8E09_384E_2B52_F5070E4E3E94 = C:\Games\data\models\environment\boss_battle_KCOT\
Property(S): Fid_5F864495_E15A_D228_E3F3_953A18332312 = C:\Games\data\models\environment\boss_battle_train\
Property(S): Fid_B88A3290_F1A2_8F98_16DB_F8EE63DAE624 = C:\Games\data\models\environment\food_barn\
Property(S): Fid_752D066C_1F02_4502_C0F9_E5012C1D4CFF = C:\Games\data\models\environment\fortune_exterior\
Property(S): Fid_7FE2BF77_C6C6_CB9A_B0DE_26CCED45439E = C:\Games\data\models\environment\laboratory\
Property(S): Fid_9ECFFD4C_7CDB_AF82_9AE8_20AED84A93BA = C:\Games\data\models\environment\main_menu\
Property(S): Fid_11A14F42_2743_8C09_5FCF_F10893C33A26 = C:\Games\data\models\environment\palisades_mall\
Property(S): Fid_80BFA2BB_D05B_5A55_6932_3916DF16A48B = C:\Games\data\models\environment\royal_flush\
Property(S): Fid_57B190C6_2BB2_B19C_1484_9A2C700FC97C = C:\Games\data\models\environment\safehouse\
Property(S): Fid_1A1308B0_9C8C_1077_DAA6_2F228114B260 = C:\Games\data\models\environment\south_plaza\
Property(S): Fid_2D6E369D_54C8_1D38_B848_E077C807986B = C:\Games\data\models\environment\tape_die\
Property(S): Fid_9472DA80_C302_7B54_382B_3F809EBF1DE1 = C:\Games\data\models\environment\theme_park\
Property(S): Fid_ABE84F0B_A01A_BAB7_97C8_6B29B8A33578 = C:\Games\data\models\environment\underground\
Property(S): Fid_64420566_540C_046B_0E3F_024142C3DD18 = C:\Games\data\models\environment\yucatan_casino\
Property(S): Fid_E5E079F1_301B_0262_B616_669814F0C3EF = C:\Games\data\models\environmentmaps\
Property(S): Fid_E02F1162_64DB_2DD1_F1C3_113425B1C44C = C:\Games\data\models\interactables\
Property(S): Fid_D1CCC1F2_9C5A_ACF7_69E4_3B4ACDDAF984 = C:\Games\data\models\special\
Property(S): Fid_51BD6C9E_E190_4ACA_6345_DF137B3B505D = C:\Games\data\models\weapons\
Property(S): Fid_38083F6D_F922_5A41_AA36_4F62AABF06D7 = C:\Games\data\models\zombies\
Property(S): Fid_FCF4B4DD_0260_3A10_6AC2_2A2538BA5CA7 = C:\Games\data\movies\
Property(S): Fid_A11F6D52_2534_43FB_E59E_D19B0E859923 = C:\Games\data\movies\battle\
Property(S): Fid_91FA7890_8BC5_BC1E_6803_D4616AFDF784 = C:\Games\data\shaders\
Property(S): Fid_D9516225_550A_6461_CDA7_A04743442B45 = C:\Games\data\skeleton\
Property(S): Fid_0DD09BD6_A26B_9467_FF6C_8FA47F4FA14F = C:\Games\data\system\
Property(S): Fid_09CE8017_7007_941C_6D65_E024DB2FF26A = C:\Games\data\system\1024\
Property(S): Fid_13CDB581_0D8B_4384_FF6A_3AF8CEFD1DFB = C:\Games\data\system\1050\
Property(S): Fid_866A5CD7_ECB9_E754_EB69_12540089F382 = C:\Games\data\system\1080\
Property(S): Fid_AE59AE32_AAEC_7145_D572_FA76190C3E26 = C:\Games\data\system\1200\
Property(S): Fid_B2009CDC_187F_24D0_FA29_C5467B155C40 = C:\Games\data\system\480\
Property(S): Fid_0A36CC05_DAC1_A4B5_7970_2D7EBCCDE101 = C:\Games\data\system\600\
Property(S): Fid_2D05AD80_262F_B531_6B3D_B4552CEBD0ED = C:\Games\data\system\720\
Property(S): Fid_882706B2_97FA_A41B_B960_86AFD4660B29 = C:\Games\data\system\768\
Property(S): Fid_4A9F702B_E179_BF5C_2A99_79D352F5CFC3 = C:\Games\data\system\900\
Property(S): Fid_833B56BC_412E_A1EB_84B8_B42B0FD4C5D9 = C:\Games\data\system\960\
Property(S): Fid_DB508436_7BD9_1E9A_2AEC_F2D25B10C424 = C:\Games\Zdp\
Property(S): Fid_E9126DFF_1AC8_5D4E_43E3_72AE8265E6A5 = C:\Games\Zdp\cs-cz\
Property(S): Fid_6554A537_3DEB_E307_FB4D_CAFEEA8D4A8C = C:\Games\Zdp\de-de\
Property(S): Fid_2575551C_5FF1_ECB8_2A8D_D4243CEDBF72 = C:\Games\Zdp\en-us\
Property(S): Fid_527DD5CE_7D9E_93D3_D316_A12D311C8DF7 = C:\Games\Zdp\es-es\
Property(S): Fid_B47805FC_0E51_E2CD_9914_B3898D39FC6E = C:\Games\Zdp\fr-fr\
Property(S): Fid_A243C0D3_AF43_9C72_DC18_94E882250FA0 = C:\Games\Zdp\it-it\
Property(S): Fid_D3D6AADA_FA72_2071_21F9_488D00E5BD2D = C:\Games\Zdp\ja-jp\
Property(S): Fid_DFD1D20D_C5E7_7708_7D61_0130AC81404F = C:\Games\Zdp\ko-kr\
Property(S): Fid_57D1C571_F3A9_3035_1561_393D4DFDBB4A = C:\Games\Zdp\nb-no\
Property(S): Fid_4BA1191A_574E_EA90_4ECA_EDA1F1651F59 = C:\Games\Zdp\nl-nl\
Property(S): Fid_ECD0EA04_1E3B_9596_7291_5810AE392605 = C:\Games\Zdp\pl-pl\
Property(S): Fid_3EA3598F_47CD_41E1_BFC5_2D5877EEB504 = C:\Games\Zdp\pt-br\
Property(S): Fid_B2748B31_2D3C_CFCF_F799_7C702DBA8787 = C:\Games\Zdp\ru-ru\
Property(S): TARGETDIR = C:\
Property(S): ENABLEREPAIR = 1
Property(S): Fid_814AFDD3_39D2_9F9F_EFFD_C7A5074D2FC5 = C:\ProgramData\Microsoft\Windows\GameExplorer\{3ED496CC-7A39-50DA-6D86-85947005CAD7}\
Property(S): ApplicationProgramsMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\Dead Rising 2 OTR\
Property(S): DesktopFolder = C:\Users\Public\Desktop\
Property(S): WixUIRMOption = UseRM
Property(S): WIXUI_INSTALLDIR = APPLICATIONROOTDIRECTORY
Property(S): ALLUSERS = 1
Property(S): ARPNOMODIFY = 1
Property(S): BASEROOTFOLDER = C:\Program Files\
Property(S): ARPINSTALLLOCATION = C:\Games\
Property(S): CA4003GameUXAddAsAdmin = C:\Games\gdf.dll|C:\Games\|3|{3ED496CC-7A39-50DA-6D86-85947005CAD7}
Property(S): CA4001GameUXRollBackAddAsAdmin = {3ED496CC-7A39-50DA-6D86-85947005CAD7}
Property(S): PUBLISHERROOTFOLDER = C:\Program Files\Capcom\
Property(S): ProgramFilesFolder = C:\Program Files\
Property(S): Fid_768AFF5A_CD42_BA8D_B17D_765881CEE968 = C:\ProgramData\Microsoft\Windows\GameExplorer\{3ED496CC-7A39-50DA-6D86-85947005CAD7}\PlayTasks\0\
Property(S): Fid_CB01A6D9_D8BF_6EAA_29B9_C9DB533DB42C = C:\ProgramData\Microsoft\Windows\GameExplorer\{3ED496CC-7A39-50DA-6D86-85947005CAD7}\PlayTasks\
Property(S): Fid_70ED7174_CE50_51C2_F8E4_26E1347A640C = C:\ProgramData\Microsoft\Windows\GameExplorer\{3ED496CC-7A39-50DA-6D86-85947005CAD7}\SupportTasks\0\
Property(S): Fid_78669DAD_5873_06FC_D92E_6EFA72EF71DF = C:\ProgramData\Microsoft\Windows\GameExplorer\{3ED496CC-7A39-50DA-6D86-85947005CAD7}\SupportTasks\
Property(S): Fid_35F3CA94_AB98_AC3D_2679_65E68BDF803E = C:\ProgramData\Microsoft\Windows\GameExplorer\
Property(S): Fid_286CBCF7_0B60_503D_A82F_BF45E6DBAD6D = C:\ProgramData\Microsoft\Windows\
Property(S): Fid_0EF879D4_3063_28B4_30DD_07CFABCA8677 = C:\ProgramData\Microsoft\
Property(S): CommonAppDataFolder = C:\ProgramData\
Property(S): PublisherProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\
Property(S): ProgramMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\
Property(S): SourceDir = L:\
Property(S): Manufacturer = Capcom
Property(S): ProductCode = {43430FA2-C625-49DA-8882-351000008300}
Property(S): ProductLanguage = 0
Property(S): ProductName = Dead Rising 2: OTR
Property(S): ProductVersion = 1.0.0000.131
Property(S): UpgradeCode = {53430FA2-C625-49DA-8882-351000008300}
Property(S): LANGSELECTION = 1033
Property(S): ARPSYSTEMCOMPONENT = 1
Property(S): DefaultUIFont = WixUI_Font_Normal
Property(S): WixUI_Mode = InstallDir
Property(S): GeneratorVersion = 3.2.0197.0
Property(S): ErrorDialog = ErrorDlg
Property(S): MsiLogFileLocation = C:\ProgramData\Microsoft\GFWLive\Install\Logs\Game-msi.log
Property(S): PackageCode = {B0EB9D45-38A6-4DC5-9E30-B61ED353D6D3}
Property(S): ProductState = -1
Property(S): PackagecodeChanging = 1
Property(S): DESKTOPSHORTCUT = 0
Property(S): REBOOT = ReallySuppress
Property(S): CURRENTDIRECTORY = L:\
Property(S): CLIENTUILEVEL = 3
Property(S): MSICLIENTUSESEXTERNALUI = 1
Property(S): CLIENTPROCESSID = 1128
Property(S): CURRENTMEDIAVOLUMELABEL = DR2OR
Property(S): VersionDatabase = 200
Property(S): VersionMsi = 5.00
Property(S): VersionNT = 601
Property(S): WindowsBuild = 7601
Property(S): ServicePackLevel = 1
Property(S): ServicePackLevelMinor = 0
Property(S): MsiNTProductType = 1
Property(S): WindowsFolder = C:\Windows\
Property(S): WindowsVolume = C:\
Property(S): SystemFolder = C:\Windows\system32\
Property(S): System16Folder = C:\Windows\system\
Property(S): RemoteAdminTS = 1
Property(S): TempFolder = C:\Users\JAMESB~1\AppData\Local\Temp\
Property(S): CommonFilesFolder = C:\Program Files\Common Files\
Property(S): AppDataFolder = C:\Users\James Bond\AppData\Roaming\
Property(S): FavoritesFolder = C:\Users\James Bond\Favorites\
Property(S): NetHoodFolder = C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\Network Shortcuts\
Property(S): PersonalFolder = C:\Users\James Bond\Documents\
Property(S): PrintHoodFolder = C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\Printer Shortcuts\
Property(S): RecentFolder = C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\Recent\
Property(S): SendToFolder = C:\Users\James Bond\AppData\Roaming\Microsoft\Windows\SendTo\
Property(S): TemplateFolder = C:\ProgramData\Microsoft\Windows\Templates\
Property(S): LocalAppDataFolder = C:\Users\James Bond\AppData\Local\
Property(S): MyPicturesFolder = C:\Users\James Bond\Pictures\
Property(S): AdminToolsFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\
Property(S): StartupFolder = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Property(S): StartMenuFolder = C:\ProgramData\Microsoft\Windows\Start Menu\
Property(S): FontsFolder = C:\Windows\Fonts\
Property(S): GPTSupport = 1
Property(S): OLEAdvtSupport = 1
Property(S): ShellAdvtSupport = 1
Property(S): Intel = 6
Property(S): PhysicalMemory = 2047
Property(S): VirtualMemory = 2705
Property(S): AdminUser = 1
Property(S): MsiTrueAdminUser = 1
Property(S): LogonUser = James Bond
Property(S): UserSID = S-1-5-21-3969571550-3735532996-2681142998-1000
Property(S): UserLanguageID = 1031
Property(S): ComputerName = JAMESBOND-PC
Property(S): SystemLanguageID = 1031
Property(S): ScreenX = 1024
Property(S): ScreenY = 768
Property(S): CaptionHeight = 22
Property(S): BorderTop = 1
Property(S): BorderSide = 1
Property(S): TextHeight = 16
Property(S): TextInternalLeading = 3
Property(S): ColorBits = 32
Property(S): TTCSupport = 1
Property(S): Time = 13:30:39
Property(S): Date = 01.09.2013
Property(S): MsiNetAssemblySupport = 4.0.30319.1
Property(S): MsiWin32AssemblySupport = 6.1.7601.17514
Property(S): RedirectedDllSupport = 2
Property(S): MsiRunningElevated = 1
Property(S): Privileged = 1
Property(S): USERNAME = James Bond
Property(S): DATABASE = C:\Windows\Installer\30fdde.msi
Property(S): OriginalDatabase = L:\Game.msi
Property(S): UILevel = 2
Property(S): MsiUISourceResOnly = 1
Property(S): ACTION = INSTALL
Property(S): ROOTDRIVE = C:\
Property(S): CostingComplete = 1
Property(S): OutOfDiskSpace = 0
Property(S): OutOfNoRbDiskSpace = 0
Property(S): PrimaryVolumeSpaceAvailable = 0
Property(S): PrimaryVolumeSpaceRequired = 0
Property(S): PrimaryVolumeSpaceRemaining = 0
Property(S): INSTALLLEVEL = 1
Property(S): SOURCEDIR = L:\
Property(S): SourcedirProduct = {43430FA2-C625-49DA-8882-351000008300}
Property(S): ProductToBeRegistered = 1
MSI (s) (44:74) [13:30:39:230]: Product: Dead Rising 2: OTR -- Installation failed.
MSI (s) (44:74) [13:30:39:277]: Das Produkt wurde durch Windows Installer installiert. Produktname: Dead Rising 2: OTR. Produktversion: 1.0.0000.131. Produktsprache: 0. Hersteller: Capcom. Erfolg- bzw. Fehlerstatus der Installation: 1603.
=== Logging stopped: 01.09.2013 13:30:39 ===
Code:
ATTFilter -------------------------------
Logging Started: 09/01/2013 13:27:52
Source Folder: L:\
OS v6.1 Service Pack 1 (build 7601) 32 bit
OS Product Type: 0x00000001
User Default LCID: 0x0407
-------------------------------
(13:27:52) Initialized
(13:27:54) Loading L:\xliveinstall.dll
(13:27:54) Resources initialized
(13:28:02) Create Desktop Shortcut: 0
(13:28:02) Create Start Menu Shortcut: 0
(13:28:02) Install Folder: C:\Games
(13:28:02) LCID: 0x0409
(13:28:02) Install Started
(13:28:02) Language Choice: 0x00000409
(13:28:03) Passed EULA
(13:28:07) Passed ProductKey
(13:28:07) Install Start Notification
(13:28:07) Verifying 0MB of 6207MB (0%)
(13:28:07) Verifying 0MB of 6207MB (0%)
(13:28:07) Verifying 1MB of 6207MB (0%)
(13:28:07) Verifying 2MB of 6207MB (0%)
(13:28:07) Verifying 7MB of 6207MB (0%)
(13:28:07) Verifying 77MB of 6207MB (0%)
(13:28:10) Progress 20%
(13:28:10) Progress 21%
(13:28:10) Progress 22%
(13:28:10) Progress 23%
(13:28:10) Progress 24%
(13:28:10) Progress 25%
(13:28:10) Progress 26%
(13:28:12) Progress 27%
(13:28:12) Progress 26%
(13:28:12) Progress 28%
(13:30:37) The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
(13:30:37) The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
(13:30:38) Progress 40%
(13:30:38) Progress 39%
(13:30:38) Progress 38%
(13:30:39) InstallProduct Error: 0x80070643
(13:30:39) The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
Code:
ATTFilter -------------------------------
Logging Started: 09/01/2013 13:27:54
EXE: L:\Setup.exe (0.0.0.0)
DLL: L:\xliveinstall.dll (3.2.6.0)
Source Folder: L:\
OS v6.1 Service Pack 1 (build 7601) 32 bit
OS Product Type: 0x00000001
User Default LCID: 0x0407
-------------------------------
(13:27:54) IsMainPackageInstalled INSTALLSTATE:-1
(13:28:02) Installing L:\ to C:\Games. Flags: 0x00000000
(13:28:02) Parsed L:\ChainInstall.xml from L:\ [Code:0x00000000]
(13:28:02) Languages: 6 Selected:0x00000409 [Code:0x00000000]
(13:28:03) EULAs: 1 [Code:0x00000000]
(13:28:07) ProductKey [Code:0x00000000]
(13:28:07) Prompt result [Code:0x00000000]
(13:28:07) Verifying 75 files
(13:28:07) Verified file 32: L:\DirectX\DSETUP.dll
(13:28:07) Verified file 33: L:\DirectX\dsetup32.dll
(13:28:07) Verified file 36: L:\DirectX\DXSETUP.exe
(13:28:07) Verified file 74: L:\VCRedist\vcredist_x86.exe
(13:28:09) Verified file 75: L:\GFWL\Gfwlivesetup.exe
(13:28:09) Verified files [Code:0x00000000]
(13:28:09) Stage 0: Start
(13:28:09) MSI Package: L:\Game.msi. Target: C:\Games
(13:28:09) MSI log file: C:\ProgramData\Microsoft\GFWLive\Install\Logs\Game-msi.log
(13:28:09) MSI Properties: DESKTOPSHORTCUT="0" APPLICATIONROOTDIRECTORY="C:\Games" ENABLEREPAIR="1" REBOOT="ReallySuppress"
(13:30:37) MsgType:16777216 Message:The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. [Code:0x80070537]
(13:30:37) Stage 0: Error. Reason:INSTALLMESSAGE [Code:0x80070537] Msg:The cabinet file 'Media1.cab' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package.
(13:30:39) MsiInstallProduct L:\Game.msi DESKTOPSHORTCUT="0" APPLICATIONROOTDIRECTORY="C:\Games" ENABLEREPAIR="1" REBOOT="ReallySuppress" [Code:0x80070643]
(13:30:39) Stage 0: Error. Reason:Execute [Code:0x80070643] Msg:
(13:30:39) Stage 0: Error. Reason:Generic 2 [Code:0x80070643] Msg:
(13:30:39) Stage 0: Error. Reason:Generic 3 [Code:0x80070643] Msg:
(13:30:39) Installation failed [Code:0x80070643]
(13:30:39) Install Complete [Code:0x80070643]
(13:30:39) Stage 0: Error. Reason:Install [Code:0x80070643] Msg:
(13:30:39) Stage 0: Error. Reason:Generic 1 [Code:0x80070643] Msg:
(13:30:39) InstallProduct exit [Code:0x80070643]
"Es ist ein Fehler aufgetreten. Fehlercode: 0x800b0100" mit zwei logs setupexe.log Code:
ATTFilter -------------------------------
Logging Started: 09/01/2013 13:43:44
Source Folder: C:\Users\James Bond\Desktop\Neuer Ordner (2)
OS v6.1 Service Pack 1 (build 7601) 32 bit
OS Product Type: 0x00000001
User Default LCID: 0x0407
-------------------------------
(13:43:44) Initialized
(13:43:44) Loading C:\Users\James Bond\Desktop\Neuer Ordner (2)\xliveinstall.dll
(13:43:45) Resources initialized
(13:43:53) Create Desktop Shortcut: 0
(13:43:53) Create Start Menu Shortcut: 0
(13:43:53) Install Folder: C:\Games
(13:43:53) LCID: 0x0409
(13:43:53) Install Started
(13:43:53) Language Choice: 0x00000409
(13:43:54) Passed EULA
(13:43:57) Passed ProductKey
(13:43:57) Install Start Notification
(13:43:57) Verifying 0MB of 6207MB (0%)
(13:43:57) Verifying 1594MB of 6207MB (5%)
(13:43:57) Progress 5%
(13:44:25) Ein Fehler ist aufgetreten. Fehlercode: 0x800b0100
(13:44:25) Ein Fehler ist aufgetreten. Fehlercode: 0x800b0100
(13:44:25) InstallProduct Error: 0x800b0100
Code:
ATTFilter -------------------------------
Logging Started: 09/01/2013 13:43:45
EXE: C:\Users\James Bond\Desktop\Neuer Ordner (2)\Setup.exe (0.0.0.0)
DLL: C:\Users\James Bond\Desktop\Neuer Ordner (2)\xliveinstall.dll (3.2.6.0)
Source Folder: C:\Users\James Bond\Desktop\Neuer Ordner (2)
OS v6.1 Service Pack 1 (build 7601) 32 bit
OS Product Type: 0x00000001
User Default LCID: 0x0407
-------------------------------
(13:43:45) IsMainPackageInstalled INSTALLSTATE:-1
(13:43:53) Installing C:\Users\James Bond\Desktop\Neuer Ordner (2) to C:\Games. Flags: 0x00000000
(13:43:53) Parsed C:\Users\James Bond\Desktop\Neuer Ordner (2)\ChainInstall.xml from C:\Users\James Bond\Desktop\Neuer Ordner (2) [Code:0x00000000]
(13:43:53) Languages: 6 Selected:0x00000409 [Code:0x00000000]
(13:43:54) EULAs: 1 [Code:0x00000000]
(13:43:57) ProductKey [Code:0x00000000]
(13:43:57) Prompt result [Code:0x00000000]
(13:43:57) Verifying 75 files
(13:44:25) Verifying C:\Users\James Bond\Desktop\Neuer Ordner (2)\Media1.cab failed [Code:0x80073602]
(13:44:25) File 'C:\Users\James Bond\Desktop\Neuer Ordner (2)\Media1.cab' was not signed correctly or its contents are invalid.
(13:44:25) Verified files [Code:0x800b0100]
(13:44:25) Stage 0: Error. Reason:Install [Code:0x800b0100] Msg:
(13:44:25) Stage 0: Error. Reason:Generic 1 [Code:0x800b0100] Msg:
(13:44:25) InstallProduct exit [Code:0x800b0100]
|
|
01.09.2013, 16:43
| #14 |
| /// the machine /// TB-Ausbilder | paar probleme mit maleware und adware Downloade dir bitte Windows Repair (All In One) von hier.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
