| |
| |||||||
Log-Analyse und Auswertung: Minimierung einiger FensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
06.08.2013, 19:37
| #1 |
 |  Minimierung einiger Fenster habe die vermutung das ich einen Virus auf meinem Rechner habe. Ich komme dazu, weil wenn ich "vollbild" Spiele spiele schließen sie sich in unregelmäßigen abständen minimieren Ich habe Windows 7 professional ; Service Pack 1; 32 bit version Grafikkarte: Nvidia Gforce GTX 550 Ti Prozessor: AMD Athlon II X4 640 Processor Motherboard: Asus M4A77T/USB3 OTL Logfile: Code:
ATTFilter OTL logfile created on: 06.08.2013 16:34:27 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\tim\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 2,32 Gb Available Physical Memory | 71,36% Memory free 6,49 Gb Paging File | 4,75 Gb Available in Paging File | 73,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 53,61 Gb Total Space | 10,02 Gb Free Space | 18,68% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 280,61 Gb Free Space | 71,84% Space Free | Partition Type: NTFS Drive E: | 487,17 Gb Total Space | 482,91 Gb Free Space | 99,12% Space Free | Partition Type: NTFS Drive G: | 100,00 Mb Total Space | 71,51 Mb Free Space | 71,51% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.08.06 16:33:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\tim\Downloads\OTL.exe PRC - [2013.07.25 02:49:49 | 000,846,288 | ---- | M] (Google Inc.) -- C:\Programme\Google\Chrome\Application\chrome.exe PRC - [2013.06.27 13:40:35 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2013.06.27 13:40:19 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2013.06.27 13:39:54 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2013.06.27 13:39:54 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- D:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2013.06.01 09:30:10 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2013.01.26 07:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\tim\AppData\Local\Akamai\netsession_win.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2012.07.17 14:49:00 | 000,194,304 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.08.04 17:08:56 | 000,593,032 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEUPDT.EXE PRC - [2011.08.04 17:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011.03.14 19:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () -- C:\Programme\Canon\IJPLM\ijplmsvc.exe PRC - [2011.01.16 17:04:04 | 000,803,432 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\NvXDSync.exe PRC - [2011.01.16 16:13:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:56 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmplayer.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.11.20 14:17:36 | 000,179,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\schtasks.exe PRC - [2010.11.20 14:17:00 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe PRC - [2010.05.24 11:10:34 | 001,683,360 | R--- | M] (VIA) -- C:\Programme\VIA\VIAudioi\VDeck\VDeck.exe PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Programme\DeviceVM\Browser Configuration Utility\BCU.exe PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\EPU-4 Engine\FourEngine.exe PRC - [2010.01.22 12:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Programme\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2003.04.17 08:54:16 | 000,012,288 | ---- | M] () -- D:\Programme\Winamp\winampa.exe ========== Modules (No Company Name) ========== MOD - [2013.07.25 02:49:46 | 000,396,240 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.95\ppgooglenaclpluginchrome.dll MOD - [2013.07.25 02:49:44 | 004,052,944 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.95\pdf.dll MOD - [2013.07.25 02:48:54 | 000,601,552 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.95\libglesv2.dll MOD - [2013.07.25 02:48:53 | 000,123,344 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.95\libegl.dll MOD - [2013.07.25 02:48:51 | 001,597,392 | ---- | M] () -- C:\Programme\Google\Chrome\Application\28.0.1500.95\ffmpegsumo.dll MOD - [2010.05.24 11:10:38 | 000,098,720 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\VMicApi.dll MOD - [2010.05.24 11:10:32 | 064,661,408 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\skin.dll MOD - [2010.05.24 11:10:30 | 000,078,240 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\QsApoApi.dll MOD - [2010.05.24 11:10:28 | 000,111,008 | R--- | M] () -- C:\Programme\VIA\VIAudioi\VDeck\Dts2ApoApi.dll MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Programme\DeviceVM\Browser Configuration Utility\sqlite3.dll MOD - [2009.03.25 16:53:14 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\AsSpindownTimeout.dll MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\AiNap.dll MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\vvc.dll MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\EPU-4 Engine\pngio.dll MOD - [2003.04.17 08:54:16 | 000,012,288 | ---- | M] () -- D:\Programme\Winamp\winampa.exe ========== Services (SafeList) ========== SRV - [2013.06.27 13:40:35 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.06.27 13:39:54 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- D:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.06.03 16:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.05.28 15:05:16 | 000,163,328 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.05.27 00:28:25 | 004,467,488 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc) SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.17 14:49:00 | 001,713,904 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2012.01.23 18:19:32 | 001,858,048 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.02.07 09:56:11 | 000,138,192 | ---- | M] () [Auto | Running] -- C:\Programme\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC) SRV - [2011.01.16 16:13:52 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Programme\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService) SRV - [2009.10.20 20:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Programme\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2007.03.28 19:42:42 | 000,029,704 | ---- | M] (TuneUp Software GmbH) [Auto | Stopped] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\xhunter1.sys -- (xhunter1) DRV - File not found [Kernel | On_Demand | Running] -- C:\Windows\system32\XDva403.sys -- (XDva403) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva402.sys -- (XDva402) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\XDva401.sys -- (XDva401) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\vtany.sys -- (vtany) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\EagleXNt.sys -- (EagleXNt) DRV - [2013.06.13 14:41:27 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\apf003.sys -- (apf003) DRV - [2013.04.20 15:38:44 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2013.04.20 15:38:44 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2013.04.20 15:38:44 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2013.04.20 15:38:44 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2013.02.18 09:22:18 | 000,149,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.05.13 03:21:06 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm) DRV - [2011.05.13 03:21:06 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) DRV - [2011.05.13 03:21:06 | 000,114,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadserd.sys -- (ssadserd) DRV - [2011.05.13 03:21:06 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) DRV - [2011.05.13 03:21:04 | 000,030,312 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadadb.sys -- (androidusb) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.15 13:11:42 | 001,150,880 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV - [2010.01.22 12:21:48 | 000,139,648 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010.01.22 12:21:46 | 000,059,904 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009.10.20 20:19:44 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (NPF) DRV - [2009.08.24 00:55:32 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO) DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DA 43 1C E0 BB 3D CE 01 [binary data] IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Programme\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5CB7BCAEC5DEDEBC IE - HKCU\..\SearchScopes\{7C6607F5-8B33-4aaa-A490-5DF91FFE8B58}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms} IE - HKCU\..\SearchScopes\{D55190B2-D813-4b69-B994-68835272AACF}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.3.3.15 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.11 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9: C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.07.17 14:27:30 | 000,000,000 | ---D | M] [2013.04.20 14:22:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Extensions [2013.08.03 22:21:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\Firefox\Profiles\dps4hh4h.default\extensions [2013.07.31 11:14:55 | 000,824,302 | ---- | M] () (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\firefox\profiles\dps4hh4h.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.08.03 22:21:40 | 000,275,449 | ---- | M] () (No name found) -- C:\Users\tim\AppData\Roaming\mozilla\firefox\profiles\dps4hh4h.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.05.31 12:39:43 | 000,006,473 | ---- | M] () -- C:\Users\tim\AppData\Roaming\mozilla\firefox\profiles\dps4hh4h.default\searchplugins\babylon.xml [2013.05.31 12:39:43 | 000,006,473 | ---- | M] () -- C:\Users\tim\AppData\Roaming\mozilla\firefox\profiles\dps4hh4h.default\searchplugins\BrowserProtect.xml [2013.04.21 19:05:04 | 000,001,294 | ---- | M] () -- C:\Users\tim\AppData\Roaming\mozilla\firefox\profiles\dps4hh4h.default\searchplugins\delta.xml [2013.07.17 14:27:30 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF [2013.04.21 19:04:58 | 000,006,470 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: DealPlyLive Update (Enabled) = C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll CHR - Extension: Google Docs = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\ CHR - Extension: Google Drive = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: YouTube = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Google Mail = C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [avgnt] D:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation) O4 - HKLM..\Run: [WinampAgent] D:\Programme\Winamp\Winampa.exe () O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\tim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites) O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites) O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F84B3D99-2ABE-49C4-B79D-E08C1ADA95D3}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.08.05 22:01:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2013.08.05 22:00:47 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2013.08.05 15:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.07.31 21:22:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Z8Games [2013.07.30 21:08:53 | 000,000,000 | ---D | C] -- C:\Users\tim\Documents\MAGIX_MusicEditor [2013.07.30 21:08:50 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\Xara [2013.07.30 21:08:46 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\MAGIX [2013.07.30 21:08:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2013.07.30 21:07:23 | 000,000,000 | ---D | C] -- C:\Program Files\MAGIX [2013.07.30 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\tim\Documents\Video deluxe 2013 [2013.07.30 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\tim\Documents\MAGIX Downloads [2013.07.30 20:54:29 | 000,000,000 | ---D | C] -- C:\Users\tim\Documents\MAGIX [2013.07.30 20:54:28 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\MAGIX [2013.07.30 20:49:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Shared [2013.07.30 20:48:21 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.07.30 20:48:19 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2013.07.30 20:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2013.07.30 20:07:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps [2013.07.30 12:03:48 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\tante anna [2013.07.29 17:33:04 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\OpenOffice [2013.07.29 17:32:41 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.0.0 [2013.07.29 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\tim\redist [2013.07.29 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\tim\readmes [2013.07.29 17:30:48 | 000,000,000 | ---D | C] -- C:\Users\tim\licenses [2013.07.25 19:16:20 | 000,000,000 | ---D | C] -- C:\Users\tim\Documents\My Cheat Tables [2013.07.25 19:15:11 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\DealPlyLive [2013.07.25 19:15:09 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\Google [2013.07.25 19:15:09 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.07.24 18:11:17 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Dragons-Empire [2013.07.21 22:05:54 | 000,000,000 | ---D | C] -- C:\Program Files\MySQL [2013.07.21 22:05:48 | 000,000,000 | ---D | C] -- C:\Stormblade [2013.07.19 19:10:25 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\PunkBuster [2013.07.19 18:10:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya [2013.07.19 18:05:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Solid State Networks [2013.07.18 08:49:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\League of Legends [2013.07.18 07:56:17 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Riot Games [2013.07.17 22:22:19 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT [2013.07.17 20:56:26 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Just Aion Launcher [2013.07.17 20:41:54 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\Chromium [2013.07.17 15:09:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gameforge [2013.07.17 15:09:48 | 000,000,000 | ---D | C] -- C:\Program Files\Gameforge [2013.07.17 14:41:14 | 000,000,000 | ---D | C] -- C:\Users\tim\Desktop\rap [2013.07.17 14:27:38 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\DVDVideoSoftIEHelpers [2013.07.17 14:27:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2013.07.17 14:27:26 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\OpenCandy [2013.07.17 14:27:26 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\DVDVideoSoft [2013.07.17 14:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2013.07.16 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\SWTORPerf [2013.07.16 17:11:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BioWare [2013.07.16 15:32:52 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\Ubisoft [2013.07.16 15:32:50 | 000,000,000 | -HSD | C] -- C:\Users\tim\wc [2013.07.16 15:32:49 | 000,000,000 | -HSD | C] -- C:\Users\tim\AppData\Roaming\wyUpdate AU [2013.07.14 20:12:09 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJ [2013.07.14 20:10:49 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM [2013.07.14 20:10:25 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX [2013.07.14 20:10:24 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan [2013.07.14 20:10:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2 [2013.07.14 20:10:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP [2013.07.14 20:09:55 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter [2013.07.14 20:07:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Benutzerregistrierung [2013.07.14 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Roaming\Canon [2013.07.14 20:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series [2013.07.14 20:04:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON [2013.07.14 20:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt [2013.07.14 20:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.07.14 20:03:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5300 series Manual [2013.07.14 20:02:10 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ [2013.07.14 20:02:00 | 000,035,328 | ---- | C] (CANON INC.) -- C:\Windows\System32\CNMNPUI.DLL [2013.07.14 20:02:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\STRING [2013.07.14 20:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\Canon [2013.07.11 22:06:13 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.07.11 22:06:12 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.07.11 22:06:12 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.07.11 22:06:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.07.11 22:06:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.07.11 22:06:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.07.11 22:06:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.07.11 22:06:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.07.11 22:06:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.07.11 22:06:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.07.11 16:59:34 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.07.11 16:59:33 | 001,620,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVDECOD.DLL [2013.07.11 16:59:31 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.07.11 16:59:30 | 000,509,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qedit.dll [2013.07.09 17:45:43 | 000,000,000 | ---D | C] -- C:\Users\tim\AppData\Local\Paint.NET ========== Files - Modified Within 30 Days ========== [2013.08.06 16:21:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.06 16:20:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job [2013.08.06 16:15:00 | 000,000,282 | ---- | M] () -- C:\Windows\tasks\Dealply.job [2013.08.06 16:05:04 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.06 15:49:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.06 13:20:36 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.06 13:20:36 | 000,014,032 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.06 13:15:34 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.06 13:15:21 | 2615,808,000 | -HS- | M] () -- C:\hiberfil.sys [2013.08.05 23:31:24 | 000,000,928 | ---- | M] () -- C:\Users\tim\Desktop\Royalsstar.lnk [2013.08.05 22:01:45 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.08.05 15:46:07 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.08.04 11:24:32 | 000,000,983 | ---- | M] () -- C:\Users\tim\Desktop\Akimura2.lnk [2013.08.02 17:15:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job [2013.07.31 21:22:47 | 000,000,790 | ---- | M] () -- C:\Users\tim\Desktop\CrossFire.lnk [2013.07.31 09:29:26 | 000,544,648 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.07.30 21:08:49 | 000,120,200 | ---- | M] () -- C:\Windows\System32\DLLDEV32i.dll [2013.07.30 21:08:46 | 000,000,857 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk [2013.07.30 20:07:23 | 000,000,551 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.07.30 19:50:21 | 000,004,509 | ---- | M] () -- C:\Users\tim\AppData\Roaming\CamStudio.cfg [2013.07.30 19:50:21 | 000,000,408 | ---- | M] () -- C:\Users\tim\AppData\Roaming\CamShapes.ini [2013.07.30 19:50:21 | 000,000,408 | ---- | M] () -- C:\Users\tim\AppData\Roaming\CamLayout.ini [2013.07.30 19:50:21 | 000,000,096 | ---- | M] () -- C:\Users\tim\AppData\Roaming\Camdata.ini [2013.07.30 13:33:40 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.07.30 13:33:40 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.07.30 13:33:40 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.07.30 13:33:40 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.07.30 11:08:37 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.07.30 11:08:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.07.29 18:02:04 | 000,016,727 | ---- | M] () -- C:\Users\tim\Desktop\Unbenannt 1.odt [2013.07.29 17:32:41 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk [2013.07.21 22:05:54 | 000,000,232 | ---- | M] () -- C:\Windows\ODBCINST.INI [2013.07.19 20:01:33 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.07.19 20:01:25 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2013.07.19 20:01:17 | 000,234,768 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.07.19 19:06:18 | 000,138,056 | ---- | M] () -- C:\Users\tim\AppData\Roaming\PnkBstrK.sys [2013.07.18 08:49:31 | 000,001,497 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013.07.17 14:27:32 | 000,000,956 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.07.16 15:42:32 | 152,126,245 | ---- | M] () -- C:\Users\tim\openoffice1.cab [2013.07.16 15:40:58 | 002,269,184 | ---- | M] () -- C:\Users\tim\openoffice400.msi [2013.07.16 15:40:58 | 000,475,136 | ---- | M] () -- C:\Users\tim\setup.exe [2013.07.16 15:40:58 | 000,000,279 | ---- | M] () -- C:\Users\tim\setup.ini [2013.07.14 20:07:23 | 000,002,025 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2013.07.09 17:59:32 | 000,024,239 | ---- | M] () -- C:\Users\tim\Desktop\Diamond.jpg ========== Files Created - No Company Name ========== [2013.08.05 23:31:24 | 000,000,928 | ---- | C] () -- C:\Users\tim\Desktop\Royalsstar.lnk [2013.08.05 22:01:45 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.08.05 22:00:54 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.05 22:00:52 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.05 15:46:07 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.08.03 18:43:43 | 000,000,983 | ---- | C] () -- C:\Users\tim\Desktop\Akimura2.lnk [2013.07.31 21:22:47 | 000,000,790 | ---- | C] () -- C:\Users\tim\Desktop\CrossFire.lnk [2013.07.30 21:08:46 | 000,000,857 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk [2013.07.30 20:07:23 | 000,000,551 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk [2013.07.30 01:01:46 | 000,000,408 | ---- | C] () -- C:\Users\tim\AppData\Roaming\CamShapes.ini [2013.07.30 01:01:46 | 000,000,408 | ---- | C] () -- C:\Users\tim\AppData\Roaming\CamLayout.ini [2013.07.30 01:01:46 | 000,000,096 | ---- | C] () -- C:\Users\tim\AppData\Roaming\Camdata.ini [2013.07.29 20:20:15 | 000,004,509 | ---- | C] () -- C:\Users\tim\AppData\Roaming\CamStudio.cfg [2013.07.29 18:02:02 | 000,016,727 | ---- | C] () -- C:\Users\tim\Desktop\Unbenannt 1.odt [2013.07.29 17:32:41 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk [2013.07.25 19:15:19 | 000,000,888 | ---- | C] () -- C:\Windows\tasks\DealPlyLiveUpdateTaskMachineUA.job [2013.07.25 19:15:09 | 000,000,282 | ---- | C] () -- C:\Windows\tasks\Dealply.job [2013.07.21 22:05:54 | 000,000,232 | ---- | C] () -- C:\Windows\ODBCINST.INI [2013.07.19 19:11:34 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.xtr [2013.07.19 19:06:18 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2013.07.19 19:06:17 | 000,138,056 | ---- | C] () -- C:\Users\tim\AppData\Roaming\PnkBstrK.sys [2013.07.19 19:05:54 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2013.07.19 19:05:54 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.ex0 [2013.07.19 19:05:51 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2013.07.18 08:49:31 | 000,001,497 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk [2013.07.17 14:27:32 | 000,000,956 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk [2013.07.16 15:42:32 | 152,126,245 | ---- | C] () -- C:\Users\tim\openoffice1.cab [2013.07.16 15:40:58 | 002,269,184 | ---- | C] () -- C:\Users\tim\openoffice400.msi [2013.07.16 15:40:58 | 000,475,136 | ---- | C] () -- C:\Users\tim\setup.exe [2013.07.16 15:40:58 | 000,000,279 | ---- | C] () -- C:\Users\tim\setup.ini [2013.07.14 20:04:51 | 000,002,025 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk [2013.07.09 17:59:26 | 000,024,239 | ---- | C] () -- C:\Users\tim\Desktop\Diamond.jpg [2013.06.13 14:41:27 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys [2013.06.13 14:41:27 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys [2013.04.23 18:08:28 | 000,000,745 | ---- | C] () -- C:\Windows\CoD.INI [2013.04.21 20:54:23 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2013.04.21 19:02:04 | 000,000,095 | ---- | C] () -- C:\Windows\winamp.ini [2013.04.20 13:57:41 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll [2013.04.20 13:57:41 | 000,011,296 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys [2013.04.20 13:57:39 | 000,011,832 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys [2013.04.20 13:57:39 | 000,010,216 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys [2013.04.20 13:52:12 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini [2013.04.20 13:52:08 | 000,032,040 | ---- | C] () -- C:\Windows\Ascd_tmp.ini ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
|
06.08.2013, 19:37
| #2 |
| /// the machine /// TB-Ausbilder    | Minimierung einiger Fenster hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.08.2013, 19:46
| #3 |
| | Minimierung einiger Fenster FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-08-2013
Ran by tim (administrator) on 06-08-2013 20:44:30
Running from C:\Users\tim\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
(DeviceVM, Inc.) C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe
() D:\Programme\Winamp\winampa.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PnkBstrA.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmplayer.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Akamai Technologies, Inc.) C:\Users\tim\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\tim\AppData\Local\Akamai\netsession_win.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [BCU] - C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe [411864 2010-03-05] (DeviceVM, Inc.)
HKLM\...\Run: [WinampAgent] - D:\Programme\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-20] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\tim\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: SearchHook Class - {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5CB7BCAEC5DEDEBC
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=5CB7BCAEC5DEDEBC
SearchScopes: HKCU - {D55190B2-D813-4b69-B994-68835272AACF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default
FF user.js: detected! => C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=3 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.dpliveupdate.com/DealPlyLive Update;version=9 - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF Extension: No Name - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: No Name - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
Chrome:
=======
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DealPlyLive Update) - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Extension: (Google Docs) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [235752 2010-03-05] (DeviceVM, Inc.)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4467488 2013-05-27] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-19] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-06-13] ()
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-20] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2010-05-15] (VIA Technologies, Inc.)
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [x]
S3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-06 20:43 - 2013-08-06 20:44 - 01228808 _____ (Farbar) C:\Users\tim\Downloads\FRST.exe
2013-08-06 17:20 - 2013-08-06 17:20 - 00000000 ____D C:\Users\tim\Desktop\OTL
2013-08-05 22:01 - 2013-08-05 22:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-05 22:00 - 2013-08-06 20:05 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 22:00 - 2013-08-06 17:22 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 22:00 - 2013-08-05 22:01 - 00000000 ____D C:\Program Files\Google
2013-08-05 15:46 - 2013-08-05 15:46 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-03 18:43 - 2013-08-04 11:24 - 00000983 _____ C:\Users\tim\Desktop\Akimura2.lnk
2013-07-31 21:52 - 2013-07-31 21:52 - 00257598 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-31 21:22 - 2013-07-31 21:22 - 00000790 _____ C:\Users\tim\Desktop\CrossFire.lnk
2013-07-30 21:08 - 2013-07-31 21:22 - 00000000 ____D C:\Users\tim\Documents\MAGIX_MusicEditor
2013-07-30 21:08 - 2013-07-30 21:08 - 00000857 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\AppData\Local\Xara
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-07-30 21:07 - 2013-07-30 21:07 - 00000000 ____D C:\Program Files\MAGIX
2013-07-30 20:54 - 2013-07-31 21:22 - 00000000 ____D C:\Users\tim\AppData\Roaming\MAGIX
2013-07-30 20:54 - 2013-07-30 21:09 - 00000000 ____D C:\Users\tim\Documents\MAGIX
2013-07-30 20:54 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\Video deluxe 2013
2013-07-30 20:49 - 2013-07-30 20:49 - 00000000 ____D C:\Program Files\Common Files\MAGIX Shared
2013-07-30 20:48 - 2013-07-31 21:22 - 00000000 ____D C:\ProgramData\MAGIX
2013-07-30 20:48 - 2013-07-30 21:07 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-07-30 20:48 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-30 20:07 - 2013-07-30 20:07 - 00000551 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-07-30 12:03 - 2013-07-30 12:05 - 00000000 ____D C:\Users\tim\Desktop\tante anna
2013-07-30 01:01 - 2013-07-30 19:50 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamShapes.ini
2013-07-30 01:01 - 2013-07-30 19:50 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamLayout.ini
2013-07-30 01:01 - 2013-07-30 19:50 - 00000096 _____ C:\Users\tim\AppData\Roaming\Camdata.ini
2013-07-29 20:20 - 2013-07-30 19:50 - 00004509 _____ C:\Users\tim\AppData\Roaming\CamStudio.cfg
2013-07-29 18:02 - 2013-07-29 18:02 - 00016727 _____ C:\Users\tim\Desktop\Unbenannt 1.odt
2013-07-29 17:33 - 2013-07-29 17:33 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenOffice
2013-07-29 17:32 - 2013-07-29 17:32 - 00000737 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\redist
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\readmes
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\licenses
2013-07-25 19:16 - 2013-07-25 19:16 - 00000000 ____D C:\Users\tim\Documents\My Cheat Tables
2013-07-25 19:15 - 2013-08-06 20:20 - 00000888 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-07-25 19:15 - 2013-08-06 20:19 - 00000282 _____ C:\Windows\Tasks\Dealply.job
2013-07-25 19:15 - 2013-08-05 22:00 - 00000000 ____D C:\Users\tim\AppData\Local\Google
2013-07-25 19:15 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-25 19:15 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Local\DealPlyLive
2013-07-24 18:11 - 2013-07-24 19:18 - 00000000 ____D C:\Users\tim\AppData\Roaming\Dragons-Empire
2013-07-21 22:05 - 2013-07-24 13:07 - 00000000 ____D C:\Stormblade
2013-07-21 22:05 - 2013-07-21 22:05 - 00000232 _____ C:\Windows\ODBCINST.INI
2013-07-21 22:05 - 2013-07-21 22:05 - 00000000 ____D C:\Program Files\MySQL
2013-07-19 19:11 - 2013-07-19 20:01 - 00282104 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Users\tim\AppData\Local\PunkBuster
2013-07-19 19:06 - 2013-07-19 20:01 - 00139424 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-19 19:06 - 2013-07-19 19:06 - 00138056 _____ C:\Users\tim\AppData\Roaming\PnkBstrK.sys
2013-07-19 19:05 - 2013-07-19 20:01 - 00282104 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-19 19:05 - 2013-07-19 20:01 - 00234768 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-19 19:05 - 2013-07-19 19:15 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-19 18:05 - 2013-07-19 18:13 - 00000000 ____D C:\ProgramData\Solid State Networks
2013-07-18 08:49 - 2013-07-18 08:49 - 00001497 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-18 07:56 - 2013-07-18 08:49 - 00000000 ____D C:\Users\tim\AppData\Roaming\Riot Games
2013-07-17 22:22 - 2013-07-17 22:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 20:56 - 2013-07-17 21:18 - 00000000 ____D C:\Users\tim\AppData\Roaming\Just Aion Launcher
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Users\tim\AppData\Local\Chromium
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\Program Files\Gameforge
2013-07-17 14:41 - 2013-07-18 07:23 - 00000000 ____D C:\Users\tim\Desktop\rap
2013-07-17 14:27 - 2013-07-17 14:28 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoft
2013-07-17 14:27 - 2013-07-17 14:27 - 00000956 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenCandy
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-16 17:12 - 2013-07-16 17:12 - 00000000 ____D C:\Users\tim\AppData\Local\SWTORPerf
2013-07-16 17:11 - 2013-07-17 07:17 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-07-16 17:09 - 2013-07-16 17:09 - 00000000 ____D C:\Users\hedev
2013-07-16 15:42 - 2013-07-16 15:42 - 152126245 _____ C:\Users\tim\openoffice1.cab
2013-07-16 15:40 - 2013-07-16 15:40 - 02269184 _____ C:\Users\tim\openoffice400.msi
2013-07-16 15:40 - 2013-07-16 15:40 - 00475136 _____ C:\Users\tim\setup.exe
2013-07-16 15:40 - 2013-07-16 15:40 - 00000279 _____ C:\Users\tim\setup.ini
2013-07-16 15:32 - 2013-07-16 15:35 - 00000000 ____D C:\Users\tim\AppData\Local\Ubisoft
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\wc
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\AppData\Roaming\wyUpdate AU
2013-07-14 20:12 - 2013-07-14 20:12 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-14 20:10 - 2013-08-01 02:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-07-14 20:09 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-07-14 20:07 - 2013-07-14 20:10 - 00000000 ____D C:\Users\tim\AppData\Roaming\Canon
2013-07-14 20:04 - 2013-07-14 20:07 - 00002025 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-14 20:04 - 2013-07-14 20:07 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-14 20:04 - 2013-07-14 20:04 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-14 20:02 - 2011-02-01 10:23 - 00035328 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2013-07-14 20:00 - 2013-07-14 20:12 - 00000000 ____D C:\Program Files\Canon
2013-07-11 22:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 16:59 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:59 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:59 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:45 - 2013-07-09 18:00 - 00000000 ____D C:\Users\tim\AppData\Local\Paint.NET
2013-07-07 07:58 - 2013-07-07 07:58 - 00000000 ____D C:\Windows\system32\Settings
119
==================== One Month Modified Files and Folders =======
2013-08-06 20:44 - 2013-08-06 20:44 - 00000000 ____D C:\FRST
2013-08-06 20:44 - 2013-08-06 20:43 - 01228808 _____ (Farbar) C:\Users\tim\Downloads\FRST.exe
2013-08-06 20:39 - 2009-07-14 06:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-06 20:39 - 2009-07-14 06:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-06 20:30 - 2013-06-12 19:17 - 00000000 ____D C:\Users\tim\AppData\Local\Akamai
2013-08-06 20:21 - 2013-04-21 09:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-06 20:20 - 2013-07-25 19:15 - 00000888 _____ C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job
2013-08-06 20:19 - 2013-07-25 19:15 - 00000282 _____ C:\Windows\Tasks\Dealply.job
2013-08-06 20:19 - 2013-04-20 14:11 - 00000000 ____D C:\Users\tim\AppData\Local\PMB Files
2013-08-06 20:19 - 2013-04-20 14:11 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-06 20:05 - 2013-08-05 22:00 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-06 17:25 - 2013-04-20 13:30 - 01610579 _____ C:\Windows\WindowsUpdate.log
2013-08-06 17:22 - 2013-08-05 22:00 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-06 17:22 - 2013-06-09 08:19 - 00046612 _____ C:\Windows\PFRO.log
2013-08-06 17:22 - 2013-06-01 09:04 - 00011173 _____ C:\Windows\setupact.log
2013-08-06 17:22 - 2013-04-20 13:45 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-06 17:22 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-06 17:20 - 2013-08-06 17:20 - 00000000 ____D C:\Users\tim\Desktop\OTL
2013-08-05 22:09 - 2013-07-03 16:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-05 22:01 - 2013-08-05 22:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-05 22:01 - 2013-08-05 22:00 - 00000000 ____D C:\Program Files\Google
2013-08-05 22:00 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Local\Google
2013-08-05 16:38 - 2013-06-18 05:53 - 00000000 ____D C:\Users\tim\AppData\Roaming\File Scout
2013-08-05 15:46 - 2013-08-05 15:46 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-04 11:24 - 2013-08-03 18:43 - 00000983 _____ C:\Users\tim\Desktop\Akimura2.lnk
2013-08-02 17:15 - 2013-04-21 15:55 - 00000348 _____ C:\Windows\Tasks\1-Klick-Wartung.job
2013-08-01 02:34 - 2013-07-14 20:10 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-31 21:52 - 2013-07-31 21:52 - 00257598 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-31 21:22 - 2013-07-31 21:22 - 00000790 _____ C:\Users\tim\Desktop\CrossFire.lnk
2013-07-31 21:22 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\Documents\MAGIX_MusicEditor
2013-07-31 21:22 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\AppData\Roaming\MAGIX
2013-07-31 21:22 - 2013-07-30 20:48 - 00000000 ____D C:\ProgramData\MAGIX
2013-07-31 09:29 - 2009-07-14 06:33 - 00544648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-30 23:27 - 2013-04-20 14:00 - 00163056 _____ C:\Users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 21:09 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\MAGIX
2013-07-30 21:08 - 2013-07-30 21:08 - 00000857 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\AppData\Local\Xara
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-07-30 21:08 - 2007-04-27 10:43 - 00120200 _____ () C:\Windows\system32\DLLDEV32i.dll
2013-07-30 21:07 - 2013-07-30 21:07 - 00000000 ____D C:\Program Files\MAGIX
2013-07-30 21:07 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-07-30 20:59 - 2013-04-20 18:31 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TP-LINK
2013-07-30 20:59 - 2013-04-20 18:31 - 00000000 ____D C:\Program Files\TP-LINK
2013-07-30 20:58 - 2013-06-29 12:41 - 00000000 ____D C:\Program Files\GameforgeLive
2013-07-30 20:54 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\Video deluxe 2013
2013-07-30 20:49 - 2013-07-30 20:49 - 00000000 ____D C:\Program Files\Common Files\MAGIX Shared
2013-07-30 20:48 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-30 20:07 - 2013-07-30 20:07 - 00000551 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-07-30 19:50 - 2013-07-30 01:01 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamShapes.ini
2013-07-30 19:50 - 2013-07-30 01:01 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamLayout.ini
2013-07-30 19:50 - 2013-07-30 01:01 - 00000096 _____ C:\Users\tim\AppData\Roaming\Camdata.ini
2013-07-30 19:50 - 2013-07-29 20:20 - 00004509 _____ C:\Users\tim\AppData\Roaming\CamStudio.cfg
2013-07-30 13:33 - 2013-04-20 13:44 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 12:05 - 2013-07-30 12:03 - 00000000 ____D C:\Users\tim\Desktop\tante anna
2013-07-30 11:08 - 2013-06-12 15:18 - 00000000 ____D C:\Users\tim\AppData\Local\Adobe
2013-07-30 11:08 - 2013-04-21 09:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-30 11:08 - 2013-04-21 09:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-29 18:02 - 2013-07-29 18:02 - 00016727 _____ C:\Users\tim\Desktop\Unbenannt 1.odt
2013-07-29 17:33 - 2013-07-29 17:33 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenOffice
2013-07-29 17:32 - 2013-07-29 17:32 - 00000737 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\redist
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\readmes
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\licenses
2013-07-29 17:30 - 2013-04-20 13:39 - 00000000 ____D C:\Users\tim
2013-07-29 17:12 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 19:16 - 2013-07-25 19:16 - 00000000 ____D C:\Users\tim\Documents\My Cheat Tables
2013-07-25 19:15 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
2013-07-25 19:15 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Local\DealPlyLive
2013-07-24 19:18 - 2013-07-24 18:11 - 00000000 ____D C:\Users\tim\AppData\Roaming\Dragons-Empire
2013-07-24 13:07 - 2013-07-21 22:05 - 00000000 ____D C:\Stormblade
2013-07-24 08:31 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 22:05 - 2013-07-21 22:05 - 00000232 _____ C:\Windows\ODBCINST.INI
2013-07-21 22:05 - 2013-07-21 22:05 - 00000000 ____D C:\Program Files\MySQL
2013-07-21 22:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-07-21 13:30 - 2013-04-21 09:57 - 00000000 ____D C:\Users\tim\Documents\Cross Fire
2013-07-21 13:19 - 2013-04-21 09:57 - 00000000 ____D C:\CFLog
2013-07-20 10:34 - 2013-04-23 17:31 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 20:01 - 2013-07-19 19:11 - 00282104 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-19 20:01 - 2013-07-19 19:06 - 00139424 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-19 20:01 - 2013-07-19 19:05 - 00282104 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-19 20:01 - 2013-07-19 19:05 - 00234768 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-19 20:01 - 2013-04-20 13:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-19 19:15 - 2013-07-19 19:05 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Users\tim\AppData\Local\PunkBuster
2013-07-19 19:06 - 2013-07-19 19:06 - 00138056 _____ C:\Users\tim\AppData\Roaming\PnkBstrK.sys
2013-07-19 19:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-19 18:53 - 2013-04-20 13:55 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-07-19 18:13 - 2013-07-19 18:05 - 00000000 ____D C:\ProgramData\Solid State Networks
2013-07-19 16:50 - 2013-06-10 16:02 - 00000000 ____D C:\Users\tim\AppData\Roaming\Skype
2013-07-18 08:49 - 2013-07-18 08:49 - 00001497 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-18 08:49 - 2013-07-18 07:56 - 00000000 ____D C:\Users\tim\AppData\Roaming\Riot Games
2013-07-18 08:49 - 2013-06-12 19:29 - 00000000 __SHD C:\Windows\system32\AI_RecycleBin
2013-07-18 07:23 - 2013-07-17 14:41 - 00000000 ____D C:\Users\tim\Desktop\rap
2013-07-17 22:24 - 2013-07-17 22:22 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 21:18 - 2013-07-17 20:56 - 00000000 ____D C:\Users\tim\AppData\Roaming\Just Aion Launcher
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Users\tim\AppData\Local\Chromium
2013-07-17 15:10 - 2013-04-20 13:58 - 00000000 ____D C:\Users\tim\AppData\Local\Downloaded Installations
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\Program Files\Gameforge
2013-07-17 14:28 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoft
2013-07-17 14:27 - 2013-07-17 14:27 - 00000956 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenCandy
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoftIEHelpers
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-17 07:17 - 2013-07-16 17:11 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-07-16 17:12 - 2013-07-16 17:12 - 00000000 ____D C:\Users\tim\AppData\Local\SWTORPerf
2013-07-16 17:09 - 2013-07-16 17:09 - 00000000 ____D C:\Users\hedev
2013-07-16 15:42 - 2013-07-16 15:42 - 152126245 _____ C:\Users\tim\openoffice1.cab
2013-07-16 15:40 - 2013-07-16 15:40 - 02269184 _____ C:\Users\tim\openoffice400.msi
2013-07-16 15:40 - 2013-07-16 15:40 - 00475136 _____ C:\Users\tim\setup.exe
2013-07-16 15:40 - 2013-07-16 15:40 - 00000279 _____ C:\Users\tim\setup.ini
2013-07-16 15:35 - 2013-07-16 15:32 - 00000000 ____D C:\Users\tim\AppData\Local\Ubisoft
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\wc
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\AppData\Roaming\wyUpdate AU
2013-07-14 20:12 - 2013-07-14 20:12 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-14 20:12 - 2013-07-14 20:00 - 00000000 ____D C:\Program Files\Canon
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-07-14 20:10 - 2013-07-14 20:09 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-07-14 20:10 - 2013-07-14 20:07 - 00000000 ____D C:\Users\tim\AppData\Roaming\Canon
2013-07-14 20:07 - 2013-07-14 20:04 - 00002025 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-14 20:07 - 2013-07-14 20:04 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-14 20:04 - 2013-07-14 20:04 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-14 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-12 05:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 05:35 - 2013-04-21 21:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 22:09 - 2009-07-14 10:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 22:09 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 18:00 - 2013-07-09 17:45 - 00000000 ____D C:\Users\tim\AppData\Local\Paint.NET
2013-07-07 07:58 - 2013-07-07 07:58 - 00000000 ____D C:\Windows\system32\Settings
Files to move or delete:
====================
C:\Users\tim\setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 11:19
==================== End Of Log ============================
AdditionFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 05-08-2013 Ran by tim at 2013-08-06 20:45:14 Running from C:\Users\tim\Downloads Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Akamai NetSession Interface ATI Catalyst Install Manager (Version: 3.0.762.0) Avira Free Antivirus (Version: 13.0.0.3885) AVM FRITZ!Box Dokumentation Browser Configuration Utility (Version: 1.0.12.1) Bundled software uninstaller Call of Duty Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5300 series Benutzerregistrierung Canon MG5300 series MP Drivers Canon MG5300 series On-screen Manual Canon MP Navigator EX 5.0 Canon My Printer Canon Solution Menu EX CCleaner (Version: 4.02) Cross Fire En Crysis® 2 (Version: 1.0.0.0) DC Universe Online Live EPU-4 Engine (Version: 1.02.01) EVGA Precision 2.0.2 (Version: 2.0.2) Firebird SQL Server - MAGIX Edition (Version: 2.1.32.0) Fraps (remove only) Free YouTube to MP3 Converter version 3.12.7.711 (Version: 3.12.7.711) Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.23.0) League of Legends (Version: 1.3) League of Legends (Version: 3.0.1) MAGIX Speed burnR (MSI) (Version: 7.0.2.6) MAGIX Video deluxe 2013 Premium (Version: 12.0.3.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) MySQL Connector/ODBC 5.1 (Version: 5.1.5) NC Launcher (GameForge) NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0) NVIDIA 3D Vision Treiber 266.71 (Version: 266.71) NVIDIA Grafiktreiber 266.71 (Version: 266.71) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6671) NVIDIA Systemsteuerung 266.71 (Version: 266.71) OpenOffice 4.0.0 (Version: 4.00.9702) Pando Media Booster (Version: 2.6.0.9) Platform (Version: 1.34) Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009) Skype™ 6.5 (Version: 6.5.158) TL-PA511 Powerline Utility (Version: 1.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) VIA Plattform-Geräte-Manager (Version: 1.34) VLC media player 2.0.2 (Version: 2.0.2) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Photo Common (Version: 16.4.3505.0912) WinPcap 4.1.1 (Version: 4.1.0.1753) WinRAR 4.20 (32-Bit) (Version: 4.20.0) ==================== Restore Points ========================= 06-08-2013 13:41:27 Geplanter Prüfpunkt ==================== Hosts content: ========================== 2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {3DF583B7-C1F7-4FA9-94C5-38AD761E4540} - System32\Tasks\DealPlyLiveUpdateTaskMachineUA => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe No File Task: {4112B330-EF36-4503-95EF-35D5E85EFFD8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.) Task: {51E0EF46-AD35-4AA2-9090-577ABCC4D6F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: {6A8B9533-3718-4A31-8B2C-2A44EE1C948A} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe No File Task: {6FD74F01-0F8C-4FF1-A607-6C4A1CA45A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.) Task: {7124ABEC-F4B1-4371-B475-3443F13827D2} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {76BD4C1E-1AB9-41CA-9480-438DC07B22D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {8EC97359-92A0-4A94-8886-F0B74A27A6F0} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {8F0FD700-BC24-4731-A0AA-50508D2F6001} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1518619725-3137718427-4188418773-1001 Task: {95EBACF7-95A2-41FD-A848-C23D8F4297C4} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.) Task: {A02DB3F5-4962-49C3-9BBC-2E0AA4A49FAE} - System32\Tasks\Dealply => C:\Users\tim\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE No File Task: {BD60DC9D-CDF2-4BB2-807D-8CE2B0688093} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {D0154C95-8462-4BD0-95D4-4F602B2A0CCF} - System32\Tasks\1-Klick-Wartung => D:\Programme\SystemOptimizer.exe No File Task: C:\Windows\Tasks\1-Klick-Wartung.job => D:\Programme\SystemOptimizer.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\Dealply.job => ? Task: C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineUA.job => C:\Program Files\DealPlyLive\Update\DealPlyLive.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/06/2013 08:30:39 PM) (Source: MsiInstaller) (User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/06/2013 08:30:18 PM) (Source: MsiInstaller) (User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/06/2013 08:21:00 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x1418 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/06/2013 08:05:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/06/2013 07:21:02 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x1148 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/06/2013 07:05:06 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/06/2013 06:21:02 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x13b4 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/06/2013 06:05:01 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/06/2013 05:21:01 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x12b0 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/06/2013 05:05:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi System errors: ============= Error: (08/06/2013 05:22:22 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/06/2013 03:39:04 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (08/06/2013 01:15:29 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/06/2013 10:46:22 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/05/2013 07:14:23 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/05/2013 10:40:13 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/04/2013 09:16:16 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/04/2013 09:09:46 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/03/2013 09:45:54 AM) (Source: Service Control Manager) (User: ) Description: Der Dienst "TuneUp Designerweiterung" wurde mit folgendem Fehler beendet: %%127 Error: (08/02/2013 11:01:47 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Microsoft Office Sessions: ========================= Error: (08/06/2013 08:30:39 PM) (Source: MsiInstaller)(User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2013 08:30:18 PM) (Source: MsiInstaller)(User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2013 08:21:00 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b141801ce92d1b3a40847C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dllf1d8e79f-fec4-11e2-afe0-bcaec5dedebc Error: (08/06/2013 08:05:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2013 07:21:02 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b114801ce92c951eed296C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll90bc71ba-febc-11e2-afe0-bcaec5dedebc Error: (08/06/2013 07:05:06 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2013 06:21:02 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b13b401ce92c0f01e871fC:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll2f2f23af-feb4-11e2-afe0-bcaec5dedebc Error: (08/06/2013 06:05:01 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/06/2013 05:21:01 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b12b001ce92b88e577d35C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dllccea5c6e-feab-11e2-b639-bcaec5dedebc Error: (08/06/2013 05:05:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 32% Total physical RAM: 3326.18 MB Available physical RAM: 2260.27 MB Total Pagefile: 6650.64 MB Available Pagefile: 4850.07 MB Total Virtual: 2047.88 MB Available Virtual: 1890.11 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:53.61 GB) (Free:7.54 GB) NTFS Drive d: (Alles) (Fixed) (Total:390.62 GB) (Free:280.4 GB) NTFS Drive e: (Musik und weiteres) (Fixed) (Total:487.17 GB) (Free:482.91 GB) NTFS Drive g: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 444C544E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=54 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=487 GB) - (Type=07 NTFS) ==================== End Of Log ============================ |
|
07.08.2013, 03:55
| #4 | |
| /// the machine /// TB-Ausbilder | Minimierung einiger FensterCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.08.2013, 10:22
| #5 |
| | Minimierung einiger Fenster Hier ist der gewünschte Bericht Erstmal bis hier hin danke dir.  Eine Frage hätte ich da was hat jetzt das Programm Combofix in seinem Verlauf gemacht ? Combofix Logfile: Code:
ATTFilter ComboFix 13-08-07.01 - tim 07.08.2013 11:11:28.1.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3326.2125 [GMT 2:00]
ausgeführt von:: c:\users\tim\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20130719.txt
c:\cflog\CrashLog_20130721.txt
c:\programdata\ntuser.dat
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-07-07 bis 2013-08-07 ))))))))))))))))))))))))))))))
.
.
2013-08-06 18:44 . 2013-08-06 18:44 -------- d-----w- C:\FRST
2013-08-06 08:53 . 2013-07-02 06:54 7143960 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED590050-7A70-4B3D-BE39-7910FAB9D94E}\mpengine.dll
2013-08-05 20:00 . 2013-08-05 20:01 -------- d-----w- c:\program files\Google
2013-08-05 13:46 . 2013-08-05 13:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-07-30 19:08 . 2013-07-30 19:08 -------- d-----w- c:\users\tim\AppData\Local\Xara
2013-07-30 19:07 . 2013-07-30 19:07 -------- d-----w- c:\program files\MAGIX
2013-07-30 18:54 . 2013-07-31 19:22 -------- d-----w- c:\users\tim\AppData\Roaming\MAGIX
2013-07-30 18:49 . 2013-07-30 18:49 -------- d-----w- c:\program files\Common Files\MAGIX Shared
2013-07-30 18:48 . 2013-07-31 19:22 -------- d-----w- c:\programdata\MAGIX
2013-07-30 18:48 . 2013-07-30 19:07 -------- d-----w- c:\program files\Common Files\MAGIX Services
2013-07-30 18:48 . 2013-07-30 18:48 -------- d-----w- c:\program files\MSXML 4.0
2013-07-29 15:33 . 2013-07-29 15:33 -------- d-----w- c:\users\tim\AppData\Roaming\OpenOffice
2013-07-29 15:30 . 2013-07-29 15:30 -------- d-----w- c:\users\tim\redist
2013-07-29 15:30 . 2013-07-29 15:30 -------- d-----w- c:\users\tim\readmes
2013-07-29 15:30 . 2013-07-29 15:30 -------- d-----w- c:\users\tim\licenses
2013-07-25 17:15 . 2013-07-25 17:15 -------- d-----w- c:\users\tim\AppData\Local\DealPlyLive
2013-07-25 17:15 . 2013-08-05 20:00 -------- d-----w- c:\users\tim\AppData\Local\Google
2013-07-24 16:11 . 2013-07-24 17:18 -------- d-----w- c:\users\tim\AppData\Roaming\Dragons-Empire
2013-07-21 20:05 . 2013-07-21 20:05 -------- d-----w- c:\program files\MySQL
2013-07-21 20:05 . 2013-07-24 11:07 -------- d-----w- C:\Stormblade
2013-07-19 17:11 . 2013-07-19 18:01 282104 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-07-19 17:10 . 2013-07-19 17:10 -------- d-----w- c:\users\tim\AppData\Local\PunkBuster
2013-07-19 17:06 . 2013-07-19 18:01 139424 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-07-19 17:06 . 2013-07-19 17:06 138056 ----a-w- c:\users\tim\AppData\Roaming\PnkBstrK.sys
2013-07-19 17:05 . 2013-07-19 18:01 282104 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-07-19 17:05 . 2013-07-19 18:01 234768 ----a-w- c:\windows\system32\PnkBstrB.ex0
2013-07-19 17:05 . 2013-07-19 17:15 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2013-07-19 16:08 . 2003-08-15 14:02 69632 ------w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe
2013-07-19 16:08 . 2003-08-15 14:01 380928 ------w- c:\program files\Common Files\InstallShield\UpdateService\agent.exe
2013-07-19 16:08 . 2003-08-15 13:57 212992 ------w- c:\program files\Common Files\InstallShield\UpdateService\ISDM.exe
2013-07-19 16:05 . 2013-07-19 16:13 -------- d-----w- c:\programdata\Solid State Networks
2013-07-18 05:56 . 2013-07-18 06:49 -------- d-----w- c:\users\tim\AppData\Roaming\Riot Games
2013-07-17 20:22 . 2013-07-17 20:24 -------- d-----w- c:\windows\system32\MRT
2013-07-17 18:56 . 2013-07-17 19:18 -------- d-----w- c:\users\tim\AppData\Roaming\Just Aion Launcher
2013-07-17 18:41 . 2013-07-17 18:41 -------- d-----w- c:\users\tim\AppData\Local\Chromium
2013-07-17 13:09 . 2013-07-17 13:09 -------- d-----w- c:\program files\Gameforge
2013-07-17 12:27 . 2013-07-17 12:28 -------- d-----w- c:\users\tim\AppData\Roaming\DVDVideoSoft
2013-07-17 12:27 . 2013-07-17 12:27 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2013-07-17 12:27 . 2013-07-17 12:27 -------- d-----w- c:\users\tim\AppData\Roaming\OpenCandy
2013-07-16 15:12 . 2013-07-16 15:12 -------- d-----w- c:\users\tim\AppData\Local\SWTORPerf
2013-07-16 15:11 . 2013-07-17 05:17 -------- d-----w- c:\program files\Common Files\BioWare
2013-07-16 15:09 . 2013-07-16 15:09 -------- d-----w- c:\users\hedev
2013-07-16 13:40 . 2013-07-16 13:40 475136 ----a-w- c:\users\tim\setup.exe
2013-07-16 13:40 . 2013-07-16 13:40 2269184 ----a-w- c:\users\tim\openoffice400.msi
2013-07-16 13:32 . 2013-07-16 13:35 -------- d-----w- c:\users\tim\AppData\Local\Ubisoft
2013-07-16 13:32 . 2013-07-16 13:32 -------- d-sh--w- c:\users\tim\wc
2013-07-16 13:32 . 2013-07-16 13:32 -------- d-sh--w- c:\users\tim\AppData\Roaming\wyUpdate AU
2013-07-14 18:12 . 2013-07-14 18:12 -------- d-----w- c:\programdata\CanonIJ
2013-07-14 18:10 . 2013-07-14 18:10 -------- d--h--w- c:\programdata\CanonEPP
2013-07-14 18:07 . 2013-07-14 18:10 -------- d-----w- c:\users\tim\AppData\Roaming\Canon
2013-07-14 18:04 . 2013-07-14 18:04 -------- d-----w- c:\program files\Common Files\CANON
2013-07-14 18:02 . 2013-07-14 18:02 -------- d-----w- c:\windows\system32\STRING
2013-07-14 18:02 . 2011-02-01 08:23 35328 ----a-w- c:\windows\system32\CNMNPUI.DLL
2013-07-14 18:00 . 2013-07-14 18:12 -------- d-----w- c:\program files\Canon
2013-07-11 14:59 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\system32\DWrite.dll
2013-07-11 14:59 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-11 14:59 . 2013-06-05 03:05 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-07-11 14:59 . 2013-06-04 04:53 509440 ----a-w- c:\windows\system32\qedit.dll
2013-07-11 14:59 . 2013-05-27 04:57 680960 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-11 14:59 . 2013-05-27 04:57 392704 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-11 14:59 . 2013-05-27 04:57 224768 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-11 14:59 . 2013-04-10 05:03 936448 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-11 14:59 . 2013-04-10 05:03 988672 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-11 14:59 . 2013-04-10 05:03 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-11 14:59 . 2013-04-10 05:04 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-09 15:45 . 2013-07-09 16:00 -------- d-----w- c:\users\tim\AppData\Local\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-30 19:08 . 2007-04-27 08:43 120200 ----a-w- c:\windows\system32\DLLDEV32i.dll
2013-07-30 09:08 . 2013-04-21 07:23 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-07-30 09:08 . 2013-04-21 07:23 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-27 11:40 . 2013-05-31 10:36 67168 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2013-06-13 12:41 . 2013-06-13 12:41 16304 ------w- c:\windows\system32\apl003.sys
2013-06-13 12:41 . 2013-06-13 12:41 13232 ------w- c:\windows\system32\apf003.sys
2013-06-11 20:21 . 2013-06-11 20:21 9089416 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-06-01 07:30 . 2013-06-01 07:30 745472 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-06-01 07:30 . 2013-06-01 07:30 73728 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-06-01 07:30 . 2013-06-01 07:30 719360 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-06-01 07:30 . 2013-06-01 07:30 61952 ----a-w- c:\windows\system32\tdc.ocx
2013-06-01 07:30 . 2013-06-01 07:30 523264 ----a-w- c:\windows\system32\vbscript.dll
2013-06-01 07:30 . 2013-06-01 07:30 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-06-01 07:30 . 2013-06-01 07:30 38400 ----a-w- c:\windows\system32\imgutil.dll
2013-06-01 07:30 . 2013-06-01 07:30 361984 ----a-w- c:\windows\system32\html.iec
2013-06-01 07:30 . 2013-06-01 07:30 23040 ----a-w- c:\windows\system32\licmgr10.dll
2013-06-01 07:30 . 2013-06-01 07:30 185344 ----a-w- c:\windows\system32\elshyph.dll
2013-06-01 07:30 . 2013-06-01 07:30 158720 ----a-w- c:\windows\system32\msls31.dll
2013-06-01 07:30 . 2013-06-01 07:30 150528 ----a-w- c:\windows\system32\iexpress.exe
2013-06-01 07:30 . 2013-06-01 07:30 1441280 ----a-w- c:\windows\system32\inetcpl.cpl
2013-06-01 07:30 . 2013-06-01 07:30 138752 ----a-w- c:\windows\system32\wextract.exe
2013-06-01 07:30 . 2013-06-01 07:30 137216 ----a-w- c:\windows\system32\ieUnatt.exe
2013-06-01 07:30 . 2013-06-01 07:30 12800 ----a-w- c:\windows\system32\mshta.exe
2013-06-01 07:30 . 2013-06-01 07:30 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-06-01 07:30 . 2013-06-01 07:30 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-06-01 07:29 . 2013-06-01 07:29 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 364544 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-06-01 07:29 . 2013-06-01 07:29 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 1158144 ----a-w- c:\windows\system32\XpsPrint.dll
2013-06-01 07:29 . 2013-06-01 07:29 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-06-01 07:29 . 2013-06-01 07:29 906240 ----a-w- c:\windows\system32\FntCache.dll
2013-06-01 07:29 . 2013-06-01 07:29 604160 ----a-w- c:\windows\system32\d3d10level9.dll
2013-06-01 07:29 . 2013-06-01 07:29 417792 ----a-w- c:\windows\system32\WMPhoto.dll
2013-06-01 07:29 . 2013-06-01 07:29 3419136 ----a-w- c:\windows\system32\d2d1.dll
2013-06-01 07:29 . 2013-06-01 07:29 293376 ----a-w- c:\windows\system32\dxgi.dll
2013-06-01 07:29 . 2013-06-01 07:29 249856 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-06-01 07:29 . 2013-06-01 07:29 2284544 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2013-06-01 07:29 . 2013-06-01 07:29 220160 ----a-w- c:\windows\system32\d3d10core.dll
2013-06-01 07:29 . 2013-06-01 07:29 207872 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2013-06-01 07:29 . 2013-06-01 07:29 1988096 ----a-w- c:\windows\system32\d3d10warp.dll
2013-06-01 07:29 . 2013-06-01 07:29 187392 ----a-w- c:\windows\system32\UIAnimation.dll
2013-06-01 07:29 . 2013-06-01 07:29 161792 ----a-w- c:\windows\system32\d3d10_1.dll
2013-06-01 07:29 . 2013-06-01 07:29 1080832 ----a-w- c:\windows\system32\d3d10.dll
2013-05-31 15:14 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2013-05-31 10:29 . 2012-07-17 12:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-28 13:05 . 2013-06-18 03:53 163328 ----a-w- c:\windows\system32\FlashPlayerUpdateService.exe
2013-05-26 22:28 . 2013-06-25 19:10 4467488 ----a-w- c:\windows\system32\GameMon.des
2013-05-13 04:45 . 2013-06-12 11:41 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 11:41 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 04:45 . 2013-06-12 11:41 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 03:08 . 2013-06-12 11:41 903168 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 11:41 43008 ----a-w- c:\windows\system32\certenc.dll
2013-05-10 03:20 . 2013-06-12 11:41 24576 ----a-w- c:\windows\system32\cryptdlg.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}]
2013-07-11 20:29 277512 ----a-w- c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2013-04-20 4288048]
"Akamai NetSession Interface"="c:\users\tim\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2010-05-24 1683360]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"avgnt"="d:\programme\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"WinampAgent"="d:\programme\Winamp\Winampa.exe" [2003-04-17 12288]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-05-11 958576]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-03-14 2565520]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1612920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-05-31 280576]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-06-03 14:27 19603048 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 116648]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-03 162408]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 30312]
R3 apf003;apf003;c:\windows\system32\apf003.sys [2013-06-13 13232]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2011-04-26 2702848]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 116648]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2013-05-26 4467488]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 121064]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 136808]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-05-13 114280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 vtany;vtany;c:\windows\vtany.sys [x]
R3 XDva401;XDva401;c:\windows\system32\XDva401.sys [x]
R3 XDva402;XDva402;c:\windows\system32\XDva402.sys [x]
R3 XDva403;XDva403;c:\windows\system32\XDva403.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-04-20 37352]
S2 AntiVirSchedulerService;Avira Planer;d:\programme\Avira\AntiVir Desktop\sched.exe [2013-06-27 84024]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2012-01-23 1858048]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-10-20 50704]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-16 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-05-15 1150880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-05 20:01 1173456 ----a-w- c:\program files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-21 13:05]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 20:00]
.
2013-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-08-05 20:00]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.splashtop.com/asusexpressgate/mb/searchAPI.php?SE=yahoo&QS=http%3A%2F%2Fde.search.yahoo.com%2Fsearch%3Ffr%3Dfp-devicevm%26type%3DWEB01
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - c:\program files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll
Trusted Zone: aeriagames.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-SOE-DC Universe Online Live PSG - d:\programme\pserver\Dc universe\Uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"=hex:51,66,7a,6c,4c,1d,38,12,12,44,f2,
86,66,ff,bd,0d,e7,87,70,98,39,78,f8,c7
"{11111111-1111-1111-1111-110211941181}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02,
15,23,5f,7f,54,6e,07,52,42,14,ca,55,95
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{A3DAEB01-4C15-4AC6-A689-6406FD954EE0}"=hex:51,66,7a,6c,4c,1d,38,12,6f,e8,c9,
a7,27,02,a8,0f,d9,9f,27,46,f8,cb,0a,f4
"{A8720491-9558-4C0D-9E35-30EED15DFB2B}"=hex:51,66,7a,6c,4c,1d,38,12,ff,07,61,
ac,6a,db,63,09,e1,23,73,ae,d4,03,bf,3f
"{C1AF5FA5-852C-4C90-812E-A7F75E011D87}"=hex:51,66,7a,6c,4c,1d,38,12,cb,5c,bc,
c5,1e,cb,fe,09,fe,38,e4,b7,5b,5f,59,93
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0c,08,e0,f5,e1,6b,ce,01
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\NvXDSync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
d:\programme\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\ASUS\EPU-4 Engine\FourEngine.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\sppsvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
d:\programme\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-07 11:20:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-08-07 09:20
.
Vor Suchlauf: 7.951.355.904 Bytes frei
Nach Suchlauf: 8.116.133.888 Bytes frei
.
- - End Of File - - 2BD9D47FFABC5B2A96F31402ACEDF563
A36C5E4F47E84449FF07ED3517B43A31 |
|
07.08.2013, 12:48
| #6 |
| /// the machine /// TB-Ausbilder | Minimierung einiger Fenster Malware gelöscht, Dienste und Registry-Einträge gerade gezogen  Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Minimierung einiger Fenster |
|
07.08.2013, 13:10
| #7 |
| | Minimierung einiger Fenster so ging recht schnell JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.3.4 (08.06.2013:1) OS: Windows 7 Professional x86 Ran by tim on 07.08.2013 at 14:06:39,00 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1518619725-3137718427-4188418773-1001\Software\Microsoft\Internet Explorer\Main\\Start Page ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\dealplylive.exe Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dealplylive Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dealplylive ~~~ Files Successfully deleted: [File] "C:\Windows\system32\authuitu.dll" ~~~ Folders Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.08.2013 at 14:08:04,38 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ und vom AdwCleanerAdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 07/08/2013 um 14:03:56 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : tim - TIM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\tim\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : BCUService
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\BrowserProtect.xml
Datei Gelöscht : C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\searchplugins\delta.xml
Ordner Gelöscht : C:\Program Files\DeviceVM
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Users\tim\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\tim\AppData\LocalLow\delta
Ordner Gelöscht : C:\Users\tim\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\tim\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\tim\AppData\Roaming\file scout
Ordner Gelöscht : C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\tim\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5e558cdeb56fb840
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsFan
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\XingHaoLyrics
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\DealPly
Schlüssel Gelöscht : HKCU\Software\delta LTD
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\FoxyDeal
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80FABB17-63AF-4655-9F07-B6509EE37AF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9BDB5E09-4BBA-4422-8C2B-529B281C32B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA5D945F-E738-4D0B-A0B5-25AC51C64659}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F48FC5B2-094A-44C7-B48C-289738C9582D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F7698761-4ABA-45C2-A5BB-D2163922C725}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C536F080-57B7-46D6-8894-C647553F2889}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\016DE60871C0A029749F021E17ED1EAE
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\03B668FC3B60B39DA984A227C2474F83
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\069D15A1025068A4F74959C0B869E104
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0775BA6C9950EED25FD45CD9A3D53A59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\087C72201E909E33C96F2F2C1731BC07
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0BB42A1AAE90B3DF8CA5613AC5E5A4FE
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\135497E2CA6B21049BF4D0A9FB71E3BC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14028CE02A6151D102129D084BA15B45
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14FC15876B91B7B0DA514247BC6F2098
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\166BF09269D172D2996631A726512A4B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\172BC29F4571CB010C26D9C9F930909A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18051FFF7B117602FB56C0323EEF692A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\18274E1F7E614121623895532262A466
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C767F16AE911D6CED419A4D1885FEB1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1DFD7A65F6F166DB63A7CAE9FF6AC341
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E1AB1162CC154C37A51A19B7A60BDB3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1FF088BA88115FC47315EC7763CFEAC1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\200E9645BF6285775EF8ACA103C176B3
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23ACC1C1C0E2A141D6261EA8FD83F197
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\25B875297F82A5FD601C9FFFE46DFDC8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27514FE5C842463B4B5C10DC1466B028
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2D39D9CBCB629BDF8A512E704F63BC65
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2FC0F4457FD2CC0D83A5449A1863327E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\32C27756CC131BC4D368EDC078E09C4F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36BFB502A3330C7D65EB5C2E77EBD7D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\36F57B7CEDF39E1E1592499968D726C7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4353B66D21A423EC3E1EB8D53C4B54E4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A90A7B19B84CDDBE46517DD3191AB9D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CC07B602EF4C3D0E31C350BF5BC6472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\534823CBD445A3870C8DB26430FE0599
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\55369B7DFB356889BDDFEE543EA217B5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5782CA5DB615C9E8486F574AE6D4493E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57A00E5958F5A7F56DE7B3692DA0889B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\57B254E3BBF5228CC7D5A3DFC02CCB1B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C072A98191FC1644A2B9670D4659B10
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D5F40A331353A0ECACF08D71FD69822
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60224FAFE4D672F68AD2D1AEDC48039D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60AD9C479D36A89D8134C6CEAF2986FF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618683B5D85686E14D9A26B7A4B92B38
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\686BDE8470523844FAFE17C06449F40F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\694892306EB6D6A51518DDB208A8015E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6992648F0AC667F84B6B741AEB4F5579
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6CA937E03ECC19840AD9DDA2F31F2A77
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6FB28499F5D657F4416DA4003BD0FDA7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\70D624E5A77741CE6AF24B97D8747783
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\71CB853A5837BFCE27A1161984A0BF4D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\73C62BD769B7E008F941A42603659903
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\763DA14889F7E9262CB8E5A46FBC70C0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DEF4E4B364444C4C9931EA5D2E97934
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8585CE53A898839E3DAB38EEB3C0726B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8923E54EA758649270DE55DA8E9A71CD
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C2A9A239518FAD005D71597F624A73F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90AFA4959469D3F240D9FDBEEA7ECD10
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\91A5A7FE180983A0E7FF1F04A03CFFE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94895A51F709F47004661275F9D1D235
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\963ED69F4C79AD9E14403614B2EDD2F7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CA0AEDE43B9AD9B229D3424CB8BB164
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9CC022C4A7E9CF8DBA70B5BC329379A8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D735316EA59F4D28D21247417A7A523
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A222092FDE0ABEF1DB2B9A369493C89E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A29F8ED2620AEAAE60A5CB577BE78E7B
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A2BA9FC5B15A77D08DEE7E7C106B85CB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A3394FC14B2A62EAA838B5A6455690D5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A831FFEC4A2AEFB4EF14908F467C5D46
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9A9EAC3370AFABF390E0F9CF54ABAAC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AA7B9C3AE4FA8A34268E0436F3094068
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B4D3898267AB73C333A1CD2A75B280B4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5AA0F83DAEB9A47452F9464D18E9934
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B67CED5287BBFB729E370EBB216810C4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6DDBE90017B82D3D292DFCC54C217D9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BBA97FFBD11BFD368E84ADDE62C9C098
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C167984857CCE006FD3AB3C76994A94F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C7AF105B175CEF95890BAE22AF0ECB48
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C8C04FE9565C70BE9D006734892DCAAF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA109E2F661CC4CAC80D0CE0ED399610
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CD2803CC49FC0C2F198C1E2EA48353DF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEBB4FC36BC027F5955FED7D4EFBD6A
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D23BB04796BDC2295262416CBDB997BB
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2E95630ABAD781C6ED14AF9638451E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D2FEBBAFACDD2E23A78336177AA3B385
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D49E8B83607DDF4C78E66F6CA6719060
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D9609D942EADB1C043FDB0151159D8F4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDE5F6ABA74D2C08C7051511430325F8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEB7CEE016DDD1A45420283F6817FBF0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E2E6EEBA988EB23E5148536D2B82E794
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4EB5897ACBE36AD5ABD1BA7BEA71E30
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5BCEEC50B1EF2440C62F261C3B86A36
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F41F083262EFE7A8B8DCD33C1802876F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F42C42D7773F50B34D289AED72F035DC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F651E3208D5F9747937AA52BC32B5FC2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F78A8348FF4F9805CF59E55AD68C7EB1
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7FCBA0AD07FFBF48A846517789BEEDC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F98294260C9FC7F83343830A43875124
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F99405CD706FD4B40A30F686D2A6E72D
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F994857C047FD36DE27C4E9A6797628C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FCD5B6B047EF368312A1C0E5F0EB6F9C
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDD4F941B37F73E288BE00CD201C5CE5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FFFE1A0D3F7F98F0BA3DEE415915598F
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\bi_uninstaller
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=3
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@tools.dpliveupdate.com/DealPlyLive Update;version=9
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BC86E1AB-EDA5-4059-938F-CE307B0C6F0A}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\prefs.js
C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\user.js ... Gelöscht !
Gelöscht : user_pref("extensions.delta.admin", false);
Gelöscht : user_pref("extensions.delta.aflt", "babsst");
Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Gelöscht : user_pref("extensions.delta.dfltLng", "en");
Gelöscht : user_pref("extensions.delta.excTlbr", false);
Gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Gelöscht : user_pref("extensions.delta.id", "5cb71cd1000000000000bcaec5dedebc");
Gelöscht : user_pref("extensions.delta.instlDay", "15816");
Gelöscht : user_pref("extensions.delta.instlRef", "sst");
Gelöscht : user_pref("extensions.delta.newTab", false);
Gelöscht : user_pref("extensions.delta.prdct", "delta");
Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Gelöscht : user_pref("extensions.delta.rvrt", "false");
Gelöscht : user_pref("extensions.delta.smplGrp", "none");
Gelöscht : user_pref("extensions.delta.tlbrId", "base");
Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1619:05:03");
Gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
-\\ Google Chrome v28.0.1500.95
Datei : C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [20850 octets] - [07/08/2013 14:03:56]
########## EOF - C:\AdwCleaner[S1].txt - [20911 octets] ##########
|
|
07.08.2013, 19:34
| #8 |
| /// the machine /// TB-Ausbilder | Minimierung einiger FensterESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
07.08.2013, 23:14
| #9 |
| | Minimierung einiger FensterCode:
ATTFilter Results of screen317's Security Check version 0.99.71 Windows 7 Service Pack 1 x86 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Adobe Flash Player 11.8.800.94 Adobe Reader XI Google Chrome 28.0.1500.95 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineScannerApp.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013 06
Ran by tim (administrator) on 07-08-2013 23:21:43
Running from C:\Users\tim\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\sched.exe
(ASUSTeK Computer Inc.) C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(VIA) C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe
(NEC Electronics Corporation) C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avgnt.exe
() D:\Programme\Winamp\winampa.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
() C:\Program Files\Pando Networks\Media Booster\PMB.exe
() C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Windows\system32\PnkBstrA.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) D:\Programme\Avira\AntiVir Desktop\avshadow.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Microsoft Corporation) C:\Windows\system32\schtasks.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
(Akamai Technologies, Inc.) C:\Users\tim\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\tim\AppData\Local\Akamai\netsession_win.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(ESET) C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
() C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe [1683360 2010-05-24] (VIA)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2010-01-22] (NEC Electronics Corporation)
HKLM\...\Run: [avgnt] - D:\Programme\Avira\AntiVir Desktop\avgnt.exe [345144 2013-06-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [WinampAgent] - D:\Programme\Winamp\Winampa.exe [12288 2003-04-17] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2565520 2011-03-14] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1612920 2011-08-04] (CANON INC.)
HKCU\...\Run: [Pando Media Booster] - C:\Program Files\Pando Networks\Media Booster\PMB.exe [4288048 2013-04-20] ()
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\tim\AppData\Local\Akamai\netsession_win.exe [4480768 2013-01-26] (Akamai Technologies, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {D55190B2-D813-4b69-B994-68835272AACF} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Extension: No Name - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\tim\AppData\Roaming\Mozilla\Firefox\Profiles\dps4hh4h.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
Chrome:
=======
CHR RestoreOnStartup: "hxxp://google.de/"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility for IJ) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
CHR Plugin: (DealPlyLive Update) - C:\Program Files\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Extension: (Google Docs) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\tim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; D:\Programme\Avira\AntiVir Desktop\sched.exe [84024 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; D:\Programme\Avira\AntiVir Desktop\avguard.exe [108088 2013-06-27] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 npggsvc; C:\Windows\system32\GameMon.des [4467488 2013-05-27] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-07-19] ()
S3 rpcapd; "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" [x]
==================== Drivers (Whitelisted) ====================
S3 apf003; C:\Windows\system32\apf003.sys [13232 2013-06-13] ()
R1 AsIO; C:\Windows\System32\drivers\AsIO.sys [11296 2009-08-04] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [84744 2013-04-20] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [135136 2013-04-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-04-20] (Avira Operations GmbH & Co. KG)
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [13216 2009-07-16] ()
R2 NPF; C:\Windows\System32\drivers\npf.sys [50704 2009-10-20] (CACE Technologies, Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-20] (Avira GmbH)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1150880 2010-05-15] (VIA Technologies, Inc.)
S3 catchme; \??\C:\Users\tim\AppData\Local\Temp\catchme.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vtany; \??\C:\Windows\vtany.sys [x]
S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [x]
R3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-07 22:38 - 2013-08-07 22:38 - 00000000 ____D C:\Program Files\ESET
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\CFLog
2013-08-07 17:42 - 2009-03-18 18:35 - 00026176 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2013-08-07 14:30 - 2013-08-07 15:07 - 00000000 ____D C:\Users\tim\Documents\Navicat
2013-08-07 14:29 - 2009-07-10 12:43 - 01589248 _____ C:\Windows\system32\libmysql_d.dll
2013-08-07 14:06 - 2013-08-07 14:06 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 14:01 - 2013-08-07 17:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-07 14:01 - 2013-07-04 16:38 - 00188176 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxDrv.sys
2013-08-07 14:01 - 2013-07-04 16:37 - 00094480 _____ (Oracle Corporation) C:\Windows\system32\Drivers\VBoxUSBMon.sys
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 ____D C:\Users\tim\VirtualBox VMs
2013-08-07 13:08 - 2013-08-07 14:34 - 00000000 ____D C:\Users\tim\.VirtualBox
2013-08-07 13:00 - 2013-08-07 17:47 - 00000000 ____D C:\Users\tim\AppData\Roaming\Notepad++
2013-08-07 13:00 - 2013-08-07 17:47 - 00000000 ____D C:\Program Files\Notepad++
2013-08-07 11:52 - 2013-08-07 11:52 - 00000496 _____ C:\Users\tim\Desktop\Aris3 - Verknüpfung.lnk
2013-08-07 11:10 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-07 11:10 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-07 11:10 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-07 11:10 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-07 11:10 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-07 11:10 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-07 11:10 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-07 11:10 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-07 11:09 - 2013-08-07 11:21 - 00000000 ____D C:\Qoobox
2013-08-07 11:09 - 2013-08-07 11:20 - 00000000 ____D C:\Windows\erdnt
2013-08-06 20:44 - 2013-08-06 20:44 - 00000000 ____D C:\FRST
2013-08-06 17:20 - 2013-08-07 14:12 - 00000000 ____D C:\Users\tim\Desktop\OTL
2013-08-05 22:01 - 2013-08-05 22:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-05 22:00 - 2013-08-07 23:05 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-05 22:00 - 2013-08-07 22:05 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-05 22:00 - 2013-08-05 22:01 - 00000000 ____D C:\Program Files\Google
2013-08-05 15:46 - 2013-08-05 15:46 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-03 18:43 - 2013-08-04 11:24 - 00000983 _____ C:\Users\tim\Desktop\Akimura2.lnk
2013-07-31 21:52 - 2013-07-31 21:52 - 00257598 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-31 21:22 - 2013-07-31 21:22 - 00000790 _____ C:\Users\tim\Desktop\CrossFire.lnk
2013-07-30 21:08 - 2013-07-31 21:22 - 00000000 ____D C:\Users\tim\Documents\MAGIX_MusicEditor
2013-07-30 21:08 - 2013-07-30 21:08 - 00000857 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\AppData\Local\Xara
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-07-30 21:07 - 2013-07-30 21:07 - 00000000 ____D C:\Program Files\MAGIX
2013-07-30 20:54 - 2013-07-31 21:22 - 00000000 ____D C:\Users\tim\AppData\Roaming\MAGIX
2013-07-30 20:54 - 2013-07-30 21:09 - 00000000 ____D C:\Users\tim\Documents\MAGIX
2013-07-30 20:54 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\Video deluxe 2013
2013-07-30 20:49 - 2013-07-30 20:49 - 00000000 ____D C:\Program Files\Common Files\MAGIX Shared
2013-07-30 20:48 - 2013-08-07 17:46 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-07-30 20:48 - 2013-07-31 21:22 - 00000000 ____D C:\ProgramData\MAGIX
2013-07-30 20:48 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-30 20:07 - 2013-07-30 20:07 - 00000551 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-07-30 12:03 - 2013-07-30 12:05 - 00000000 ____D C:\Users\tim\Desktop\tante anna
2013-07-30 01:01 - 2013-07-30 19:50 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamShapes.ini
2013-07-30 01:01 - 2013-07-30 19:50 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamLayout.ini
2013-07-30 01:01 - 2013-07-30 19:50 - 00000096 _____ C:\Users\tim\AppData\Roaming\Camdata.ini
2013-07-29 20:20 - 2013-07-30 19:50 - 00004509 _____ C:\Users\tim\AppData\Roaming\CamStudio.cfg
2013-07-29 18:02 - 2013-07-29 18:02 - 00016727 _____ C:\Users\tim\Desktop\Unbenannt 1.odt
2013-07-29 17:33 - 2013-07-29 17:33 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenOffice
2013-07-29 17:32 - 2013-07-29 17:32 - 00000737 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\redist
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\readmes
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\licenses
2013-07-25 19:16 - 2013-07-25 19:16 - 00000000 ____D C:\Users\tim\Documents\My Cheat Tables
2013-07-25 19:15 - 2013-08-05 22:00 - 00000000 ____D C:\Users\tim\AppData\Local\Google
2013-07-24 18:11 - 2013-07-24 19:18 - 00000000 ____D C:\Users\tim\AppData\Roaming\Dragons-Empire
2013-07-21 22:05 - 2013-07-21 22:05 - 00000232 _____ C:\Windows\ODBCINST.INI
2013-07-21 22:05 - 2013-07-21 22:05 - 00000000 ____D C:\Program Files\MySQL
2013-07-19 19:11 - 2013-07-19 20:01 - 00282104 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Users\tim\AppData\Local\PunkBuster
2013-07-19 19:06 - 2013-07-19 20:01 - 00139424 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-19 19:06 - 2013-07-19 19:06 - 00138056 _____ C:\Users\tim\AppData\Roaming\PnkBstrK.sys
2013-07-19 19:05 - 2013-07-19 20:01 - 00282104 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-19 19:05 - 2013-07-19 20:01 - 00234768 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-19 19:05 - 2013-07-19 19:15 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-19 18:05 - 2013-07-19 18:13 - 00000000 ____D C:\ProgramData\Solid State Networks
2013-07-18 08:49 - 2013-07-18 08:49 - 00001497 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-18 07:56 - 2013-07-18 08:49 - 00000000 ____D C:\Users\tim\AppData\Roaming\Riot Games
2013-07-17 22:22 - 2013-07-17 22:24 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 20:56 - 2013-07-17 21:18 - 00000000 ____D C:\Users\tim\AppData\Roaming\Just Aion Launcher
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Users\tim\AppData\Local\Chromium
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\Program Files\Gameforge
2013-07-17 14:41 - 2013-07-18 07:23 - 00000000 ____D C:\Users\tim\Desktop\rap
2013-07-17 14:27 - 2013-07-17 14:28 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoft
2013-07-17 14:27 - 2013-07-17 14:27 - 00000956 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-16 17:12 - 2013-07-16 17:12 - 00000000 ____D C:\Users\tim\AppData\Local\SWTORPerf
2013-07-16 17:11 - 2013-07-17 07:17 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-07-16 17:09 - 2013-07-16 17:09 - 00000000 ____D C:\Users\hedev
2013-07-16 15:42 - 2013-07-16 15:42 - 152126245 _____ C:\Users\tim\openoffice1.cab
2013-07-16 15:40 - 2013-07-16 15:40 - 02269184 _____ C:\Users\tim\openoffice400.msi
2013-07-16 15:40 - 2013-07-16 15:40 - 00475136 _____ C:\Users\tim\setup.exe
2013-07-16 15:40 - 2013-07-16 15:40 - 00000279 _____ C:\Users\tim\setup.ini
2013-07-16 15:32 - 2013-07-16 15:35 - 00000000 ____D C:\Users\tim\AppData\Local\Ubisoft
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\wc
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\AppData\Roaming\wyUpdate AU
2013-07-14 20:12 - 2013-07-14 20:12 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-14 20:10 - 2013-08-01 02:34 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-07-14 20:09 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-07-14 20:07 - 2013-07-14 20:10 - 00000000 ____D C:\Users\tim\AppData\Roaming\Canon
2013-07-14 20:04 - 2013-07-14 20:07 - 00002025 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-14 20:04 - 2013-07-14 20:07 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-14 20:04 - 2013-07-14 20:04 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-14 20:02 - 2011-02-01 10:23 - 00035328 _____ (CANON INC.) C:\Windows\system32\CNMNPUI.DLL
2013-07-14 20:00 - 2013-07-14 20:12 - 00000000 ____D C:\Program Files\Canon
2013-07-11 22:06 - 2013-06-12 01:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-11 22:06 - 2013-06-12 01:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-11 22:06 - 2013-06-12 01:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-11 22:06 - 2013-06-12 01:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-11 22:06 - 2013-06-12 00:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-11 22:06 - 2013-06-07 04:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-11 16:59 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-07-11 16:59 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-07-11 16:59 - 2013-05-06 06:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-07-11 16:59 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-07-09 17:45 - 2013-07-09 18:00 - 00000000 ____D C:\Users\tim\AppData\Local\Paint.NET
142
==================== One Month Modified Files and Folders =======
2013-08-07 23:22 - 2013-04-20 14:11 - 00000000 ____D C:\Users\tim\AppData\Local\PMB Files
2013-08-07 23:21 - 2013-04-21 09:23 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-07 23:05 - 2013-08-05 22:00 - 00001092 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-07 22:41 - 2013-08-07 22:41 - 01229952 _____ (Farbar) C:\Users\tim\Desktop\FRST.exe
2013-08-07 22:38 - 2013-08-07 22:38 - 00000000 ____D C:\Program Files\ESET
2013-08-07 22:05 - 2013-08-05 22:00 - 00001088 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-07 19:51 - 2013-06-12 19:17 - 00000000 ____D C:\Users\tim\AppData\Local\Akamai
2013-08-07 17:48 - 2013-08-07 17:48 - 00000000 ____D C:\CFLog
2013-08-07 17:47 - 2013-08-07 13:00 - 00000000 ____D C:\Users\tim\AppData\Roaming\Notepad++
2013-08-07 17:47 - 2013-08-07 13:00 - 00000000 ____D C:\Program Files\Notepad++
2013-08-07 17:46 - 2013-08-07 14:01 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-07 17:46 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\Common Files\MAGIX Services
2013-08-07 17:46 - 2009-07-14 06:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 17:46 - 2009-07-14 06:34 - 00014032 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 17:44 - 2013-04-20 13:30 - 01643469 _____ C:\Windows\WindowsUpdate.log
2013-08-07 17:41 - 2013-06-01 09:04 - 00011397 _____ C:\Windows\setupact.log
2013-08-07 17:41 - 2013-04-20 13:45 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-07 17:41 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-07 15:07 - 2013-08-07 14:30 - 00000000 ____D C:\Users\tim\Documents\Navicat
2013-08-07 14:34 - 2013-08-07 13:08 - 00000000 ____D C:\Users\tim\.VirtualBox
2013-08-07 14:12 - 2013-08-06 17:20 - 00000000 ____D C:\Users\tim\Desktop\OTL
2013-08-07 14:06 - 2013-08-07 14:06 - 00000000 ____D C:\Windows\ERUNT
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 ____D C:\Users\tim\VirtualBox VMs
2013-08-07 13:28 - 2013-04-20 13:39 - 00000000 ____D C:\Users\tim
2013-08-07 11:52 - 2013-08-07 11:52 - 00000496 _____ C:\Users\tim\Desktop\Aris3 - Verknüpfung.lnk
2013-08-07 11:21 - 2013-08-07 11:09 - 00000000 ____D C:\Qoobox
2013-08-07 11:21 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Default
2013-08-07 11:21 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-07 11:20 - 2013-08-07 11:09 - 00000000 ____D C:\Windows\erdnt
2013-08-07 11:18 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2013-08-07 11:17 - 2013-06-09 08:19 - 00047158 _____ C:\Windows\PFRO.log
2013-08-06 20:44 - 2013-08-06 20:44 - 00000000 ____D C:\FRST
2013-08-06 20:19 - 2013-04-20 14:11 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-05 22:09 - 2013-07-03 16:52 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-05 22:01 - 2013-08-05 22:01 - 00002205 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-08-05 22:01 - 2013-08-05 22:00 - 00000000 ____D C:\Program Files\Google
2013-08-05 22:00 - 2013-07-25 19:15 - 00000000 ____D C:\Users\tim\AppData\Local\Google
2013-08-05 15:46 - 2013-08-05 15:46 - 00001071 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-08-05 15:46 - 2013-08-05 15:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-04 11:24 - 2013-08-03 18:43 - 00000983 _____ C:\Users\tim\Desktop\Akimura2.lnk
2013-08-01 02:34 - 2013-07-14 20:10 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-07-31 21:52 - 2013-07-31 21:52 - 00257598 _____ C:\Windows\msxml4-KB2758694-enu.LOG
2013-07-31 21:22 - 2013-07-31 21:22 - 00000790 _____ C:\Users\tim\Desktop\CrossFire.lnk
2013-07-31 21:22 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\Documents\MAGIX_MusicEditor
2013-07-31 21:22 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\AppData\Roaming\MAGIX
2013-07-31 21:22 - 2013-07-30 20:48 - 00000000 ____D C:\ProgramData\MAGIX
2013-07-31 09:29 - 2009-07-14 06:33 - 00544648 _____ C:\Windows\system32\FNTCACHE.DAT
2013-07-30 23:27 - 2013-04-20 14:00 - 00163056 _____ C:\Users\tim\AppData\Local\GDIPFONTCACHEV1.DAT
2013-07-30 21:09 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\MAGIX
2013-07-30 21:08 - 2013-07-30 21:08 - 00000857 _____ C:\Users\Public\Desktop\MAGIX Video deluxe 2013 Premium.lnk
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\tim\AppData\Local\Xara
2013-07-30 21:08 - 2013-07-30 21:08 - 00000000 ____D C:\Users\Public\Documents\MAGIX
2013-07-30 21:08 - 2007-04-27 10:43 - 00120200 _____ () C:\Windows\system32\DLLDEV32i.dll
2013-07-30 21:07 - 2013-07-30 21:07 - 00000000 ____D C:\Program Files\MAGIX
2013-07-30 20:59 - 2013-04-20 18:31 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TP-LINK
2013-07-30 20:59 - 2013-04-20 18:31 - 00000000 ____D C:\Program Files\TP-LINK
2013-07-30 20:58 - 2013-06-29 12:41 - 00000000 ____D C:\Program Files\GameforgeLive
2013-07-30 20:54 - 2013-07-30 20:54 - 00000000 ____D C:\Users\tim\Documents\Video deluxe 2013
2013-07-30 20:49 - 2013-07-30 20:49 - 00000000 ____D C:\Program Files\Common Files\MAGIX Shared
2013-07-30 20:48 - 2013-07-30 20:48 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-07-30 20:07 - 2013-07-30 20:07 - 00000551 _____ C:\Users\Public\Desktop\Fraps.lnk
2013-07-30 19:50 - 2013-07-30 01:01 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamShapes.ini
2013-07-30 19:50 - 2013-07-30 01:01 - 00000408 _____ C:\Users\tim\AppData\Roaming\CamLayout.ini
2013-07-30 19:50 - 2013-07-30 01:01 - 00000096 _____ C:\Users\tim\AppData\Roaming\Camdata.ini
2013-07-30 19:50 - 2013-07-29 20:20 - 00004509 _____ C:\Users\tim\AppData\Roaming\CamStudio.cfg
2013-07-30 13:33 - 2013-04-20 13:44 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-07-30 12:05 - 2013-07-30 12:03 - 00000000 ____D C:\Users\tim\Desktop\tante anna
2013-07-30 11:08 - 2013-06-12 15:18 - 00000000 ____D C:\Users\tim\AppData\Local\Adobe
2013-07-30 11:08 - 2013-04-21 09:23 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-07-30 11:08 - 2013-04-21 09:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-07-29 18:02 - 2013-07-29 18:02 - 00016727 _____ C:\Users\tim\Desktop\Unbenannt 1.odt
2013-07-29 17:33 - 2013-07-29 17:33 - 00000000 ____D C:\Users\tim\AppData\Roaming\OpenOffice
2013-07-29 17:32 - 2013-07-29 17:32 - 00000737 _____ C:\Users\Public\Desktop\OpenOffice 4.0.0.lnk
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\redist
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\readmes
2013-07-29 17:30 - 2013-07-29 17:30 - 00000000 ____D C:\Users\tim\licenses
2013-07-29 17:12 - 2009-07-14 06:52 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-07-25 19:16 - 2013-07-25 19:16 - 00000000 ____D C:\Users\tim\Documents\My Cheat Tables
2013-07-24 19:18 - 2013-07-24 18:11 - 00000000 ____D C:\Users\tim\AppData\Roaming\Dragons-Empire
2013-07-24 08:31 - 2009-07-14 06:53 - 00032630 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-21 22:05 - 2013-07-21 22:05 - 00000232 _____ C:\Windows\ODBCINST.INI
2013-07-21 22:05 - 2013-07-21 22:05 - 00000000 ____D C:\Program Files\MySQL
2013-07-21 22:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Help
2013-07-21 13:30 - 2013-04-21 09:57 - 00000000 ____D C:\Users\tim\Documents\Cross Fire
2013-07-20 10:34 - 2013-04-23 17:31 - 00000000 ____D C:\Users\tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-07-19 20:01 - 2013-07-19 19:11 - 00282104 _____ C:\Windows\system32\PnkBstrB.xtr
2013-07-19 20:01 - 2013-07-19 19:06 - 00139424 _____ C:\Windows\system32\Drivers\PnkBstrK.sys
2013-07-19 20:01 - 2013-07-19 19:05 - 00282104 _____ C:\Windows\system32\PnkBstrB.exe
2013-07-19 20:01 - 2013-07-19 19:05 - 00234768 _____ C:\Windows\system32\PnkBstrB.ex0
2013-07-19 20:01 - 2013-04-20 13:56 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-19 19:15 - 2013-07-19 19:05 - 00076888 _____ C:\Windows\system32\PnkBstrA.exe
2013-07-19 19:10 - 2013-07-19 19:10 - 00000000 ____D C:\Users\tim\AppData\Local\PunkBuster
2013-07-19 19:06 - 2013-07-19 19:06 - 00138056 _____ C:\Users\tim\AppData\Roaming\PnkBstrK.sys
2013-07-19 19:05 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-07-19 18:53 - 2013-04-20 13:55 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-07-19 18:13 - 2013-07-19 18:05 - 00000000 ____D C:\ProgramData\Solid State Networks
2013-07-19 16:50 - 2013-06-10 16:02 - 00000000 ____D C:\Users\tim\AppData\Roaming\Skype
2013-07-18 08:49 - 2013-07-18 08:49 - 00001497 _____ C:\Users\Public\Desktop\Play League of Legends.lnk
2013-07-18 08:49 - 2013-07-18 07:56 - 00000000 ____D C:\Users\tim\AppData\Roaming\Riot Games
2013-07-18 07:23 - 2013-07-17 14:41 - 00000000 ____D C:\Users\tim\Desktop\rap
2013-07-17 22:24 - 2013-07-17 22:22 - 00000000 ____D C:\Windows\system32\MRT
2013-07-17 21:18 - 2013-07-17 20:56 - 00000000 ____D C:\Users\tim\AppData\Roaming\Just Aion Launcher
2013-07-17 20:41 - 2013-07-17 20:41 - 00000000 ____D C:\Users\tim\AppData\Local\Chromium
2013-07-17 15:10 - 2013-04-20 13:58 - 00000000 ____D C:\Users\tim\AppData\Local\Downloaded Installations
2013-07-17 15:09 - 2013-07-17 15:09 - 00000000 ____D C:\Program Files\Gameforge
2013-07-17 14:28 - 2013-07-17 14:27 - 00000000 ____D C:\Users\tim\AppData\Roaming\DVDVideoSoft
2013-07-17 14:27 - 2013-07-17 14:27 - 00000956 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2013-07-17 14:27 - 2013-07-17 14:27 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2013-07-17 07:17 - 2013-07-16 17:11 - 00000000 ____D C:\Program Files\Common Files\BioWare
2013-07-16 17:12 - 2013-07-16 17:12 - 00000000 ____D C:\Users\tim\AppData\Local\SWTORPerf
2013-07-16 17:09 - 2013-07-16 17:09 - 00000000 ____D C:\Users\hedev
2013-07-16 15:42 - 2013-07-16 15:42 - 152126245 _____ C:\Users\tim\openoffice1.cab
2013-07-16 15:40 - 2013-07-16 15:40 - 02269184 _____ C:\Users\tim\openoffice400.msi
2013-07-16 15:40 - 2013-07-16 15:40 - 00475136 _____ C:\Users\tim\setup.exe
2013-07-16 15:40 - 2013-07-16 15:40 - 00000279 _____ C:\Users\tim\setup.ini
2013-07-16 15:35 - 2013-07-16 15:32 - 00000000 ____D C:\Users\tim\AppData\Local\Ubisoft
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\wc
2013-07-16 15:32 - 2013-07-16 15:32 - 00000000 __SHD C:\Users\tim\AppData\Roaming\wyUpdate AU
2013-07-14 20:12 - 2013-07-14 20:12 - 00000000 ____D C:\ProgramData\CanonIJ
2013-07-14 20:12 - 2013-07-14 20:00 - 00000000 ____D C:\Program Files\Canon
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJSolutionMenuEX
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJScan
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonIJEPPEX2
2013-07-14 20:10 - 2013-07-14 20:10 - 00000000 ___HD C:\ProgramData\CanonEPP
2013-07-14 20:10 - 2013-07-14 20:09 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-07-14 20:10 - 2013-07-14 20:07 - 00000000 ____D C:\Users\tim\AppData\Roaming\Canon
2013-07-14 20:07 - 2013-07-14 20:04 - 00002025 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-07-14 20:07 - 2013-07-14 20:04 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-07-14 20:04 - 2013-07-14 20:04 - 00000000 ____D C:\Program Files\Common Files\CANON
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ___HD C:\Program Files\CanonBJ
2013-07-14 20:02 - 2013-07-14 20:02 - 00000000 ____D C:\Windows\system32\STRING
2013-07-14 16:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\NDF
2013-07-12 05:47 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-12 05:35 - 2013-04-21 21:14 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-11 22:09 - 2009-07-14 10:57 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-11 22:09 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-09 18:00 - 2013-07-09 17:45 - 00000000 ____D C:\Users\tim\AppData\Local\Paint.NET
Files to move or delete:
====================
C:\Users\tim\setup.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-02 11:19
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-08-2013 06 Ran by tim at 2013-08-07 23:22:54 Running from C:\Users\tim\Desktop Boot Mode: Normal ========================================================== ==================== Installed Programs ======================= Adobe Flash Player 11 ActiveX (Version: 11.7.700.224) Adobe Flash Player 11 Plugin (Version: 11.8.800.94) Adobe Reader XI (11.0.03) - Deutsch (Version: 11.0.03) Akamai NetSession Interface ATI Catalyst Install Manager (Version: 3.0.762.0) Avira Free Antivirus (Version: 13.0.0.3885) AVM FRITZ!Box Dokumentation Browser Configuration Utility (Version: 1.0.12.1) Call of Duty Canon Easy-PhotoPrint EX Canon Easy-WebPrint EX Canon Inkjet Printer/Scanner/Fax Extended Survey Program Canon MG5300 series Benutzerregistrierung Canon MG5300 series MP Drivers Canon MG5300 series On-screen Manual Canon MP Navigator EX 5.0 Canon My Printer Canon Solution Menu EX CCleaner (Version: 4.02) Cross Fire En Crysis® 2 (Version: 1.0.0.0) EPU-4 Engine (Version: 1.02.01) ESET Online Scanner v3 EVGA Precision 2.0.2 (Version: 2.0.2) Fraps (remove only) Free YouTube to MP3 Converter version 3.12.7.711 (Version: 3.12.7.711) Google Chrome (Version: 28.0.1500.95) Google Update Helper (Version: 1.3.23.0) League of Legends (Version: 1.3) League of Legends (Version: 3.0.1) MAGIX Speed burnR (MSI) (Version: 7.0.2.6) MAGIX Video deluxe 2013 Premium (Version: 12.0.3.4) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft Silverlight (Version: 5.1.20513.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (Version: 4.30.2100.0) MySQL Connector/ODBC 5.1 (Version: 5.1.5) NC Launcher (GameForge) NEC Electronics USB 3.0 Host Controller Driver (Version: 1.0.19.0) NVIDIA 3D Vision Treiber 266.71 (Version: 266.71) NVIDIA Grafiktreiber 266.71 (Version: 266.71) NVIDIA HD-Audiotreiber 1.3.18.0 (Version: 1.3.18.0) NVIDIA Install Application (Version: 2.1002.109.718) NVIDIA PhysX (Version: 9.10.0514) NVIDIA PhysX-Systemsoftware 9.10.0514 (Version: 9.10.0514) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.6671) NVIDIA Systemsteuerung 266.71 (Version: 266.71) OpenOffice 4.0.0 (Version: 4.00.9702) Pando Media Booster (Version: 2.6.0.9) Platform (Version: 1.34) Realtek Ethernet Controller Driver For Windows Vista and Later (Version: 1.00.0009) Skype™ 6.5 (Version: 6.5.158) TL-PA511 Powerline Utility (Version: 1.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1) VIA Plattform-Geräte-Manager (Version: 1.34) VLC media player 2.0.2 (Version: 2.0.2) Windows Live ID Sign-in Assistant (Version: 7.250.4311.0) Windows Live Photo Common (Version: 16.4.3505.0912) WinPcap 4.1.1 (Version: 4.1.0.1753) WinRAR 4.20 (32-Bit) (Version: 4.20.0) ==================== Restore Points ========================= ==================== Hosts content: ========================== 2009-07-14 04:04 - 2013-08-07 11:16 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {4112B330-EF36-4503-95EF-35D5E85EFFD8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.) Task: {6A8B9533-3718-4A31-8B2C-2A44EE1C948A} - System32\Tasks\RunOW => C:\Program Files\Overwolf\OverwolfLauncher.exe No File Task: {6FD74F01-0F8C-4FF1-A607-6C4A1CA45A5E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-08-05] (Google Inc.) Task: {7124ABEC-F4B1-4371-B475-3443F13827D2} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {76BD4C1E-1AB9-41CA-9480-438DC07B22D9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-05-24] (Piriform Ltd) Task: {8EC97359-92A0-4A94-8886-F0B74A27A6F0} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\system32\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {8F0FD700-BC24-4731-A0AA-50508D2F6001} - System32\Tasks\Games\UpdateCheck_S-1-5-21-1518619725-3137718427-4188418773-1001 Task: {95EBACF7-95A2-41FD-A848-C23D8F4297C4} - System32\Tasks\ASUS\ASUS SIX Engine => C:\Program Files\ASUS\EPU-4 Engine\FourEngine.exe [2010-02-03] (ASUSTeK Computer Inc.) Task: {BD60DC9D-CDF2-4BB2-807D-8CE2B0688093} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28] (Adobe Systems Incorporated) Task: {DE01C7A6-593C-4681-A629-2B39E3496ECA} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2009-07-14] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (08/07/2013 11:21:05 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x1634 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/07/2013 11:05:05 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/07/2013 10:21:02 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0x106c Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/07/2013 10:05:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/07/2013 09:21:01 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0xdc4 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/07/2013 09:05:01 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/07/2013 08:21:01 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: FlashPlayerUpdateService.exe, Version: 11.6.602.180, Zeitstempel: 0x51a4ab8c Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel: 0x4ec49b60 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0003419b ID des fehlerhaften Prozesses: 0xc70 Startzeit der fehlerhaften Anwendung: 0xFlashPlayerUpdateService.exe0 Pfad der fehlerhaften Anwendung: FlashPlayerUpdateService.exe1 Pfad des fehlerhaften Moduls: FlashPlayerUpdateService.exe2 Berichtskennung: FlashPlayerUpdateService.exe3 Error: (08/07/2013 08:05:00 PM) (Source: MsiInstaller) (User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi Error: (08/07/2013 07:51:54 PM) (Source: MsiInstaller) (User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. Error: (08/07/2013 07:51:33 PM) (Source: MsiInstaller) (User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können. System errors: ============= Error: (08/07/2013 08:54:26 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (08/07/2013 08:51:32 PM) (Source: volsnap) (User: ) Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte. Error: (08/07/2013 05:42:15 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/07/2013 05:42:15 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (08/07/2013 05:42:14 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren. Error: (08/07/2013 05:42:10 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (08/07/2013 05:42:10 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht. Error: (08/07/2013 05:42:10 PM) (Source: DCOM) (User: ) Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030} Error: (08/07/2013 05:41:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts. Error: (08/07/2013 05:41:53 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535. Microsoft Office Sessions: ========================= Error: (08/07/2013 11:21:05 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b163401ce93b4039fb5d3C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll447d9f14-ffa7-11e2-9cdc-bcaec5dedebc Error: (08/07/2013 11:05:05 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/07/2013 10:21:02 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419b106c01ce93aba1ae9b71C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dlle07339c4-ff9e-11e2-9cdc-bcaec5dedebc Error: (08/07/2013 10:05:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/07/2013 09:21:01 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419bdc401ce93a33fef8e4bC:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll7ea3b1a0-ff96-11e2-9cdc-bcaec5dedebc Error: (08/07/2013 09:05:01 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/07/2013 08:21:01 PM) (Source: Application Error)(User: ) Description: FlashPlayerUpdateService.exe11.6.602.18051a4ab8cntdll.dll6.1.7601.177254ec49b60c00000050003419bc7001ce939ade2b7802C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeC:\Windows\SYSTEM32\ntdll.dll1cdc8e0b-ff8e-11e2-9cdc-bcaec5dedebc Error: (08/07/2013 08:05:00 PM) (Source: MsiInstaller)(User: NT-AUTORITÄT) Description: Product: Google Update Helper -- Error 1316. A network error occurred while attempting to read from the file: C:\Program Files\Google\Update\1.3.21.153\DealPlyLiveHelper.msi(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/07/2013 07:51:54 PM) (Source: MsiInstaller)(User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) Error: (08/07/2013 07:51:33 PM) (Source: MsiInstaller)(User: tim-PC) Description: Produkt: Akamai NetSession Interface -- Fehler 1310. Fehler beim Schreiben in die Datei: C:\Users\tim\AppData\Local\Akamai\admintool.exe. Systemfehler 0. Stellen Sie sicher, dass Sie auf das Verzeichnis zugreifen können.(NULL)(NULL)(NULL)(NULL)(NULL) ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 3326.18 MB Available physical RAM: 1836.36 MB Total Pagefile: 6650.64 MB Available Pagefile: 4656.4 MB Total Virtual: 2047.88 MB Available Virtual: 1893.44 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:53.61 GB) (Free:7.17 GB) NTFS Drive d: (Alles) (Fixed) (Total:390.62 GB) (Free:271.74 GB) NTFS Drive e: (Musik und weiteres) (Fixed) (Total:487.17 GB) (Free:482.91 GB) NTFS Drive g: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 444C544E) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=54 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=391 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=487 GB) - (Type=07 NTFS) ==================== End Of Log ============================ ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=dd6649eba581424cad159767e7550b89 # engine=14692 # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-08-07 09:39:51 # local_time=2013-08-07 11:39:51 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 97 24835 9446569 17616 0 # compatibility_mode=5893 16776573 100 94 20893 127542782 0 0 # scanned=272321 # found=0 # cleaned=0 # scan_time=3563 |
|
08.08.2013, 11:32
| #10 |
| /// the machine /// TB-Ausbilder | Minimierung einiger Fenster Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S3 XDva401; \??\C:\Windows\system32\XDva401.sys [x]
S3 XDva402; \??\C:\Windows\system32\XDva402.sys [x]
R3 XDva403; \??\C:\Windows\system32\XDva403.sys [x]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [x]
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.08.2013, 11:38
| #11 |
| | Minimierung einiger Fenster Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 08-08-2013 Ran by tim at 2013-08-08 12:37:53 Run:1 Running from C:\Users\tim\Desktop Boot Mode: Normal ============================================== XDva401 => Service deleted successfully. XDva402 => Service deleted successfully. XDva403 => Service deleted successfully. xhunter1 => Service deleted successfully. ==== End of Fixlog ==== |
|
08.08.2013, 17:53
| #12 |
| /// the machine /// TB-Ausbilder | Minimierung einiger Fenster Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.08.2013, 20:19
| #13 |
| | Minimierung einiger Fenster Lieber Lieber schrauber vielen dank für deine großartige und schnelle Hilfe ich werde versuchen das ich mich hier nie wieder melden muss  Und falls doch weiß ich das ich mich auf euch verlassen kann.Ihr macht hier tolle arbeit und hoffe es bleibt auch weiterhin so. Also damit bis zum nächsten mal Gruß Tim |
|
09.08.2013, 10:19
| #14 |
| /// the machine /// TB-Ausbilder | Minimierung einiger Fenster Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Minimierung einiger Fenster |
| 32 bit, adobe, akamai, antivir, autorun, avg, avira, bho, browser, canon, converter, defender, desktop, dvdvideosoft ltd., explorer, firefox, flash player, format, google, helper, intranet, logfile, minimieren, mp3, nvidia, plug-in, registry, scan, software, verdacht auf virus, virus, windows |
Linear-Darstellung
