| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Open Candy VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.11.2013, 20:49
| #1 |
| |  Open Candy Virus Hallo, ich habe ein Problem, ich glaube ich habe mir einen Virus eingefangen. Mein Avira zeigte mir an, dass sich ein unerwünschtes Programm auf meinen PC befindet. Ich habe mich schon erkundigt und habe mir das Malwarebytes Programm runtergeladen. Ich habe den Vollen Suchlauf gestartet und es wurden 8 infizierte Dateien gefunden. Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 672332 Laufzeit: 3 Stunde(n), 8 Minute(n), 16 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Felix\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\127E8BE12246425FA52B9D299DADD22A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\242AA66B63E446D8AF9B45CB814B830F (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Felix\Downloads\ManyCam3158Setup.exe (PUP.Optional.Spigot.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\127E8BE12246425FA52B9D299DADD22A\TuneUpUtilities2013_2200360_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\242AA66B63E446D8AF9B45CB814B830F\5471.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\242AA66B63E446D8AF9B45CB814B830F\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Felix\AppData\Roaming\OpenCandy\242AA66B63E446D8AF9B45CB814B830F\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Farbar Recovery Scan Tool LOG (AMD) C:\Windows\system32\atiesrxx.exe (AMD) C:\Windows\system32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Lavasoft Limited) D:\Programme\AdAwareService.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkDMS.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\spd.exe (LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe () C:\Windows\SysWOW64\PnkBstrA.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe (Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (DeviceVM, Inc.) C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Seiko Epson Corporation) C:\Windows\system32\EscSvc64.exe (LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (cFos Software GmbH) C:\Program Files\ASRock\XFast LAN\cfosspeed.exe (Microsoft Corporation) C:\Windows\system32\wscript.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Dropbox, Inc.) C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe () C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe (Lavasoft) C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Lavasoft Limited) D:\PROGRA~1\AdAware.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe (Microsoft Corporation) C:\Windows\System32\alg.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (GFI Software) D:\Programme\SBAMSvc.exe (TeamViewer GmbH) D:\Programme\Neuer Ordner\TeamViewer_Service.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (ROCCAT GmbH) C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureOption.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\Felix\AppData\Local\Google\Chrome\Application\chrome.exe (Farbar) C:\Users\Felix\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Cm108Sound] - C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cm108.dll,CMICtrlWnd HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11855976 2011-05-18] (Realtek Semiconductor) HKLM\...\Run: [XFast LAN] - C:\Program Files\ASRock\XFast LAN\cfosspeed.exe [1441152 2011-07-04] (cFos Software GmbH) HKLM\...\Run: [THXCfg64] - C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64 HKLM\...\Run: [SBRegRebootCleaner] - D:\Programme\SBRC.exe [200560 2011-12-19] (GFI Software) HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\utils\Samsung Link Launcher.exe [407384 2013-05-09] (Samsung Electronics) HKCU\...\Run: [Steam] - E:\Spiele\Steam unso\Steam.exe [1820584 2013-10-30] (Valve Corporation) HKCU\...\Run: [RGSC] - E:\Spiele\Rockstar Games Social Club\RGSCLauncher.exe /silent HKCU\...\Run: [EADM] - E:\Spiele\Battlefield 3\Origin\Origin.exe [3551576 2013-11-05] (Electronic Arts) HKCU\...\Run: [SpybotSD TeaTimer] - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe HKCU\...\Run: [ASRockXTU] - [x] HKCU\...\Run: [zASRockInstantBoot] - [x] HKCU\...\Run: [Quseh] - C:\Users\Felix\AppData\Roaming\Wima\kuyr.exe HKCU\...\Run: [DAEMON Tools Lite] - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun HKCU\...\Run: [Google Update] - C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-27] (Google Inc.) HKCU\...\Run: [ESL Wire] - "C:\Program Files\EslWire\wire.exe" --tray HKCU\...\Run: [AdobeBridge] - [x] HKCU\...\Run: [Overwolf] - C:\Program Files (x86)\Overwolf\Overwolf.exe [35256 2013-08-22] (Overwolf) HKLM-x32\...\Run: [THX TruStudio NB Settings] - "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r HKLM-x32\...\Run: [UpdReg] - C:\Windows\Updreg.EXE [90112 2000-05-11] (Creative Technology Ltd.) HKLM-x32\...\Run: [SmartViewAgent] - C:\Program Files (x86)\DeviceVM\SmartView\SmartViewAgent.exe [948504 2010-09-02] () HKLM-x32\...\Run: [Ad-Aware Browsing Protection] - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe [540056 2012-08-08] (Lavasoft) HKLM-x32\...\Run: [Ad-Aware Antivirus] - "D:\Programme\AdAwareLauncher" --windows-run HKLM-x32\...\Run: [EEventManager] - C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-11-28] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.) HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-03] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [RoccatKonePure] - C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\KonePureMonitor.exe [569040 2012-11-30] (ROCCAT GmbH) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2349392 2013-10-31] (LogMeIn Inc.) Startup: C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\Felix\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=979DE9F54A5547C386C15550AD2C4930 URLSearchHook: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll No File URLSearchHook: HKCU - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll No File SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=rbox&toolbarid=adawaretb&u=979DE9F54A5547C386C15550AD2C4930&q={searchTerms} BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) BHO-x32: SmartView VisualBookmark - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\DeviceVM\SmartView\SmartView.dll (DeviceVM, Inc.) BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) BHO-x32: Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll No File BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) Toolbar: HKLM-x32 - NCH DE Toolbar - {b106b661-3e1b-4015-af5c-195e909f35c6} - C:\Program Files (x86)\NCH_DE\prxtbNCH_.dll No File Toolbar: HKLM-x32 - Ad-Aware Security Add-on - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) Tcpip\Parameters: [DhcpNameServer] 192.168.2.2 FireFox: ======== FF ProfilePath: C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default FF user.js: detected! => C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\user.js FF SelectedSearchEngine: blekko FF Homepage: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=homepage&toolbarid=adawaretb&v=2_2&u=979DE9F54A5547C386C15550AD2C4930 FF Keyword.URL: hxxp://safesearchr.lavasoft.com/?source=3336ca5f&tbp=url&toolbarid=adawaretb&u=979DE9F54A5547C386C15550AD2C4930&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=1.140.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll No File FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB) FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeExManDetect - D:\Programme\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\Felix\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Felix\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Felix\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Felix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF Plugin HKCU: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\adawaretb.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Battlefield Heroes Updater - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\battlefieldheroespatcher@ea.com FF Extension: Battlefield Play4Free - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\battlefieldplay4free@ea.com FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\ich@maltegoetz.de FF Extension: Lavasoft Search Plugin - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\jid1-yZwVFzbsyfMrqQ@jetpack FF Extension: Ad-Aware Security Add-on - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} FF Extension: DownloadHelper - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: DivXWebPlayer - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\DivXWebPlayer@divx.com.xpi FF Extension: personas - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\personas@christopher.beard.xpi FF Extension: No Name - C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} FF HKLM-x32\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ Chrome: ======= CHR RestoreOnStartup: "hxxp://www.facebook.de/" CHR Plugin: (Shockwave Flash) - C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll No File CHR Plugin: (Unity Player) - C:\Users\Felix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) CHR Plugin: (Google Update) - C:\Users\Felix\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File CHR Extension: (ProxTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.4_0 CHR Extension: (Doodle Jump Deluxe Flash HD ) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\abkhhgjpfcnmmpmhghohpfkcgoineebk\1.6_0 CHR Extension: (Angry Birds) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_1 CHR Extension: (Google Docs) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Cut the Rope) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj\16_0 CHR Extension: (Google Wallet) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0 CHR Extension: (My Chrome Theme) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\oehpjpccmlcalbenfhnacjeocbjdonic\2.0_0 CHR Extension: (Gmail) - C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 Ad-Aware Service; D:\Programme\AdAwareService.exe [1236368 2012-09-20] (Lavasoft Limited) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AllShareFrameworkManagerDMS.exe [405896 2013-05-03] (Samsung) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-03-28] (Advanced Micro Devices, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-03] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-03] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [815160 2013-09-03] (Avira Operations GmbH & Co. KG) R2 cFosSpeedS; C:\Program Files\ASRock\XFast LAN\spd.exe [395136 2011-07-04] (cFos Software GmbH) R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-10-11] (LogMeIn, Inc.) R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation) S3 OverwolfUpdaterService; C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe [18360 2013-08-22] (Overwolf Ltd) R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-02] () R2 SBAMSvc; D:\Programme\SBAMSvc.exe [3289032 2011-12-19] (GFI Software) R2 SmartViewService; C:\Program Files (x86)\DeviceVM\SmartView\SmartViewService.exe [125216 2010-09-02] (DeviceVM, Inc.) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation) R2 TeamViewer8; D:\Programme\Neuer Ordner\TeamViewer_Service.exe [5087584 2013-10-01] (TeamViewer GmbH) R2 WCUService; C:\Program Files (x86)\DeviceVM\SmartView Software Updater\WCUService.exe [456976 2010-09-02] (DeviceVM, Inc.) ==================== Drivers (Whitelisted) ==================== R2 AODDriver4.2; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [57472 2012-04-09] (Advanced Micro Devices) R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2012-04-11] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-03] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-09] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-11-07] (DT Soft Ltd) S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2010-12-08] (Turtle Entertainment GmbH) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2012-04-11] () S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv_x64.sys [44928 2012-10-11] (ManyCam LLC) S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv_x64.sys [28160 2013-01-31] (ManyCam LLC) R1 SBRE; C:\Windows\SysWow64\drivers\SBREdrv.sys [101112 2011-10-26] (GFI Software) R3 voxaldriver; C:\Windows\System32\DRIVERS\voxaldriverx64.sys [33488 2013-02-20] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-06 20:35 - 2013-11-06 20:35 - 00000000 ____D C:\FRST 2013-11-06 20:34 - 2013-11-06 20:34 - 01957098 _____ (Farbar) C:\Users\Felix\Downloads\FRST64 (1).exe 2013-11-06 13:34 - 2013-11-06 13:34 - 05831344 _____ (TeamViewer GmbH) C:\Users\Felix\Downloads\TeamViewer_Setup_de (1).exe 2013-11-06 13:20 - 2013-11-06 19:18 - 102844835 _____ C:\Windows\SysWOW64\쟚㣫‘ 2013-11-04 19:50 - 2013-11-04 19:50 - 01957098 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe 2013-11-04 19:11 - 2013-11-04 19:11 - 00000000 ____D C:\ProgramData\Overwolf 2013-11-04 19:09 - 2013-11-04 19:09 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-10-30 20:04 - 2013-11-04 19:05 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-30 20:04 - 2013-10-30 20:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Malwarebytes 2013-10-30 20:04 - 2013-10-30 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 19:17 - 2013-10-30 19:17 - 00420602 _____ C:\Users\Felix\Downloads\youtube-center-2.0.1-1 (1).crx 2013-10-29 18:03 - 2013-10-29 22:44 - 00000000 ____D C:\Users\Felix\Desktop\Musik 2013-10-24 15:39 - 2013-10-24 21:37 - 102837954 _____ C:\Windows\SysWOW64\�汩ž 2013-10-23 15:57 - 2013-10-23 15:57 - 102551358 _____ C:\Windows\SysWOW64\ꅜ쵮§ 2013-10-23 10:05 - 2013-11-06 13:19 - 00001412 _____ C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk 2013-10-23 09:55 - 2013-10-23 09:55 - 102551358 _____ C:\Windows\SysWOW64\戒瀺› 2013-10-22 22:13 - 2013-10-22 22:13 - 00000000 ____D C:\Users\Felix\AppData\Roaming\saves 2013-10-22 16:09 - 2013-10-22 16:09 - 102329055 _____ C:\Windows\SysWOW64\珒掄“ 2013-10-21 17:03 - 2013-11-05 16:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\.technic 2013-10-21 15:44 - 2013-11-05 16:04 - 00000000 ____D C:\Users\Felix\Desktop\Minecraft 2013-10-21 15:09 - 2013-10-21 15:09 - 02243892 _____ C:\Users\Felix\Downloads\minecraftforge-installer-1.6.4-9.11.1.935.jar 2013-10-21 15:07 - 2013-10-21 15:08 - 13136140 _____ C:\Users\Felix\Downloads\[1.6.4][Beta V5]DivineRPG.zip 2013-10-21 14:23 - 2013-10-21 14:23 - 00217600 _____ C:\Users\Felix\Downloads\jacob-1.17-M2-x64.dll 2013-10-21 14:23 - 2013-10-21 14:23 - 00176128 _____ C:\Users\Felix\Downloads\jacob-1.17-M2-x86.dll 2013-10-21 13:23 - 2013-10-21 13:23 - 00396219 _____ C:\Users\Felix\Downloads\OptiFine_1.6.4_HD_C6.jar 2013-10-21 12:40 - 2013-10-21 12:40 - 102130367 _____ C:\Windows\SysWOW64\뾈L 2013-10-19 11:43 - 2013-10-19 11:43 - 00000000 ____D C:\ProgramData\APN 2013-10-19 11:41 - 2013-10-19 11:41 - 00000000 ____D C:\ProgramData\Oracle 2013-10-19 11:40 - 2013-10-08 06:50 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-19 11:40 - 2013-10-08 06:46 - 00264616 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-19 11:40 - 2013-10-08 06:46 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-19 11:40 - 2013-10-08 06:46 - 00174504 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2013-10-19 11:38 - 2013-10-19 11:40 - 00004961 ____N C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-15 21:53 - 2013-10-15 21:53 - 00784856 _____ (Google Inc.) C:\Users\Felix\Downloads\GoogleEarthPluginSetup.exe 2013-10-14 23:22 - 2013-10-15 17:41 - 00000000 ____D C:\Users\Felix\Desktop\NICHT ANGUCKEN! 2013-10-09 21:52 - 2013-09-23 00:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-10-09 21:52 - 2013-09-23 00:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-10-09 21:52 - 2013-09-23 00:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-10-09 21:52 - 2013-09-22 23:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-10-09 21:52 - 2013-09-22 23:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-10-09 21:52 - 2013-09-22 23:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-10-09 21:52 - 2013-09-22 23:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-10-09 21:52 - 2013-09-22 23:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-10-09 21:52 - 2013-09-21 04:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-10-09 21:52 - 2013-09-21 04:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-10-09 21:52 - 2013-09-21 03:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-10-09 21:52 - 2013-09-21 03:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-10-09 19:21 - 2013-10-21 14:08 - 00000000 ____D C:\Users\Felix\AppData\Roaming\ftblauncher 2013-10-09 19:21 - 2013-10-09 19:21 - 00484986 _____ C:\Users\Felix\Downloads\FTB_Launcher.jar 2013-10-09 19:12 - 2013-10-09 19:18 - 71550860 _____ C:\Users\Felix\Downloads\Unleashed-server.zip 2013-10-09 18:04 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2013-10-09 18:04 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2013-10-09 18:04 - 2013-06-06 06:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll 2013-10-09 18:04 - 2013-06-06 06:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll 2013-10-09 18:04 - 2013-06-06 06:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll 2013-10-09 18:04 - 2013-06-06 06:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll 2013-10-09 18:04 - 2013-06-06 05:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll 2013-10-09 18:04 - 2013-06-06 05:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll 2013-10-09 18:04 - 2013-06-06 05:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll 2013-10-09 18:04 - 2013-06-06 04:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll 2013-10-09 18:04 - 2013-06-06 04:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll 2013-10-09 18:04 - 2013-06-06 04:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll 2013-10-09 17:59 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys 2013-10-09 17:59 - 2013-07-12 11:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys 2013-10-09 17:59 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys 2013-10-09 17:58 - 2013-09-14 02:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys 2013-10-09 17:58 - 2013-09-08 03:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-10-09 17:58 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll 2013-10-09 17:58 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll 2013-10-09 17:58 - 2013-08-29 03:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-10-09 17:58 - 2013-08-29 03:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-10-09 17:58 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2013-10-09 17:58 - 2013-08-29 03:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-10-09 17:58 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2013-10-09 17:58 - 2013-08-29 02:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-10-09 17:58 - 2013-08-29 02:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-10-09 17:58 - 2013-08-29 02:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-10-09 17:58 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2013-10-09 17:58 - 2013-08-29 02:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-10-09 17:58 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2013-10-09 17:58 - 2013-08-29 01:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-10-09 17:58 - 2013-08-29 01:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-10-09 17:58 - 2013-08-29 01:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-10-09 17:58 - 2013-08-29 01:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-10-09 17:58 - 2013-08-28 02:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2013-10-09 17:58 - 2013-08-01 13:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2013-10-09 17:58 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll 2013-10-09 17:58 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll 2013-10-09 17:58 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll 2013-10-09 17:58 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll 2013-10-09 17:58 - 2013-07-04 11:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys 2013-10-09 17:58 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys 2013-10-09 17:58 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys 2013-10-09 17:57 - 2013-09-04 13:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys 2013-10-09 17:57 - 2013-09-04 13:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys 2013-10-09 17:57 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll 2013-10-09 17:57 - 2013-07-20 11:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:57 - 2013-07-20 11:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-09 17:34 - 2013-10-09 17:34 - 100163860 _____ C:\Windows\SysWOW64\ꟲ㥛�D ==================== One Month Modified Files and Folders ======= 2013-11-06 20:35 - 2013-11-06 20:35 - 00000000 ____D C:\FRST 2013-11-06 20:34 - 2013-11-06 20:34 - 01957098 _____ (Farbar) C:\Users\Felix\Downloads\FRST64 (1).exe 2013-11-06 20:30 - 2013-04-27 22:55 - 00001120 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001UA.job 2013-11-06 19:18 - 2013-11-06 13:20 - 102844835 _____ C:\Windows\SysWOW64\쟚㣫‘ 2013-11-06 19:13 - 2012-03-05 23:09 - 02031254 _____ C:\Windows\WindowsUpdate.log 2013-11-06 18:59 - 2012-08-26 18:23 - 00003930 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CF246054-BAF7-41E8-9C97-F7746E19CB0C} 2013-11-06 17:05 - 2013-08-23 18:32 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Skype 2013-11-06 17:05 - 2012-04-22 17:51 - 00000000 ____D C:\Users\Felix\AppData\Roaming\.minecraft 2013-11-06 17:04 - 2012-04-23 18:09 - 00000000 ____D C:\Users\Felix\Desktop\Sachen 2013-11-06 13:34 - 2013-11-06 13:34 - 05831344 _____ (TeamViewer GmbH) C:\Users\Felix\Downloads\TeamViewer_Setup_de (1).exe 2013-11-06 13:32 - 2013-08-23 18:31 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-11-06 13:32 - 2013-08-23 18:31 - 00000000 ____D C:\ProgramData\Skype 2013-11-06 13:31 - 2013-09-01 13:26 - 00000000 ____D C:\Users\Felix\AppData\Local\LogMeIn Hamachi 2013-11-06 13:31 - 2013-05-14 20:06 - 00000000 ____D C:\Samsung Link 2013-11-06 13:28 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-06 13:28 - 2009-07-14 05:45 - 00014928 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-06 13:23 - 2009-07-14 18:58 - 00763004 _____ C:\Windows\system32\perfh007.dat 2013-11-06 13:23 - 2009-07-14 18:58 - 00173390 _____ C:\Windows\system32\perfc007.dat 2013-11-06 13:23 - 2009-07-14 06:13 - 01800066 _____ C:\Windows\system32\PerfStringBackup.INI 2013-11-06 13:21 - 2013-09-14 20:45 - 00000000 ____D C:\Users\Felix\AppData\Local\Overwolf 2013-11-06 13:21 - 2013-05-01 18:22 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Dropbox 2013-11-06 13:20 - 2012-09-04 20:07 - 00000435 _____ C:\Windows\system32\Drivers\etc\hosts.ics 2013-11-06 13:19 - 2013-10-23 10:05 - 00001412 _____ C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Social Games.lnk 2013-11-06 13:19 - 2012-04-06 18:11 - 02438656 ___SH C:\Users\Felix\Desktop\Thumbs.db 2013-11-06 13:17 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-06 13:17 - 2009-07-14 05:51 - 00102303 _____ C:\Windows\setupact.log 2013-11-05 16:04 - 2013-10-21 17:03 - 00000000 ____D C:\Users\Felix\AppData\Roaming\.technic 2013-11-05 16:04 - 2013-10-21 15:44 - 00000000 ____D C:\Users\Felix\Desktop\Minecraft 2013-11-05 13:07 - 2012-11-21 20:32 - 00000000 ____D C:\ProgramData\Ad-Aware Browsing Protection 2013-11-04 20:39 - 2012-09-01 23:20 - 00000000 ____D C:\Users\Felix\AppData\Local\CrashDumps 2013-11-04 20:34 - 2012-03-05 17:11 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Mozilla 2013-11-04 20:04 - 2013-06-11 20:16 - 00000000 ____D C:\Users\Felix\AppData\Roaming\OpenCandy 2013-11-04 20:04 - 2013-05-14 20:08 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2013-11-04 20:04 - 2013-05-12 19:00 - 00000000 ____D C:\Users\Felix\AppData\Local\Dxtory Software 2013-11-04 20:04 - 2013-03-26 18:21 - 00000000 ____D C:\Users\Felix\AppData\Local\Nem's Tools 2013-11-04 20:04 - 2013-03-26 18:21 - 00000000 ____D C:\Program Files\Nem's Tools 2013-11-04 20:04 - 2013-03-07 16:22 - 00000000 ____D C:\Program Files (x86)\Funny Bear Studio 2013-11-04 20:04 - 2012-12-25 20:17 - 00000000 ____D C:\Program Files (x86)\AutoHotkey 2013-11-04 20:04 - 2012-11-06 18:29 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fraps 2013-11-04 20:04 - 2012-09-04 20:04 - 00000000 ____D C:\Users\Mcx1-FELIX-PC 2013-11-04 20:04 - 2012-03-06 19:59 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-11-04 20:04 - 2009-07-14 19:18 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-11-04 20:04 - 2009-07-14 19:18 - 00000000 ____D C:\Windows\ShellNew 2013-11-04 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration 2013-11-04 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\AppCompat 2013-11-04 19:50 - 2013-11-04 19:50 - 01957098 _____ (Farbar) C:\Users\Felix\Downloads\FRST64.exe 2013-11-04 19:16 - 2012-03-11 18:16 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software 2013-11-04 19:11 - 2013-11-04 19:11 - 00000000 ____D C:\ProgramData\Overwolf 2013-11-04 19:09 - 2013-11-04 19:09 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi 2013-11-04 19:06 - 2012-03-05 16:12 - 00000000 ____D C:\Users\Felix 2013-11-04 19:05 - 2013-10-30 20:04 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-04 19:05 - 2013-09-14 20:49 - 00000000 ____D C:\Program Files (x86)\Overwolf 2013-10-30 20:20 - 2012-03-07 19:32 - 00000000 ____D C:\Users\Felix\AppData\Local\Rockstar Games 2013-10-30 20:04 - 2013-10-30 20:04 - 00000000 ____D C:\Users\Felix\AppData\Roaming\Malwarebytes 2013-10-30 20:04 - 2013-10-30 20:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-30 19:17 - 2013-10-30 19:17 - 00420602 _____ C:\Users\Felix\Downloads\youtube-center-2.0.1-1 (1).crx 2013-10-29 22:44 - 2013-10-29 18:03 - 00000000 ____D C:\Users\Felix\Desktop\Musik 2013-10-24 21:37 - 2013-10-24 15:39 - 102837954 _____ C:\Windows\SysWOW64\�汩ž 2013-10-23 15:57 - 2013-10-23 15:57 - 102551358 _____ C:\Windows\SysWOW64\ꅜ쵮§ 2013-10-23 10:30 - 2013-04-27 22:55 - 00001068 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001Core.job 2013-10-23 09:55 - 2013-10-23 09:55 - 102551358 _____ C:\Windows\SysWOW64\戒瀺› 2013-10-22 22:13 - 2013-10-22 22:13 - 00000000 ____D C:\Users\Felix\AppData\Roaming\saves 2013-10-22 16:09 - 2013-10-22 16:09 - 102329055 _____ C:\Windows\SysWOW64\珒掄“ 2013-10-21 15:09 - 2013-10-21 15:09 - 02243892 _____ C:\Users\Felix\Downloads\minecraftforge-installer-1.6.4-9.11.1.935.jar 2013-10-21 15:08 - 2013-10-21 15:07 - 13136140 _____ C:\Users\Felix\Downloads\[1.6.4][Beta V5]DivineRPG.zip 2013-10-21 14:23 - 2013-10-21 14:23 - 00217600 _____ C:\Users\Felix\Downloads\jacob-1.17-M2-x64.dll 2013-10-21 14:23 - 2013-10-21 14:23 - 00176128 _____ C:\Users\Felix\Downloads\jacob-1.17-M2-x86.dll 2013-10-21 14:08 - 2013-10-09 19:21 - 00000000 ____D C:\Users\Felix\AppData\Roaming\ftblauncher 2013-10-21 13:23 - 2013-10-21 13:23 - 00396219 _____ C:\Users\Felix\Downloads\OptiFine_1.6.4_HD_C6.jar 2013-10-21 12:40 - 2013-10-21 12:40 - 102130367 _____ C:\Windows\SysWOW64\뾈L 2013-10-19 14:21 - 2013-04-03 14:55 - 00000000 ____D C:\Users\Felix\Documents\TrackMania 2013-10-19 14:17 - 2013-04-03 14:55 - 00000000 ____D C:\ProgramData\TrackMania 2013-10-19 13:23 - 2013-08-31 22:02 - 00000000 ____D C:\ProgramData\Screaming Bee 2013-10-19 13:21 - 2013-01-16 18:59 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-10-19 11:43 - 2013-10-19 11:43 - 00000000 ____D C:\ProgramData\APN 2013-10-19 11:41 - 2013-10-19 11:41 - 00000000 ____D C:\ProgramData\Oracle 2013-10-19 11:40 - 2013-10-19 11:38 - 00004961 ____N C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log 2013-10-19 11:40 - 2012-07-11 11:47 - 00000000 ____D C:\Program Files (x86)\Java 2013-10-16 14:35 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2013-10-16 13:35 - 2013-04-27 22:57 - 00002364 _____ C:\Users\Felix\Desktop\Google Chrome.lnk 2013-10-15 22:23 - 2012-03-09 19:02 - 00000000 ____D C:\Users\Felix\AppData\Roaming\TS3Client 2013-10-15 21:53 - 2013-10-15 21:53 - 00784856 _____ (Google Inc.) C:\Users\Felix\Downloads\GoogleEarthPluginSetup.exe 2013-10-15 17:41 - 2013-10-14 23:22 - 00000000 ____D C:\Users\Felix\Desktop\NICHT ANGUCKEN! 2013-10-14 23:15 - 2012-03-17 18:23 - 00015872 _____ C:\Users\Felix\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2013-10-14 17:57 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache 2013-10-14 14:30 - 2012-10-07 11:43 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.exe 2013-10-14 14:30 - 2012-03-08 20:09 - 00290184 _____ C:\Windows\SysWOW64\PnkBstrB.xtr 2013-10-14 14:29 - 2012-03-06 19:59 - 00280904 _____ C:\Windows\SysWOW64\PnkBstrB.ex0 2013-10-14 10:25 - 2013-04-27 22:55 - 00004090 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001UA 2013-10-14 10:25 - 2013-04-27 22:55 - 00003694 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001Core 2013-10-12 15:29 - 2009-07-14 05:45 - 04971944 _____ C:\Windows\system32\FNTCACHE.DAT 2013-10-12 15:26 - 2013-03-14 21:25 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-12 15:26 - 2013-03-14 21:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-09 21:50 - 2012-04-05 18:38 - 01777024 ____N C:\Windows\SysWOW64\PerfStringBackup.INI 2013-10-09 21:46 - 2013-08-15 01:55 - 00000000 ____D C:\Windows\system32\MRT 2013-10-09 21:44 - 2012-03-05 16:26 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-10-09 19:21 - 2013-10-09 19:21 - 00484986 _____ C:\Users\Felix\Downloads\FTB_Launcher.jar 2013-10-09 19:18 - 2013-10-09 19:12 - 71550860 _____ C:\Users\Felix\Downloads\Unleashed-server.zip 2013-10-09 17:34 - 2013-10-09 17:34 - 100163860 _____ C:\Windows\SysWOW64\ꟲ㥛�D 2013-10-08 06:50 - 2013-10-19 11:40 - 00096168 ____N (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2013-10-08 06:46 - 2013-10-19 11:40 - 00264616 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2013-10-08 06:46 - 2013-10-19 11:40 - 00175016 ____N (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2013-10-08 06:46 - 2013-10-19 11:40 - 00174504 ____N (Oracle Corporation) C:\Windows\SysWOW64\java.exe Some content of TEMP: ==================== C:\Users\Felix\AppData\Local\Temp\05c272a8-9a04-4a17-b1b4-1af0f3183da3.exe C:\Users\Felix\AppData\Local\Temp\13-4_win7_win8_64_dd_ccc_whql.exe C:\Users\Felix\AppData\Local\Temp\3jfsfng4.dll C:\Users\Felix\AppData\Local\Temp\af1a9fe4-1c3b-4627-8acb-192ead149a8e.exe C:\Users\Felix\AppData\Local\Temp\APNSetup.exe C:\Users\Felix\AppData\Local\Temp\AskSLib.dll C:\Users\Felix\AppData\Local\Temp\AutoRun.exe C:\Users\Felix\AppData\Local\Temp\AutoRunGUI.dll C:\Users\Felix\AppData\Local\Temp\CheatEngine62Clean.exe C:\Users\Felix\AppData\Local\Temp\drm_dyndata_7380006.dll C:\Users\Felix\AppData\Local\Temp\drm_dyndata_7380014.dll C:\Users\Felix\AppData\Local\Temp\DSETUP.DLL C:\Users\Felix\AppData\Local\Temp\EBU865E.EXE C:\Users\Felix\AppData\Local\Temp\EBU8B0F.DLL C:\Users\Felix\AppData\Local\Temp\EBUDD6A.EXE C:\Users\Felix\AppData\Local\Temp\EBUE17F.DLL C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.11.1.7324-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.12.0.7335-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.12.1.7342-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.12.1.7351-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.13.0.7366-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.15.2.7446-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.15.3.7454-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.15.4.7479-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.16.0.7619-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.16.0.7631-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.16.0.7636-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.17.0.7639-x64.exe C:\Users\Felix\AppData\Local\Temp\EslWireSetup-1.9.1.6749-x64.exe C:\Users\Felix\AppData\Local\Temp\FP_PL_PFS_INSTALLER_32bit.exe C:\Users\Felix\AppData\Local\Temp\i4jdel0.exe C:\Users\Felix\AppData\Local\Temp\i4jdel1.exe C:\Users\Felix\AppData\Local\Temp\i4jdel2.exe C:\Users\Felix\AppData\Local\Temp\i4jdel3.exe C:\Users\Felix\AppData\Local\Temp\i4jdel4.exe C:\Users\Felix\AppData\Local\Temp\i4jdel5.exe C:\Users\Felix\AppData\Local\Temp\i4jdel6.exe C:\Users\Felix\AppData\Local\Temp\installerdll250818.dll C:\Users\Felix\AppData\Local\Temp\installerdll281191.dll C:\Users\Felix\AppData\Local\Temp\installerdll297634.dll C:\Users\Felix\AppData\Local\Temp\installerdll300629.dll C:\Users\Felix\AppData\Local\Temp\jansi-32-git-Bukkit-1.2.5-R3.0-b2203jnks.dll C:\Users\Felix\AppData\Local\Temp\jansi-32-git-Bukkit-1.3.1-R2.0-b2340jnks.dll C:\Users\Felix\AppData\Local\Temp\jansi-32-git-Bukkit-1.4.7-R1.0-b2624jnks.dll C:\Users\Felix\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-b2788jnks.dll C:\Users\Felix\AppData\Local\Temp\jline_git-Bukkit-1_2_5-R1_0-b2149jnks.dll C:\Users\Felix\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u11-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\Felix\AppData\Local\Temp\K-Lite_Codec_Pack_Basic.exe C:\Users\Felix\AppData\Local\Temp\mp3el2.exe C:\Users\Felix\AppData\Local\Temp\prismsetup.exe C:\Users\Felix\AppData\Local\Temp\rootsupd.exe C:\Users\Felix\AppData\Local\Temp\Setup.exe C:\Users\Felix\AppData\Local\Temp\sfamcc00001.dll C:\Users\Felix\AppData\Local\Temp\sfextra.dll C:\Users\Felix\AppData\Local\Temp\SomotoAcPro.exe C:\Users\Felix\AppData\Local\Temp\sonarinst.exe C:\Users\Felix\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll C:\Users\Felix\AppData\Local\Temp\swt-win32-3349.dll C:\Users\Felix\AppData\Local\Temp\tmp60F5.exe C:\Users\Felix\AppData\Local\Temp\tmp693E.exe C:\Users\Felix\AppData\Local\Temp\Uninstall.exe C:\Users\Felix\AppData\Local\Temp\UpdateCheckerSetup.exe C:\Users\Felix\AppData\Local\Temp\vc1n3ouu.dll C:\Users\Felix\AppData\Local\Temp\vcredist_x64.exe C:\Users\Felix\AppData\Local\Temp\vcredist_x86.exe C:\Users\Felix\AppData\Local\Temp\vpsetup.exe C:\Users\Felix\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe C:\Users\Felix\AppData\Local\Temp\wpsetup.exe C:\Users\Felix\AppData\Local\Temp\_isC699.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-31 17:37 ==================== End Of Log ============================ Addition ==================== Security Center ======================== AV: Lavasoft Ad-Aware (Enabled - Up to date) {445B48C3-0FA4-6B16-8F07-6506F305D800} AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Lavasoft Ad-Aware (Enabled - Up to date) {FF3AA927-299E-6498-B5B7-5E74888292BD} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Lavasoft Ad-Aware (Disabled) {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} ==================== Installed Programs ====================== ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212) Acrobat.com (x32 Version: 0.0.0) Acrobat.com (x32 Version: 1.1.377) Ad-Aware Antivirus (x32 Version: 10.3.45.3935) Ad-Aware Security Add-on (x32 Version: 2.2.0.11) Adobe AIR (x32 Version: 3.2.0.2070) Adobe Download Assistant (x32 Version: 1.0.6) Adobe Flash Player 11 ActiveX (x32 Version: 11.3.300.265) Adobe Flash Player 11 Plugin (x32 Version: 11.7.700.202) Adobe Help Manager (x32 Version: 4.0.244) Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05) Adobe Story (x32 Version: 1.0.571) AllShare Framework DMS (Version: 1.3.09) AMD Accelerated Video Transcoding (Version: 12.10.100.30328) AMD APP SDK Runtime (Version: 10.0.938.2) AMD Catalyst Install Manager (Version: 8.0.911.0) AMD Drag and Drop Transcoding (Version: 2.00.0000) AMD Fuel (Version: 2013.0328.2218.38225) AMD Media Foundation Decoders (Version: 1.0.80328.2204) AMD Steady Video Plug-In (Version: 2.06.0000) AMD USB Filter Driver (x32 Version: 1.0.14.91) AMD VISION Engine Control Center (x32 Version: 2013.0328.2218.38225) Apple Application Support (x32 Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (x32 Version: 2.1.3.127) ASRock App Charger v1.0.5 ASRock eXtreme Tuner v0.1.122 (x32) ASRock InstantBoot v1.29 (x32) Assassin's Creed (x32 Version: 1.02) AutoHotkey 1.0.48.05 (x32 Version: 1.0.48.05) Avira Free Antivirus (x32 Version: 13.0.0.4052) Battlefield 3™ (x32 Version: 1.4.0.0) Battlelog Web Plugins (x32 Version: 2.3.0) Benutzerhandbuch - Grundlagen EPSON XP-302 303 305 306 Series (x32) Benutzerhandbuch EPSON XP-302 303 305 306 Series (x32) Bonjour (Version: 3.0.0.10) Burnout Paradise: The Ultimate Box (x32) Call of Duty(R) 4 - Modern Warfare(TM) (x32 Version: 1.00.0000) Call of Duty: Black Ops II - Multiplayer (x32) Call of Duty: Black Ops II - Zombies (x32) Call of Duty: Black Ops II (x32) Call of Duty: Modern Warfare 3 - Dedicated Server (x32) Call of Duty: Modern Warfare 3 - Multiplayer (x32) Call of Duty: Modern Warfare 3 (x32) Camtasia Studio 7 (x32 Version: 7.1.1) Catalyst Control Center - Branding (x32 Version: 1.00.0000) Catalyst Control Center Graphics Previews Common (x32 Version: 2013.0328.2218.38225) Catalyst Control Center InstallProxy (x32 Version: 2013.0328.2218.38225) Catalyst Control Center Localization All (x32 Version: 2013.0328.2218.38225) CCC Help Chinese Standard (x32 Version: 2013.0328.2217.38225) CCC Help Chinese Traditional (x32 Version: 2013.0328.2217.38225) CCC Help Czech (x32 Version: 2013.0328.2217.38225) CCC Help Danish (x32 Version: 2013.0328.2217.38225) CCC Help Dutch (x32 Version: 2013.0328.2217.38225) CCC Help English (x32 Version: 2013.0328.2217.38225) CCC Help Finnish (x32 Version: 2013.0328.2217.38225) CCC Help French (x32 Version: 2013.0328.2217.38225) CCC Help German (x32 Version: 2013.0328.2217.38225) CCC Help Greek (x32 Version: 2013.0328.2217.38225) CCC Help Hungarian (x32 Version: 2013.0328.2217.38225) CCC Help Italian (x32 Version: 2013.0328.2217.38225) CCC Help Japanese (x32 Version: 2013.0328.2217.38225) CCC Help Korean (x32 Version: 2013.0328.2217.38225) CCC Help Norwegian (x32 Version: 2013.0328.2217.38225) CCC Help Polish (x32 Version: 2013.0328.2217.38225) CCC Help Portuguese (x32 Version: 2013.0328.2217.38225) CCC Help Russian (x32 Version: 2013.0328.2217.38225) CCC Help Spanish (x32 Version: 2013.0328.2217.38225) CCC Help Swedish (x32 Version: 2013.0328.2217.38225) CCC Help Thai (x32 Version: 2013.0328.2217.38225) CCC Help Turkish (x32 Version: 2013.0328.2217.38225) ccc-utility64 (Version: 2013.0328.2218.38225) Command and Conquer: Red Alert 3 - Uprising (x32) Counter-Strike: Global Offensive - SDK (x32) Counter-Strike: Global Offensive (x32) Counter-Strike: Source (x32 Version: 1.0.0.0) Debut Video Capture Software (x32) Download Navigator (x32 Version: 1.1.0) Dropbox (HKCU Version: 2.0.22) Druckerdeinstallation für EPSON XP-302 303 305 306 Series Dxtory 2.0.104 (x32 Version: 2.0.104) EA.com Matchup (x32) EA.com Update (x32) Epson Easy Photo Print 2 (x32 Version: 2.3.2.0) Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) (x32 Version: 1.00.0000) Epson Event Manager (x32 Version: 3.01.0000) EPSON Scan (x32) EpsonNet Print (x32 Version: 2.5.00) ESN Sonar (x32 Version: 0.70.4) Etron USB3.0 Host Controller (x32 Version: 0.104) Fallout 3 (x32 Version: 1.00.0000) FileZilla Client 3.5.3 (x32 Version: 3.5.3) Firebird SQL Server - MAGIX Edition (x32 Version: 2.1.31.0) Fraps (remove only) (x32) Free MP4 Video Converter version 5.0.25.610 (x32 Version: 5.0.25.610) Free YouTube Download version 3.2.3.610 (x32 Version: 3.2.3.610) Free YouTube to MP3 Converter version 3.12.3.610 (x32 Version: 3.12.3.610) GCFScape 1.8.4 GIMP 2.8.2 (Version: 2.8.2) Google Chrome (HKCU Version: 30.0.1599.101) Google Talk Plugin (x32 Version: 4.8.2.15856) Grand Theft Auto IV (x32 Version: 1.00.0000) Grand Theft Auto Vice City (x32 Version: 1.00.000) HLSW v1.4.0.2 (x32) InstallForge (x32 Version: 1.2.4) iOpus Flatrate Steckdose (x32) Java 7 Update 45 (x32 Version: 7.0.450) Java Auto Updater (x32 Version: 2.1.9.8) Java(TM) 6 Update 33 (x32 Version: 6.0.330) K-Lite Codec Pack 9.3.0 (Basic) (x32 Version: 9.3.0) Lagarith Lossless Codec (1.3.27) (x32) League of Legends (x32 Version: 1.02.0000) Left 4 Dead 2 (x32) LogMeIn Hamachi (x32 Version: 2.2.0.100) Mafia II (x32) MAGIX Content und Soundpools (x32 Version: 1.0.0.0) MAGIX Goya burnR (MSI) (Version: 4.3.2.0) MAGIX Goya burnR (MSI) (x32 Version: 4.3.2.0) MAGIX Music Maker 2013 (Version: 19.0.1.36) MAGIX Music Maker 2013 (x32 Version: 19.0.1.36) MAGIX Music Maker 2013 Trial Soundpools (Version: 1.0.0.0) MAGIX Screenshare (Version: 4.3.6.1987) MAGIX Screenshare (x32 Version: 4.3.6.1987) McPixel (x32) Medal of Honor (TM) (x32 Version: 1.0.0.0) Medal of Honor(TM) Multiplayer (x32) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319) Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319) Microsoft Age of Empires (x32) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000) Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) (x32 Version: 3.5.30730.0) Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0) Microsoft Games for Windows Marketplace (x32 Version: 3.5.50.0) Microsoft Help Viewer 1.0 (Version: 1.0.30319) Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319) Microsoft Silverlight (Version: 5.1.20913.0) Microsoft SQL Server 2008 (64-bit) Microsoft SQL Server 2008 Browser (x32 Version: 10.1.2531.0) Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22) Microsoft SQL Server 2008 Common Files (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Services (Version: 10.1.2531.0) Microsoft SQL Server 2008 Database Engine Shared (Version: 10.1.2531.0) Microsoft SQL Server 2008 Native Client (Version: 10.1.2531.0) Microsoft SQL Server 2008 R2 Management Objects (x32 Version: 10.50.1447.4) Microsoft SQL Server 2008 RsFx Driver (Version: 10.1.2531.0) Microsoft SQL Server Compact 3.5 SP2 DEU (x32 Version: 3.5.8080.0) Microsoft SQL Server Compact 3.5 SP2 x64 DEU (Version: 3.5.8080.0) Microsoft SQL Server System CLR Types (x32 Version: 10.50.1447.4) Microsoft SQL Server VSS Writer (Version: 10.1.2531.0) Microsoft Visual Basic 2010 Express - DEU (x32 Version: 10.0.30319) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (x32 Version: 9.0.30729.4974) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319 (Version: 10.0.30319) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1) Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610) Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (x32 Version: 10.0.30319) Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (Version: 10.0.30319) Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053) Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053) Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000) Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000) Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000) Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000) Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000) Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000) Mirror's Edge (x32) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) MSVCRT Redists (Version: 1.0) MSVCRT Redists (x32 Version: 1.0) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0) MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) NCH DE Toolbar (x32 Version: 6.8.5.1) Netzwerkhandbuch EPSON XP-302 303 305 306 Series (x32) NewBlue Motion Effects (x32) NVIDIA PhysX (x32 Version: 9.11.1107) Origin (x32 Version: 8.6.0.357) Overwolf (x32 Version: 0.44.256) Pando Media Booster (x32 Version: 2.6.0.7) Populous (x32 Version: 1.0.0.0) Prism Video File Converter (x32) PunkBuster Services (x32 Version: 0.993) QuickTime (x32 Version: 7.73.80.64) Realtek Ethernet Controller Driver (x32 Version: 7.44.421.2011) Realtek High Definition Audio Driver (x32 Version: 6.0.1.6378) Red Orchestra 2: Heroes of Stalingrad (x32) Risen (x32 Version: 1.00.0000) ROCCAT Kone Pure Mouse Driver (x32) Rockstar Games Social Club (x32 Version: 1.00.0000) Samsung Link 1.5.0.1305092012 (Version: 1.5.0.1305092012) Service Pack 1 für SQL Server 2008 (KB 968369) (64-bit) (Version: 10.1.2531.0) Skype™ 6.10 (x32 Version: 6.10.104) SmartView for IE (x32 Version: 1.0.4.1) SmartView Software Updater (x32 Version: 1.0.4.1) Source Multiplayer Dedicated Server (x32) Source SDK (x32) Source SDK Base 2006 (x32) Source SDK Base 2007 (x32) Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0) Steam(TM) (x32 Version: 1.0.0.0) TeamSpeak 3 Client (Version: 3.0.6) TeamViewer 8 (x32 Version: 8.0.22298) Text-To-Speech-Runtime (x32 Version: 1.0.0.0) The Showdown Effect (x32) THX TruStudio (x32 Version: 1.00.01) TrackMania Nations Forever (x32) Tt eSPORTS SHOCK Spin HD Ubisoft Game Launcher (x32 Version: 1.0.0.0) Unity Web Player (HKCU Version: ) Unterstützungsdateien für Microsoft SQL Server 2008-Setup (Version: 10.1.2731.0) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3) Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3) Vegas Pro 11.0 (x32 Version: 11.0.682) VideoPad Videobearbeitungs-Software (x32) Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU (x32 Version: 4.0.8080.0) Voxal Voice Changer (x32) VTF Shell Extensions 1.7.5.0 (Version: 1.0.6.1) VTFEdit 1.2.5 (x32) Warframe (x32 Version: 1.0.0) WavePad Audiobearbeitungs-Software (x32) Windows Live ID Sign-in Assistant (Version: 6.500.3165.0) WinRAR 4.11 (32-Bit) (x32 Version: 4.11.0) World Riddles: Seven wonders 1.0 (x32) XFast LAN v6.61 (Version: 6.61) ==================== Restore Points ========================= 04-11-2013 19:00:37 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {04299694-EC53-40A1-B4BF-DA97EEBCD9AB} - System32\Tasks\Microsoft\Windows\Media Center\Extender\Update media permissions for Mcx1-FELIX-PC => C:\Windows\ehome\McxTask.exe [2009-07-14] (Microsoft Corporation) Task: {3FF4C041-602A-4818-BF9E-1AEAB4534321} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001Core => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.) Task: {4244C65E-E3AB-48FE-A822-7739BAEBDF10} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001UA => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-27] (Google Inc.) Task: {7366BE63-9078-4EA6-A9F0-63FFC38F11E7} - System32\Tasks\Ad-Aware Antivirus Scheduled Scan => D:\Programme\AdAwareLauncher.exe [2012-09-20] (Lavasoft Limited) Task: {9336DD57-9BEA-47DB-9B2F-A804CBD8B4E9} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe Task: {A98AE98B-06EC-4066-A753-0A8C860F01EC} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation) Task: {B9965A73-7BBE-4BDA-B34C-DC29C82D51DA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {E5E30477-694A-4D96-A84C-A944FA27DA6B} - System32\Tasks\NCH Software\WavePadReminder => C:\Program Files (x86)\NCH Software\WavePad\wavepad.exe [2012-12-14] (NCH Software) Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001Core.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-534803630-2841824664-611018103-1001UA.job => C:\Users\Felix\AppData\Local\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Users\Felix\Neuer Ordner\FileZilla FTP Client\fzshellext_64.dll 2012-03-05 19:45 - 2012-02-17 20:55 - 00193536 _____ () D:\Programme\rarext64.dll 2012-09-01 20:48 - 2011-05-19 08:58 - 00246784 _____ () C:\Windows\SYSTEM32\APOMgr64.DLL 2013-03-28 21:30 - 2013-03-28 21:30 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll 2013-08-12 12:41 - 2013-08-09 18:25 - 00394824 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-04-19 16:29 - 2013-04-19 16:29 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DMSManager.dll 2013-04-19 15:37 - 2013-04-19 15:37 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ContentDirectoryPresenter.dll 2013-04-19 15:39 - 2013-04-19 15:39 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMCDP.dll 2013-04-19 15:38 - 2013-04-19 15:38 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\FolderCDP.dll 2013-04-19 16:29 - 2013-04-19 16:29 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MetadataFramework.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\sqlite3.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\MoodExtractor.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\DCMImgExtractor.dll 2013-04-12 07:58 - 2013-04-12 07:58 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AutoChaptering.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexpat.dll 2013-04-12 07:58 - 2013-04-12 07:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoThumb.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avcodec-52.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avutil-50.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\avformat-52.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\swscale-0.dll 2013-04-19 16:29 - 2013-04-19 16:29 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\AudioExtractor.dll 2013-04-19 16:29 - 2013-04-19 16:29 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ID3Driver.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\tag.dll 2013-04-12 07:58 - 2013-04-12 07:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libThumbnail.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RichInfoDriver.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoExtractor.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ThumbnailMaker.dll 2013-04-12 07:59 - 2013-04-12 07:59 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageMagickWrapper.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00133632 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\VideoMetadataDriver.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libKeyFrame.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\SECMetaDriver.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\ImageExtractor.dll 2013-04-12 07:58 - 2013-04-12 07:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\photoDriver.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\libexif-12.dll.dll 2013-04-19 15:58 - 2013-04-19 15:58 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\TextExtractor.dll 2013-04-19 15:39 - 2013-04-19 15:39 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\Autobackup.dll 2013-04-19 15:38 - 2013-04-19 15:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\RosettaAllShare.dll 2013-04-15 17:52 - 2013-04-15 17:52 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_serialization-vc90-mt-1_47.dll 2013-04-15 17:53 - 2013-04-15 17:53 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_date_time-vc90-mt-1_47.dll 2013-04-15 17:52 - 2013-04-15 17:52 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_system-vc90-mt-1_47.dll 2013-04-15 17:53 - 2013-04-15 17:53 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\boost_thread-vc90-mt-1_47.dll 2013-02-14 18:42 - 2013-02-14 18:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.09\us.dll 2012-02-20 21:29 - 2012-02-20 21:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2012-02-20 21:28 - 2012-02-20 21:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Felix\AppData\Roaming\Dropbox\bin\libcef.dll 2010-09-02 15:54 - 2010-09-02 15:54 - 00503202 _____ () C:\Program Files (x86)\DeviceVM\SmartView\sqlite3.dll 2012-03-05 19:45 - 2012-02-17 20:55 - 00166912 _____ () D:\Programme\rarext.dll 2013-08-21 12:34 - 2012-06-23 13:54 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Kone Pure Mouse\hiddriver.dll 2012-11-21 20:46 - 2013-10-01 14:16 - 00190752 _____ () D:\Programme\Definitions\libBase64.dll 2012-11-21 20:46 - 2013-10-01 14:16 - 00178464 _____ () D:\Programme\Definitions\libMachoUniv.dll 2012-01-08 14:41 - 2012-01-08 14:41 - 00093696 _____ () C:\Users\Felix\Neuer Ordner\FileZilla FTP Client\fzshellext.dll 2013-10-16 13:35 - 2013-10-09 01:01 - 00698832 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\libglesv2.dll 2013-10-16 13:35 - 2013-10-09 01:01 - 00099792 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\libegl.dll 2013-10-16 13:35 - 2013-10-09 01:02 - 04055504 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\pdf.dll 2013-10-16 13:35 - 2013-10-09 01:02 - 00415184 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll 2013-10-16 13:35 - 2013-10-09 01:01 - 01604560 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll 2013-10-16 13:35 - 2013-10-09 01:02 - 13584336 _____ () C:\Users\Felix\AppData\Local\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Felix\Lokale Einstellungen:tY0Dq24hHnQpQtXgnKu4 AlternateDataStreams: C:\Users\Felix\AppData\Local:tY0Dq24hHnQpQtXgnKu4 AlternateDataStreams: C:\Users\Felix\AppData\Local\Anwendungsdaten:tY0Dq24hHnQpQtXgnKu4 AlternateDataStreams: C:\Users\Felix\AppData\Local\Temp:GelluuHtPDNb2KS23j4 AlternateDataStreams: C:\Users\Felix\AppData\Local\Temporary Internet Files:fNgAdNhttB6l9T9fyiAW ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ad-Aware Service => ""="Ad-Aware Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SBAMSvc => ""="Service" ==================== Faulty Device Manager Devices ============= Name: Microsoft-Adapter für Miniports virtueller WiFis Description: Microsoft-Adapter für Miniports virtueller WiFis Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: vwifimp Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (11/06/2013 01:18:01 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/06/2013 01:18:01 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/05/2013 01:07:33 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/05/2013 01:07:33 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/04/2013 09:30:42 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 Error: (11/04/2013 09:30:17 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 Error: (11/04/2013 08:52:08 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/04/2013 08:52:08 PM) (Source: AllShare Framework DMS) (User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/04/2013 08:38:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00001487 ID des fehlerhaften Prozesses: 0x810 Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0 Pfad der fehlerhaften Anwendung: avnotify.exe1 Pfad des fehlerhaften Moduls: avnotify.exe2 Berichtskennung: avnotify.exe3 Error: (11/04/2013 07:06:09 PM) (Source: Avira Antivirus) (User: NT-AUTORITÄT) Description: Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet! System errors: ============= Error: (11/06/2013 01:22:23 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "FABS - Helping agent for MAGIX media database" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/06/2013 01:22:23 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst FABS - Helping agent for MAGIX media database erreicht. Error: (11/06/2013 01:20:46 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Ad-Aware" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/06/2013 01:20:46 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Ad-Aware erreicht. Error: (11/06/2013 01:20:46 PM) (Source: DCOM) (User: ) Description: 1053SBAMSvc{FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} Error: (11/05/2013 01:08:11 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "LogMeIn Hamachi Tunneling Engine" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/05/2013 01:08:11 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst LogMeIn Hamachi Tunneling Engine erreicht. Error: (11/04/2013 08:59:44 PM) (Source: Service Control Manager) (User: ) Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (11/04/2013 08:59:44 PM) (Source: Service Control Manager) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht. Error: (11/04/2013 08:53:58 PM) (Source: DCOM) (User: ) Description: 1053SBAMSvc{FE7E09CE-BBF4-4698-8BC1-37C9002DAA43} Microsoft Office Sessions: ========================= Error: (11/06/2013 01:18:01 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/06/2013 01:18:01 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/05/2013 01:07:33 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/05/2013 01:07:33 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/04/2013 09:30:42 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 Error: (11/04/2013 09:30:17 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcCtrlHandler received failed with 0 Error: (11/04/2013 08:52:08 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcInit started failed with 0 Error: (11/04/2013 08:52:08 PM) (Source: AllShare Framework DMS)(User: ) Description: AllShare Framework DMSSvcMain failed with 0 Error: (11/04/2013 08:38:46 PM) (Source: Application Error)(User: ) Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c00000050000148781001ced9957a16a141C:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeb81d921d-4588-11e3-8794-bc5ff42b233c Error: (11/04/2013 07:06:09 PM) (Source: Avira Antivirus)(User: NT-AUTORITÄT) Description: 0x0 ==================== Memory info =========================== Percentage of memory in use: 50% Total physical RAM: 4075.64 MB Available physical RAM: 2030.81 MB Total Pagefile: 8149.46 MB Available Pagefile: 5004.05 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:79.98 GB) (Free:24.96 GB) NTFS Drive d: (Daten/Anwendung) (Fixed) (Total:97.66 GB) (Free:57.22 GB) NTFS Drive e: (Spiele) (Fixed) (Total:288.03 GB) (Free:30.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: C884C884) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=98 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=288 GB) - (Type=07 NTFS) ==================== End Of Log ============================ HILFE!! |
|
06.11.2013, 21:53
| #2 |
| /// the machine /// TB-Ausbilder    |  Open Candy Virus hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
06.11.2013, 22:38
| #3 |
| | Open Candy VirusCode:
ATTFilter # AdwCleaner v3.011 - Bericht erstellt am 06/11/2013 um 22:29:18
# Updated 03/11/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Felix - FELIX-PC
# Gestartet von : C:\Users\Felix\Downloads\adw311cleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\blekko toolbars
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\adawaretb
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Program Files (x86)\Toolbar Cleaner
Ordner Gelöscht : C:\Program Files (x86)\NCH_DE
Ordner Gelöscht : C:\Users\Felix\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\adawaretb
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Felix\AppData\LocalLow\NCH_DE
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\adawaretb
Datei Gelöscht : C:\Users\Felix\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\foxydeal.sqlite
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\adawaretb.xml
Datei Gelöscht : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\user.js
Datei Gelöscht : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2801937
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_surgeon-simulator-2013_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_winrar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{82A5CE4D-AF0C-45B6-8AF8-75625BE6A08D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B2B7E0CD-E169-43B3-A233-E129610EE314}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0DEC13F0-5C8C-4147-8329-6CDFAD9755B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0F3DC9E0-C459-4A40-BCF8-747BD9322E10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E97F0FA-3B44-4634-A87E-8B0D5CFD6365}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{951F5841-FD1E-4F1D-8607-67B174DBD753}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D1CCB0CC-DA45-4797-93D3-DEE7A13F8177}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DCE24E28-D8EF-49BE-BC01-A1DD3B58FCE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E4F7F1A5-490E-4884-A9E3-CBD6A25749E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFE66D00-A56A-4F7F-81D7-4A28C5816D6C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8EEB1C24-43B2-4210-B48A-87FE0EAE6267}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E8E0178-00EF-413D-9324-E7B3E31572E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A1A533A8-E106-422B-AE29-D0025269AF83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B1759D04-0EF9-472A-B5C3-C774997B5321}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B106B661-3E1B-4015-AF5C-195E909F35C6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8EEB1C24-43B2-4210-B48A-87FE0EAE6267}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{80ED3EBC-CC05-4336-ABCC-295798855718}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AB829048-CAE3-4178-A954-74B07EF1BD38}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CE1E987-B939-4010-B754-A14C9391C458}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B106B661-3E1B-4015-AF5C-195E909F35C6}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gelöscht : HKLM\Software\adawaretb
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\Software\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NCH_DE Toolbar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16720
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\Felix\AppData\Roaming\Mozilla\Firefox\Profiles\vxe383fp.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.selectedEngine", "blekko");
Zeile gelöscht : user_pref("extensions.enabledAddons", "battlefieldheroespatcher%40ea.com:5.0.140.0,battlefieldplay4free%40ea.com:1.0.66.2,DivXWebPlayer%40divx.com:2.0.2.039,%7B87934c42-161d-45bc-8cef-ef18abe2a30c%7D:[...]
-\\ Google Chrome v
[ Datei : C:\Users\Felix\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [9171 octets] - [06/11/2013 22:27:45]
AdwCleaner[S0].txt - [8093 octets] - [06/11/2013 22:29:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8153 octets] ##########
Geändert von siox (06.11.2013 um 22:45 Uhr) |
|
07.11.2013, 13:57
| #4 |
| /// the machine /// TB-Ausbilder | Open Candy Virus und weiter 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Open Candy Virus |
| 4d36e972-e325-11ce-bfc1-08002be10318, ad-aware, antivir, antivirus, avira, bonjour, branding, converter, desktop, error, failed, flash player, google, homepage, installation, internet explorer, maleware, malewarebytes, mozilla, open candy, plug-in, problem, programm, realtek, registry, scan, schnell, security, software, svchost.exe, vcredist, vice city, virus, windows |
Linear-Darstellung
