| |
| |||||||
Log-Analyse und Auswertung: Windows 7 Chrome Trojaner, Werbe-Popup Horror!Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
24.01.2014, 18:39
| #1 |
 |  Windows 7 Chrome Trojaner, Werbe-Popup Horror! Hallo, Ich benutze Google Chrome. Derzeit öffnen sich andauernd auf jeder Seite Werbeanzeigen. Wörter in beliebigen Texten sind doppelt unterstrichen und blau, geht man mit der Maus drauf öffnen sich Werbefenster. Wenn ich in eine Suchleiste klicke (google, youtube, ebay) öffnet sich eine neue seite auf der verlangt wird den Flashplayer zu aktualisieren. Links am Bildschirmrand ist andauernd eine Leiste mit der Überschrift "RelopiX" die irgendwelche "früheren Suchanfragen " anzeigt ( zur Zeit zB.: Falten entfernen, Schimmel entfernen, Kalk entfernen, Rückenhaare entfernen usw. ...) Ich habe Microsoft Security Essentials eine Vollständige Überprüfung machen lassen. Dabei wurden zwei Daten gefunden: Adware:Win32/Yontoo Mittel VirTool:Win32/Obfuscator.XZ Schwerwiegend Ich freue mich über eine schnelle Antwort und hoffe dass Sie mir helfen können Gruß |
|
24.01.2014, 20:00
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7 Chrome Trojaner, Werbe-Popup Horror! hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
26.01.2014, 15:41
| #3 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Hier die FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-01-2014 02
Ran by Sara (administrator) on SARA-PC on 26-01-2014 15:34:59
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ICQ) C:\Users\Sara\AppData\Roaming\ICQM\icq.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
() C:\Program Files\ESO Survey Live\ESOSurveyLive.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Yontoo LLC) C:\Users\Sara\AppData\Roaming\Yontoo\YontooDesktop.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [RazorU] - C:\ProgramData\RazorU0\piztmhvct.exe [425984 2013-04-23] ()
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKCU\...\Run: [RazorU] - C:\ProgramData\RazorU0\piztmhvct.exe [425984 2013-04-23] ()
HKCU\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKCU\...\Run: [NextLive] - C:\Users\Sara\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
MountPoints2: F - F:\autorun_setup.bat
MountPoints2: {883a6f71-84b6-11e0-b3dd-d027882fb872} - G:\autorun.exe
MountPoints2: {8eee009d-c1e6-11e0-8981-d027882fb872} - F:\autorun_setup.bat
MountPoints2: {b0b51bf8-8539-11e0-9ad2-d027882fb872} - F:\setup.exe
MountPoints2: {d2256587-7f08-11e2-941b-d027882fb872} - F:\autorun_setup.bat
MountPoints2: {e21f8a10-66cd-11e1-897e-d027882fb872} - F:\setup.exe
IFEO\hijackthis.exe: [Debugger] gqzoh_.exe
IFEO\housecalllauncher.exe: [Debugger] udyuv_.exe
IFEO\rstrui.exe: [Debugger] clhhn_.exe
IFEO\spybotsd.exe: [Debugger] uwpyv_.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss_wls&mntrId=78F8D027882FB872
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss_wls&mntrId=78F8D027882FB872
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: PiccShare BHO - {553318DA-D010-469E-84B1-496563CAE1C0} - C:\Users\Sara\AppData\Local\ext_piccshare\ext_piccshare.dll (HTTO Group, Ltd)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.76\npchrome_frame.dll (Google Inc.)
BHO: SeeSimilar - {F225A2E3-8EE1-4204-B7A0-F4C551578A87} - C:\Program Files\SeeSimilar\ScriptHost.dll (SeeSimilar.com)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.76\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF user.js: detected! => C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\user.js
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF Extension: Babylon - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\ffxtlbr@babylon.com [2012-08-30]
FF Extension: SeeSimilar - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\SeeSimilar@SeeSimilar.com [2013-07-17]
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Wajam) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-08-19]
CHR Extension: (PutLockerDownloader V3.0) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (SeeSimilar) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf [2013-08-19]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Sara\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-14]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-04-11]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [2013-04-11]
CHR HKLM\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Sara\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]
CHR HKCU\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [2013-06-20]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-06-20]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S4 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448 2013-08-06] (Iminent)
S4 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)
R2 Yontoo Desktop Updater; C:\Users\Sara\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-05-01] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-26 15:34 - 2014-01-26 15:35 - 00016986 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-01-26 15:34 - 01222144 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-26 15:34 - 2014-01-26 15:34 - 00000000 ____D C:\FRST
2014-01-16 16:42 - 2014-01-16 16:42 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i268594110_il3.exe
2014-01-15 23:56 - 2014-01-15 23:56 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i266846673_il3.exe
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:16 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-02 23:16 - 2014-01-02 23:17 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:15 - 2014-01-26 15:31 - 00000000 ____D C:\Users\Sara\AppData\Roaming\newnext.me
2014-01-02 23:15 - 2014-01-03 15:52 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:31 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:15 - 2014-01-02 23:17 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-24 20:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-02 23:14 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-02 23:14 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files\MyPC Backup
2014-01-02 23:14 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Systweak
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:14 - 2013-11-22 15:42 - 00018776 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot.exe
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 23:12 - 2014-01-02 23:12 - 00672936 _____ ( ) C:\Users\Sara\Downloads\UltimateCodec.exe
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-01 03:51 - 2014-01-08 18:24 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:48 - 2014-01-01 03:50 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:42 - 2014-01-01 03:43 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
==================== One Month Modified Files and Folders =======
2014-01-26 15:35 - 2014-01-26 15:34 - 00016986 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-01-26 15:34 - 01222144 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-26 15:34 - 2014-01-26 15:34 - 00000000 ____D C:\FRST
2014-01-26 15:34 - 2011-05-10 07:16 - 01963730 _____ C:\Windows\WindowsUpdate.log
2014-01-26 15:32 - 2013-05-09 14:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Yontoo
2014-01-26 15:32 - 2011-05-11 11:06 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-26 15:31 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Roaming\newnext.me
2014-01-26 15:30 - 2013-08-05 19:37 - 00016390 _____ C:\Windows\setupact.log
2014-01-26 15:30 - 2013-07-17 09:07 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-26 15:30 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-24 20:14 - 2014-01-02 23:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-24 19:28 - 2013-07-17 09:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-24 10:04 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-24 10:04 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 20:31 - 2013-08-19 16:12 - 00002130 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 16:42 - 2014-01-16 16:42 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i268594110_il3.exe
2014-01-16 10:02 - 2009-07-14 05:33 - 00511712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:56 - 2014-01-15 23:56 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i266846673_il3.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-08 16:03 - 2013-05-09 14:16 - 00000000 ____D C:\Program Files\Yontoo
2014-01-04 17:12 - 2013-11-21 12:59 - 00000000 ____D C:\Users\Sara\Desktop\Neuer Ordner
2014-01-04 14:52 - 2012-10-12 20:07 - 00000000 ____D C:\Program Files\Steam
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-04 14:33 - 2013-08-05 19:37 - 00006856 _____ C:\Windows\PFRO.log
2014-01-03 19:12 - 2011-11-07 09:37 - 00000000 ____D C:\spiele 0002
2014-01-03 15:56 - 2014-01-02 23:16 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-03 15:56 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-03 15:56 - 2012-04-03 19:05 - 00000000 ____D C:\ProgramData\DivX
2014-01-03 15:52 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-03 15:52 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\MyPC Backup
2014-01-03 15:51 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Systweak
2014-01-03 15:45 - 2011-05-10 08:38 - 00136000 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 23:31 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:17 - 2014-01-02 23:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:17 - 2014-01-02 23:15 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:15 - 2011-05-10 07:25 - 00000000 ____D C:\Users\Sara
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 23:12 - 2014-01-02 23:12 - 00672936 _____ ( ) C:\Users\Sara\Downloads\UltimateCodec.exe
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-02 00:17 - 2011-06-06 12:04 - 00000000 ____D C:\Users\Sara\Documents\My Games
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:50 - 2014-01-01 03:48 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:45 - 2011-05-10 09:50 - 00000000 ____D C:\Users\Sara\AppData\Local\Windows Live
2014-01-01 03:43 - 2014-01-01 03:42 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
Files to move or delete:
====================
C:\Users\Sara\createfileassoc.exe
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
C:\Users\Sara\Uninstall.exe
C:\Users\Sara\update.exe
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\56569uninstall.exe
C:\Users\Sara\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sara\AppData\Local\Temp\gczezwht.dll
C:\Users\Sara\AppData\Local\Temp\Gw2.exe
C:\Users\Sara\AppData\Local\Temp\Sqlite3.dll
C:\Users\Sara\AppData\Local\Temp\Uninstall.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 16:22
==================== End Of Log ============================
Addition.txt FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 26-01-2014 02
Ran by Sara at 2014-01-26 15:35:50
Running from C:\Users\Sara\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Wulin (Version: 0.0.1.011 - gPotato)
AION Free-To-Play (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (Version: 2.70.0000 - Gameforge) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atlantica (Version: 21662 - NEXON Europe S.A.R.L)
Audacity 1.2.6 (Version: - )
Biet-O-Matic v2.14.12 (Version: 2.14.12 - BOM Development Team)
BioShock Infinite (Version: - Irrational Games)
Black & White® 2 (Version: 1.00.0000 - Lionhead Studios)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (Version: - )
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0 - Brother Industries, Ltd.)
Cake Mania 2 (Version: - )
Cake Mania 3 (Version: - )
Call of Duty Black Ops II (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.20 - Piriform)
Corel Graphics - Windows Shell Extension (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Painter 12 - IPM (Version: 12.4 - Corel Corporation) Hidden
Corel Painter 12 (Version: 12.2.1.1212 - Corel Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (Version: 5.1.0.0333 - DT Soft Ltd)
DarksidersInstaller (Version: 1.00.1000 - Ihr Firmenname)
DarkWave Studio 3.2.9 (Version: 3.2.9 - ExperimentalScene)
Dead Island Riptide (c) Deep Silver version 1 (Version: 1 - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Deponia (Version: 1.0 - Daedalic Entertainment)
Diablo III (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Kunst des Mordens - Die geheimen Akten (Version: - )
Diner Dash 2 Restaurant Rescue (Version: - )
Diner Dash 5: BOOM (Version: - )
Diner Dash Flo on the Go (Version: - )
Diner Dash: Flo Through Time (Version: - )
Dishonored (Version: - )
Disney Toontown Online (Version: - Walt Disney Internet Group)
DivX-Setup (Version: 2.6.1.8 - DivX, LLC)
Don't Starve (Version: - Klei Entertainment)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
EasyBits GO (HKCU Version: - EasyBits Media)
Enlightenus (Version: - )
EPSON-Drucker-Software (Version: - )
ESO Survey Live version 1.3.0 (Version: 1.3.0 - Immersyve, Inc.)
F.A.C.E.S. (Version: - )
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fairy Maids (Version: - )
Farm Craft (Version: - )
Farm Tribe (Version: - )
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio CD Burner version 1.4.8 (Version: - DVDVideoSoft Limited.)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Chrome (Version: 32.0.1700.76 - Google Inc.)
Google Chrome Frame (Version: 65.119.72 - Google, Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (Version: - NCsoft Corporation, Ltd.)
Haunted Halls: Kindheitsängste Sammleredition (Version: - )
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
ICQ 8.0 (build 6017) (HKCU Version: 8.0.6017.0 - Mail.Ru)
ICQ7.5 (Version: 7.5 - ICQ)
Iminent (Version: 6.27.21.0 - Iminent) <==== ATTENTION
Iminent (Version: 6.27.21.0 - Iminent) Hidden <==== ATTENTION
Inkscape 0.48.0 (Version: 0.48.0 - )
Install(GE) (Version: 1.0 - AeriaGames)
IrfanView (remove only) (Version: 4.28 - Irfan Skiljan)
iTunes (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (Version: 6.0.250 - Oracle)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4 - )
League of Legends (Version: 1.02.0000 - Riot Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.) Hidden
MabinogiEU (Version: - devCAT)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x86 (Version: 1.0.0 - Microsoft)
Minecraft Cracked (Version: 1.4.7 - MINECRAFTinstall.net)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
Mystic Inn (Version: - )
NC Launcher (GameForge) (Version: - NCsoft)
NVIDIA PhysX (Version: 9.09.0203 - NVIDIA Corporation)
Online Games Manager v1.20 (Version: 1.20.13 - Real Networks, Inc.)
Orcs Must Die 2 (Version: - )
Origin (Version: 9.0.2.2065 - Electronic Arts, Inc.)
Overlord II (Version: 1.0 - Codemasters)
Painter 12 - Content (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - DE (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - FR (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - IT (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Painter (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.4 - Corel Corporation) Hidden
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
Pangya (Ntreev USA) (Version: - )
Path of Exile (Version: - Grinding Gear Games)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
PiccShare (HKCU Version: 2.0 - HTTO Group Ltd)
Plantasia (Version: - )
PutLockerDownloader (Version: 2.1 Build 26473 - PutLockerDownloader.com) <==== ATTENTION
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Razer Synapse 2.0 (Version: 1.13.1 - Razer Inc.)
Room Arranger (Version: 5.6.8 - Jan Adamec)
Sacred 2 (Version: 2.0.2.0 - Ascaron Entertainment)
Sandlot Games Client Services 1.2.2 (Version: - Sandlot Games)
SeeSimilar (Version: 1.0.0.5 - SeeSimilar.com)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sonic & All-Stars Racing Transformed (Version: - Sumo Digital)
SPORE™ (Version: 1.00.0000 - Electronic Arts)
Steam (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (Version: 4.1.72.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 6 (Version: 6.0.10511 - TeamViewer GmbH)
TERA (Version: 16.04 - Frogster Online Gaming GmbH)
The Elder Scrolls Online Beta (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (Version: - Bethesda Game Studios)
Trust 5.1 Surround Headset (Version: - )
Twisted Lands - Insomniac (Version: - )
UltraStar Deluxe (Version: 1.1 - USDX Team)
Uninstall 1.0.0.1 (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
Urban Legends: The Maze (Version: - )
UseNeXT by Tangysoft (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.9 (Version: 1.1.9 - VideoLAN)
Wajam (Version: 1.45 - Wajam) <==== ATTENTION
War of Angels (Version: - )
Warframe (Version: - Digital Extremes)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (Version: 5.3.0.17128 - Blizzard Entertainment)
Yontoo 2.053 (Version: 2.053 - Yontoo LLC) <==== ATTENTION
YouTube Song Downloader (Version: 7.92 - Abelssoft)
YouTube Song Downloader (Version: 8.2 - Abelssoft)
==================== Restore Points =========================
13-01-2014 21:57:31 Windows Update
15-01-2014 23:57:32 Windows Update
20-01-2014 15:05:19 Windows Update
24-01-2014 09:07:33 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0565C2F2-F6E2-4B7D-B4CA-A3315A833AAE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {12D6E651-F8B2-4144-BD21-00CD802F3DBB} - System32\Tasks\RNUpgradeHelperResumePrompt_Sara => C:\Users\Sara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe [2011-06-27] (RealNetworks, Inc.)
Task: {1397BF44-6D5E-4804-BFDF-59710A9196A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50C5F7EA-4332-4E16-8CA9-04795B6E0B09} - System32\Tasks\{4D262156-A9F7-4BF1-914E-AFA7D9CD1406} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9CD27547-D76B-40ED-B8D5-3935F9E57236} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {CA066D31-83D1-4529-BE0D-6941F1F83945} - System32\Tasks\FoxTab => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF956DD2-1F2B-47E3-9243-7989021CB6AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {D8A7ADB3-735C-4459-A3C3-A1C3B8B23F79} - System32\Tasks\Windows Update Check - 0x0F2A0355 => C:\ProgramData\RazorU0\piztmhvct.exe [2013-04-23] ()
Task: {EA7000B4-8AC2-4291-8E88-DE8541914866} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F681302C-CB0D-4F1F-8533-93EE7E29573F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-05-10 12:57 - 2011-03-02 11:40 - 00140288 _____ () C:\Program Files\WinRAR\rarext.dll
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-20 01:09 - 2013-04-20 01:09 - 00851456 _____ () C:\Users\Sara\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-01-16 10:09 - 2014-01-26 15:33 - 00949248 _____ () C:\Users\Sara\AppData\Roaming\Yontoo\dat\hk.dll
2014-01-16 20:31 - 2014-01-11 11:28 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-16 20:31 - 2014-01-11 11:28 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-16 20:31 - 2014-01-11 11:29 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-16 20:31 - 2014-01-11 11:29 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-16 20:31 - 2014-01-11 11:28 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2014-01-16 20:31 - 2014-01-11 11:29 - 13615896 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll
2013-05-09 14:17 - 2014-01-26 15:32 - 00013600 _____ () C:\Users\Sara\AppData\Roaming\Yontoo\dat\Desktop.OS.Plugin.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:149327FE
AlternateDataStreams: C:\ProgramData\TEMP:1604D047
AlternateDataStreams: C:\ProgramData\TEMP:162E02F7
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0
AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:439E3411
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:46A2F27B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B12D1A7D
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E2458802
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:FB08C210
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/26/2014 03:35:35 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:35:35.702]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:35:01 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:35:01.200]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:34:26 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:34:26.684]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:33:52 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:33:52.182]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:33:26 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:33:26.568]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:32:52 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:32:52.065]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:32:17 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:32:17.562]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:31:43 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:31:43.058]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:31:08 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:31:08.554]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:30:33 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/01/26 15:30:33.752]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
System errors:
=============
Error: (01/19/2014 03:03:57 PM) (Source: DCOM) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
Error: (01/18/2014 00:54:04 PM) (Source: Schannel) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.
Error: (01/17/2014 00:58:10 PM) (Source: DCOM) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/16/2014 10:07:44 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Error: (01/16/2014 10:05:29 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Error: (01/16/2014 10:04:37 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst LanmanServer erreicht.
Error: (01/16/2014 10:04:30 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: NT-AUTORITÄT)
Description: Fehler bei der CBS-Clientinitialisierung. Letzter Fehler: 0x80080005
Error: (01/16/2014 10:04:30 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (01/16/2014 10:02:27 AM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 16.01.2014 um 09:59:59 unerwartet heruntergefahren.
Error: (01/12/2014 11:57:47 AM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst Akamai erreicht.
Microsoft Office Sessions:
=========================
Error: (01/26/2014 03:36:10 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:36:10.204]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:35:35 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:35:35.702]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:35:01 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:35:01.200]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:34:26 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:34:26.684]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:33:52 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:33:52.182]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:33:26 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:33:26.568]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:32:52 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:32:52.065]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:32:17 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:32:17.562]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:31:43 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:31:43.058]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (01/26/2014 03:31:08 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/01/26 15:31:08.554]: [00001940]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
==================== Memory info ===========================
Percentage of memory in use: 70%
Total physical RAM: 2295.18 MB
Available physical RAM: 669.07 MB
Total Pagefile: 6389.47 MB
Available Pagefile: 4089.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1856.66 MB
==================== Drives ================================
Drive c: (Programme) (Fixed) (Total:488.18 GB) (Free:75.04 GB) NTFS
Drive d: (Datein) (Fixed) (Total:443.23 GB) (Free:233.5 GB) NTFS
Drive f: (DEPONIA) (CDROM) (Total:2.55 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 48443A2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
27.01.2014, 10:17
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7 Chrome Trojaner, Werbe-Popup Horror! hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.01.2014, 15:11
| #5 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Guten Tag, Das programm Combofix ist einmal gelaufen, der pc wurde automatisch neu gestartet. Seitdem wird angezeigt, dass der windows befehlsprozessor nicht junktioniert und das programm beendet wird. |
|
28.01.2014, 11:18
| #6 | |
| /// the machine /// TB-Ausbilder | Windows 7 Chrome Trojaner, Werbe-Popup Horror!Zitat:
und ein frisches FRST log bitte.
__________________ --> Windows 7 Chrome Trojaner, Werbe-Popup Horror! |
|
29.01.2014, 00:58
| #7 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror!FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-01-2014 03
Ran by Sara (administrator) on SARA-PC on 29-01-2014 00:52:48
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft) C:\Program Files\Yontoo\Y2Desktop.Updater.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ICQ) C:\Users\Sara\AppData\Roaming\ICQM\icq.exe
(Yontoo LLC) C:\Users\Sara\AppData\Roaming\Yontoo\YontooDesktop.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [RazorU] - C:\ProgramData\RazorU0\piztmhvct.exe [0 ] ()
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKCU\...\Run: [RazorU] - C:\ProgramData\RazorU0\piztmhvct.exe [0 ] ()
HKCU\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKCU\...\Run: [NextLive] - C:\Users\Sara\AppData\Roaming\newnext.me\nengine.dll [1283584 2013-11-14] (NewNextDotMe)
IFEO\hijackthis.exe: [Debugger] iuzn_.exe
IFEO\housecalllauncher.exe: [Debugger] cpii_.exe
IFEO\rstrui.exe: [Debugger] bjrw_.exe
IFEO\spybotsd.exe: [Debugger] cwrs_.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss_wls&mntrId=78F8D027882FB872
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=119777&tt=gc_&babsrc=SP_ss_wls&mntrId=78F8D027882FB872
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: IMinent WebBooster (BHO) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
BHO: Wajam - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files\Wajam\IE\priam_bho.dll (Wajam)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF user.js: detected! => C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\user.js
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF Extension: Babylon - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\ffxtlbr@babylon.com [2012-08-30]
FF Extension: SeeSimilar - C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\SeeSimilar@SeeSimilar.com [2013-07-17]
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Wajam) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2013-08-19]
CHR Extension: (PutLockerDownloader V3.0) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\koalekbhpbggkcfhkkbolikjoaobbppi [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (SeeSimilar) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf [2013-08-19]
CHR HKLM\...\Chrome\Extension: [jpmbfleldcgkldadpdinhjjopdfpjfjp] - C:\Users\Sara\AppData\Local\Wajam\Chrome\wajam.crx [2012-06-14]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-04-11]
CHR HKLM\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files\Yontoo\YontooLayers.crx [2013-04-11]
CHR HKLM\...\Chrome\Extension: [pggagllhehfjjfgnfnfkjedjlmbchamf] - C:\Users\Sara\AppData\Roaming\SeeSimilar\SeeSimilar.crx [2013-06-20]
CHR HKCU\...\Chrome\Extension: [docfnddcclkgokdfpnmngpiliiachclb] - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\ext_piccshare\ext_piccshare.crx [2013-06-20]
CHR HKCU\...\Chrome\Extension: [gbmdkmlcnbapgegninelmjbfibaghdmk] - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\ext_offermosquito\ext_offermosquito.crx [2013-06-20]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
S4 SProtection; C:\Program Files\Common Files\Umbrella\umbrella.exe [2864448 2013-08-06] (Iminent)
S4 WajamUpdater; C:\Program Files\Wajam\Updater\WajamUpdater.exe [109064 2012-06-14] (Wajam)
R2 Yontoo Desktop Updater; C:\Users\Sara\AppData\Roaming\Yontoo\YontooDesktop.exe [42784 2013-05-01] (Yontoo LLC)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
U3 mbr; C:\Users\Sara\AppData\Local\Temp\mbr.sys [25088 2014-01-29] ()
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 00:52 - 2014-01-29 00:52 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:25 - 2014-01-29 00:49 - 00000000 ____D C:\ComboFix
2014-01-27 14:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-27 14:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-27 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-27 14:47 - 2014-01-27 15:01 - 00000000 ____D C:\Windows\erdnt
2014-01-27 14:47 - 2014-01-27 14:50 - 00000000 ____D C:\Qoobox
2014-01-27 14:44 - 2014-01-29 00:22 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-26 15:35 - 2014-01-26 15:36 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-26 15:34 - 2014-01-29 00:52 - 01136640 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-26 15:34 - 2014-01-29 00:52 - 00016248 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-01-29 00:52 - 00000000 ____D C:\FRST
2014-01-16 16:42 - 2014-01-16 16:42 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i268594110_il3.exe
2014-01-15 23:56 - 2014-01-15 23:56 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i266846673_il3.exe
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-27 14:59 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:16 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-02 23:16 - 2014-01-02 23:17 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:15 - 2014-01-28 21:02 - 00000000 ____D C:\Users\Sara\AppData\Roaming\newnext.me
2014-01-02 23:15 - 2014-01-03 15:52 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:31 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:15 - 2014-01-02 23:17 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-29 00:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-02 23:14 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-02 23:14 - 2014-01-03 15:52 - 00000000 ____D C:\Program Files\MyPC Backup
2014-01-02 23:14 - 2014-01-03 15:51 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Systweak
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 23:12 - 2014-01-02 23:12 - 00672936 _____ ( ) C:\Users\Sara\Downloads\UltimateCodec.exe
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-01 03:51 - 2014-01-08 18:24 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:48 - 2014-01-01 03:50 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:42 - 2014-01-01 03:43 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
==================== One Month Modified Files and Folders =======
2014-01-29 00:53 - 2014-01-26 15:34 - 00016248 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-29 00:52 - 2014-01-29 00:52 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:52 - 2014-01-26 15:34 - 01136640 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-29 00:52 - 2014-01-26 15:34 - 00000000 ____D C:\FRST
2014-01-29 00:51 - 2013-05-09 14:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Yontoo
2014-01-29 00:50 - 2011-05-11 11:06 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-29 00:49 - 2014-01-29 00:25 - 00000000 ____D C:\ComboFix
2014-01-29 00:49 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 00:48 - 2013-08-05 19:37 - 00016726 _____ C:\Windows\setupact.log
2014-01-29 00:48 - 2013-08-05 19:37 - 00007948 _____ C:\Windows\PFRO.log
2014-01-29 00:48 - 2013-07-17 09:07 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 00:48 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 00:28 - 2013-07-17 09:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 00:26 - 2011-05-10 07:16 - 01136116 _____ C:\Windows\WindowsUpdate.log
2014-01-29 00:22 - 2014-01-27 14:44 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-29 00:14 - 2014-01-02 23:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-28 21:02 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Roaming\newnext.me
2014-01-28 15:06 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-28 15:06 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-27 15:01 - 2014-01-27 14:47 - 00000000 ____D C:\Windows\erdnt
2014-01-27 15:00 - 2011-05-10 07:25 - 00000000 ____D C:\Users\Sara
2014-01-27 14:59 - 2014-01-08 16:58 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-27 14:50 - 2014-01-27 14:47 - 00000000 ____D C:\Qoobox
2014-01-26 15:36 - 2014-01-26 15:35 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 20:31 - 2013-08-19 16:12 - 00002130 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-16 16:42 - 2014-01-16 16:42 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i268594110_il3.exe
2014-01-16 10:02 - 2009-07-14 05:33 - 00511712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-15 23:56 - 2014-01-15 23:56 - 00336936 _____ (Amônétízé Ltd) C:\Users\Sara\Downloads\FlashPlayersetup__3873_i266846673_il3.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-08 16:03 - 2013-05-09 14:16 - 00000000 ____D C:\Program Files\Yontoo
2014-01-04 17:12 - 2013-11-21 12:59 - 00000000 ____D C:\Users\Sara\Desktop\Neuer Ordner
2014-01-04 14:52 - 2012-10-12 20:07 - 00000000 ____D C:\Program Files\Steam
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-03 19:12 - 2011-11-07 09:37 - 00000000 ____D C:\spiele 0002
2014-01-03 15:56 - 2014-01-02 23:16 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-03 15:56 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-03 15:56 - 2012-04-03 19:05 - 00000000 ____D C:\ProgramData\DivX
2014-01-03 15:52 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-03 15:52 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\MyPC Backup
2014-01-03 15:51 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Systweak
2014-01-03 15:45 - 2011-05-10 08:38 - 00136000 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-02 23:31 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:17 - 2014-01-02 23:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:17 - 2014-01-02 23:15 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 23:12 - 2014-01-02 23:12 - 00672936 _____ ( ) C:\Users\Sara\Downloads\UltimateCodec.exe
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-02 00:17 - 2011-06-06 12:04 - 00000000 ____D C:\Users\Sara\Documents\My Games
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:50 - 2014-01-01 03:48 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:45 - 2011-05-10 09:50 - 00000000 ____D C:\Users\Sara\AppData\Local\Windows Live
2014-01-01 03:43 - 2014-01-01 03:42 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
Files to move or delete:
====================
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 16:22
==================== End Of Log ============================
Im Anhang ist der Screenshot der Fehlermeldung (diesesmal ist die Anwendung komplett durchgelaufen, der pc wurde neu gestartet, die Fehlermeldung wurde angezeigt bei dem Versuch die Log-Datei zu erstellen) |
|
29.01.2014, 17:03
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Downloade dir bitte Windows Repair (All In One) von hier.
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2014, 20:47
| #9 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.29.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 Sara :: SARA-PC [Administrator] 29.01.2014 20:14:08 mbam-log-2014-01-29 (20-14-08).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 244697 Laufzeit: 6 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 1 C:\Users\Sara\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. Infizierte Registrierungsschlüssel: 97 HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\SProtection (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wajam.WajamBHO (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{562B9316-C08A-444A-9482-62080DD851AE} (PUP.Optional.SpeedAnalysis3.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{01A602A0-D0B9-445B-8081-719E4177C4A7} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowControlCenterCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wajam.WajamDownloader.1 (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\wajam.WajamDownloader (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{26C9BBE4-6D45-4AB6-A5B4-E068C9F5EF6D} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{ACA608DB-A210-4253-B799-3FD24E9A7BF5} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ActiveContentHandle.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ActiveContentHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.BrowserHelperObject.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.BrowserHelperObject (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0af350d9-3916-454b-ac53-0b0b65f41301} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48d2-9061-8BBD4899EB08} (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Business.Tinyfying.DownloadArgs (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Business.Tinyfying.LinkToPromoteArgs (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Business.Tinyfying.RawDataArgs (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Business.Tinyfying.TinyUrlArgs (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Business.Tinyfying.ViralLinkArgs (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ClientCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ContractBase (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.AddToUserContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.CheckLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.CleanCacheCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GameOverCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetCreditCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetInstallationContextCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetLoginStatusResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.GetVariableResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.InstallationContextResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoadContentCommandResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LoginStatusChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.LogoutCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.MergeIdentityCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.MyAccountCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.PlayContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.PostContentCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.RecycleViewsCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.SetVariableCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowBrowserWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.ShowPluginWindowCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.TestContentCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.UserContentChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.VariableChangedCallback (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.WarmUpCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.DataContracts.WelcomeCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ServerCommand (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.Communication.ServerResult (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.LightContent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.LightUri (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Iminent.Mediator.MediatorServiceProxy (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ScriptExtender (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.ScriptExtender.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.TinyUrlHandler (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\IminentWebBooster.TinyUrlHandler.1 (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\priam_bho.DLL (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\1ClickDownload (PUP.Optional.1ClickDownload.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\WAJAM (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hijackthis.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\housecalllauncher.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\rstrui.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\spybotsd.exe (Security.Hijack) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\UMBRELLA (PUP.Optional.Umbrella.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 7 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RazorU (Trojan.Inject) -> Daten: C:\ProgramData\RazorU0\piztmhvct.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|RazorU (Trojan.Inject) -> Daten: C:\ProgramData\RazorU0\piztmhvct.exe -> Löschen bei Neustart. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|NextLive (PUP.Optional.NextLive.A) -> Daten: C:\Windows\system32\rundll32.exe "C:\Users\Sara\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0H1L1J1L1S1R1N -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Wajam|affiliate_id (PUP.Optional.Wajam.A) -> Daten: 6447 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Umbrella|MUpdBlock (PUP.Optional.Umbrella.A) -> Daten: { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 } } } -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\SProtection|ImagePath (PUP.Optional.Iminent.A) -> Daten: C:\Program Files\Common Files\Umbrella\umbrella.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 29 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\Bootstrapper (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\ro (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\Updater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\PutLockerDownloader (PUP.Optional.PutLocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\newnext.me (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\newnext.me\cache (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0 (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 131 c:\programdata\razoru0\piztmhvct.exe (Trojan.Inject) -> Löschen bei Neustart. C:\Program Files\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Common Files\Umbrella\umbrella.exe (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.WebBooster.InternetExplorer.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\FlashPlayersetup__3873_i266846673_il3.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\FlashPlayersetup__3873_i268594110_il3.exe (PUP.Optional.InstallMonetizer) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\iLividSetupV1.exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\UltimateCodec.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\setup_codec_3dx (1).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\setup_codec_3dx (2).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\setup_codec_3dx (3).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\setup_codec_3dx (4).exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\setup_codec_3dx.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\etypesetup.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\MCPatcher_downloader_by_MCPatcher.exe (PUP.Optional.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\SoftonicDownloader_fuer_meine-wohnung-click-design.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\SoftonicDownloader_fuer_painttool-sai.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\SoftonicDownloader_fuer_room-arranger.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\SoftonicDownloader_fuer_sweet-home-3d.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\iLividSetupV1 (1).exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\Downloads\iLividSetupV1 (2).exe (Affiliate.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Installer\95b2a3.msi (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\SearchTheWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Mediator.ActivePlayers.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\f_in_box.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.AxImp.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Booster.UI.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Business.Connect.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Business.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Business.tlb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Entity.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.exe.config (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.InstallLog (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.InstallState (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Microsoft.DirectX.AudioVideoPlayback.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Microsoft.Expression.Interactions.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\StartWeb.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\System.Data.SQLite.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\System.Data.SQLite.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\System.Windows.Interactivity.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\System.Windows.Interactivity.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\USearch.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\WPFLocalizeExtension.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\WPFLocalizeExtension.xml (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Mediator.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Mediator.tlb (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Messengers.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Messengers.exe.config (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Services.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.WinCore.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.WinCore.WLM.WinEvents.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.WinCore.WLM15.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.WinCore.Yahoo.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Windows.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\Iminent.Workflow.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\de\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\en\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\es\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\fr\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\main.ico (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\msacm32.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\SearchTheWeb.ico (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\Universely.ico (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\inst\Bootstrapper\Bootstrapper.exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\Microsoft.Expression.Interactions.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\it\System.Windows.Interactivity.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\ro\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\ro\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\ro\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr\Iminent.Booster.UI.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr\Iminent.Business.Connect.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr\Iminent.Messengers.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr\Iminent.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Iminent\tr\Iminent.Services.resources.dll (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\SearchTheWeb.lnk (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Blog.lnk (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\FAQ.lnk (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Help.lnk (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Iminent\Iminent.lnk (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\newnext.me\nengine.dll (PUP.Optional.NextLive.A) -> Löschen bei Neustart. C:\ProgramData\Iminent\Mediator\Datas\Cache\apix.iminent.com\1031.11575f00-7bdc-4181-ba0a-b298aeab228c.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Wajam\Updater\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx (PUP.Optional.PutLocker.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam\uninstall.lnk (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\newnext.me\nengine.cookie (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Roaming\newnext.me\cache\spark.bin (PUP.Optional.NextLive.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\manifest.json (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_128x128.png (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\priam_icon_48x48.png (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\html\background.html (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\background.js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\browserLoad.js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam.js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_background.js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp\1.34_0\js\priam_chrome.js (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 20:32:06
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Sara - SARA-PC
# Gestartet von : C:\Users\Sara\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Yontoo Desktop Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Trymedia
Ordner Gelöscht : C:\ProgramData\Alawar
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\PutLockerDownloader.com
Ordner Gelöscht : C:\Program Files\SeeSimilar
Ordner Gelöscht : C:\Program Files\Yontoo
Ordner Gelöscht : C:\Program Files\Common Files\Plasmoo
Ordner Gelöscht : C:\Program Files\Common Files\Umbrella
Ordner Gelöscht : C:\Windows\Installer\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
Ordner Gelöscht : C:\Users\Sara\AppData\Local\ext_piccshare
Ordner Gelöscht : C:\Users\Sara\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\Sara\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Sara\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Sara\AppData\Local\PutLockerDownloader
Ordner Gelöscht : C:\Users\Sara\AppData\Local\Wajam
Ordner Gelöscht : C:\Users\Sara\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Sara\AppData\LocalLow\Bandoo
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Bandoo
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Common\LuaRT
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\DataMgr
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Intermediate
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\SCheck
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\SeeSimilar
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\SSync
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Yontoo
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Alawar
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PutLockerDownloader.com
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Bandoo
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\Extensions\SeeSimilar@SeeSimilar.com
Ordner Gelöscht : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf
Datei Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\docfnddcclkgokdfpnmngpiliiachclb
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pggagllhehfjjfgnfnfkjedjlmbchamf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BandooCore.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.BandooCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.ResourcesMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.SettingsMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BandooCore.StatisticMngr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PutLockerDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\IminentMessenger
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\PutlockerDownloader_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Schlüssel Gelöscht : HKCU\Software\5ce88d1bc6aef47
Schlüssel Gelöscht : HKLM\SOFTWARE\5ce88d1bc6aef47
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_painttool-sai_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_painttool-sai_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1301A8A5-3DFB-4731-A162-B357D00C9644}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02C9C7B0-C7C8-4AAC-A9E4-55295BF60F8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0398B101-6DA7-473F-A290-17D2FBC88CC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0CC36196-8589-4B80-A771-D659411D7F90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{143D96F9-EB64-48B3-B192-91C2C41A1F43}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{14F7D91F-F669-45C9-9F42-BACBFDB86EAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{187A6488-6E71-4A2A-B118-7BEFBFE58257}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{27F69C85-64E1-43CE-98B5-3C9F22FB408E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2D065204-A024-4C39-8A38-EE7078EC7ACF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30F5476C-677B-4DB0-B397-51F5BFD86840}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3223F2FB-D9B9-45FC-9D66-CD717FFA4EE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{351798B1-C1D2-45AB-92B4-4D6C2D6AB5AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AEA1BEF-6195-46F4-ACA2-0ED14F7EFA1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3D7F9AC3-BAC3-4E51-81D7-D121D79E550A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4498C5E9-93C6-4142-B6BE-F0C6DC48B77A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{479BF2D6-E362-4A99-B1AB-BC764D7B97AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{492A108F-51D0-4BD8-899D-AD4AB2893064}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4B6D6E60-FBD2-4E79-BF4B-886BC98F1797}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60893E02-2E5B-43F9-A93A-BAD60C2DF6EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6D39931F-451E-4BDD-BAF4-37FB96DBBA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C684D2-C35D-4284-976A-D862F53ADB81}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{796D822A-C3F9-4A97-BAAB-42FE7628EA63}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{79EF3691-EC1A-4705-A01A-D2E36EC11758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{82F41418-8E64-47EB-A7F1-4702A974D289}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{85D920CE-63A7-46DC-8992-41D1D2E07FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{895ED5E8-ABB4-40C3-A0CA-2571964268E2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8AAC123A-1959-4A45-BFC5-E2D50783098A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A07956CD-81F8-4A03-B524-5D87E690DC83}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B543EF05-9758-464E-9F37-4C28525B4A4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B5E3B26B-6E5C-4865-A63D-58D04B10E245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B84D2DC5-42B2-4E5E-BF61-7B48152FF8EF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B89D5309-0367-4494-A92F-3D4C94F88307}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BB76A90B-2B4C-4378-8506-9A2B6E16943C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C014EBF8-8854-448B-B5A4-557C4090EDCE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C31191DB-2F64-464C-B97C-6AC81ACB7AAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C342C7A7-F622-4EF3-8B7F-ABB9FBE73F14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AB94A4-BFD0-4BBA-A331-DE504F07D2DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C4765B07-BC2F-477B-925C-B2BF24887823}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C875C0A1-09E3-48D5-9F8E-BD337796FD14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD126DA6-FF5B-4181-AC13-54A62240D2FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8F01233-2DE6-4EE7-8988-37263F00651B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD438708-AAB4-422D-A322-B619589F5680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E812AE43-7799-4E67-8CF8-4104297A2D16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F0BAAEC7-9AE0-49FF-9C4B-86E774FF397F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F92193FD-2243-4401-9ACC-49FF30885898}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD21B8A2-910B-45AC-9C10-45E6A8B84984}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06DE5702-44CF-4B79-B4EF-3DDF653358F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{477F210A-2A86-4666-9C4B-1189634D2C84}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6F43FA77-C18F-4D0C-9C7E-958876FE2061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF948646-8BF4-450E-A059-CF8A4E0FE2BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E96B49B0-E11F-48FC-984A-EEC29A4F57E1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FF871E51-2655-4D06-AED5-745962A96B32}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{0C58B7D1-D415-492B-A149-E976156BD3B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8F5F1CB6-EA9E-40AF-A5CA-C7FD63CC1971}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6087829B-114F-42A1-A72B-B4AEDCEA4E5B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{424624F4-C5DD-4E1D-BDD0-1E9C9B7799CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F000001-DB8E-F89C-2FEC-49BF726F8C12}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9C8A3CA5-889E-4554-BEEC-EC0876E4E96A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F9189560-573A-4FDE-B055-AE7B0F4CF080}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\httogroup
Schlüssel Gelöscht : HKCU\Software\ilivid
Schlüssel Gelöscht : HKCU\Software\piccshare
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\Bandoo
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Wajam
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\piccshare
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5CDCDBCD-119A-4AE1-9C55-B816DBBE4245}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SeeSimilar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v3.6.18 (en-US)
[ Datei : C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=110808&tt=3512_7");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dpk", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "5B05BF320D67146F953B17230176DCD5");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "78f88f36000000000000d027882fb872");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15582");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1211:59:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.pnu_tb9", "{\"newVrsn\":\"7\",\"lastVrsn\":\"7\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=78f88f36000000000000d027882fb872&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1211:59:23");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110808&tt=3512_7");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1211:59:23");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.babTrack", "affID=110808&tt=3512_7");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "17");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "30066CE0569E2C189B8CCC5ED4D105E3");
Zeile gelöscht : user_pref("extensions.delta.hmpg", false);
Zeile gelöscht : user_pref("extensions.delta.id", "78f88f36000000000000d027882fb872");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15834");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "czb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1615:18:11");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.enabledItems", "ffox@bandoo.com:5.1,ffxtlbr@babylon.com:1.5.0,ffxtlbr@delta.com:1.5.0,plugin@yontoo.com:1.20.02,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18");
Zeile gelöscht : user_pref("extensions.newAddons", "plugin@yontoo.com,ffxtlbr@delta.com");
Zeile gelöscht : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "c1896d0b-caae-44cd-b899-0eb0e26f03c7");
-\\ Google Chrome v32.0.1700.102
[ Datei : C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [25874 octets] - [29/01/2014 20:30:48]
AdwCleaner[S0].txt - [25820 octets] - [29/01/2014 20:32:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [25881 octets] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.0 (01.07.2014:1) OS: Windows 7 Professional x86 Ran by Sara on 29.01.2014 at 20:41:08,86 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3956404115-2358615362-3616498794-1000\Software\sweetim Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\big fish games" Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 29.01.2014 at 20:42:56,92 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Sara (administrator) on SARA-PC on 29-01-2014 20:44:22
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(ICQ) C:\Users\Sara\AppData\Roaming\ICQM\icq.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Thisisu) C:\Users\Sara\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKCU\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-08-25]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:30 - 2014-01-29 20:32 - 00000000 ____D C:\AdwCleaner
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:10 - 2014-01-29 20:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 20:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 19:40 - 2014-01-29 20:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D C:\RegBackup
2014-01-29 19:23 - 2014-01-29 19:23 - 00003408 ____N C:\bootsqm.dat
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:52 - 2014-01-29 20:44 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:25 - 2014-01-29 00:49 - 00000000 ____D C:\ComboFix
2014-01-27 14:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-27 14:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-27 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-27 14:47 - 2014-01-27 15:01 - 00000000 ____D C:\Windows\erdnt
2014-01-27 14:47 - 2014-01-27 14:50 - 00000000 ____D C:\Qoobox
2014-01-27 14:44 - 2014-01-29 00:22 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-26 15:35 - 2014-01-26 15:36 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-26 15:34 - 2014-01-29 20:44 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-26 15:34 - 2014-01-29 20:44 - 00012922 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-01-29 20:44 - 00000000 ____D C:\FRST
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-27 14:59 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:16 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-02 23:16 - 2014-01-02 23:17 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:15 - 2014-01-03 15:52 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:31 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:15 - 2014-01-02 23:17 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-29 20:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-02 23:14 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-01 03:51 - 2014-01-08 18:24 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:48 - 2014-01-01 03:50 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:42 - 2014-01-01 03:43 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
==================== One Month Modified Files and Folders =======
2014-01-29 20:44 - 2014-01-29 00:52 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 20:44 - 2014-01-26 15:34 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-29 20:44 - 2014-01-26 15:34 - 00012922 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-29 20:44 - 2014-01-26 15:34 - 00000000 ____D C:\FRST
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:39 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 20:39 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 20:38 - 2011-05-10 07:28 - 01621400 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-29 20:36 - 2013-07-17 09:07 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 20:36 - 2011-05-11 11:06 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-29 20:34 - 2013-08-05 19:37 - 00017006 _____ C:\Windows\setupact.log
2014-01-29 20:34 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 20:32 - 2014-01-29 20:30 - 00000000 ____D C:\AdwCleaner
2014-01-29 20:32 - 2011-05-10 07:16 - 01204275 _____ C:\Windows\WindowsUpdate.log
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:28 - 2013-07-17 09:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 20:25 - 2011-05-10 08:38 - 00136000 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 20:24 - 2013-08-05 19:37 - 00049416 _____ C:\Windows\PFRO.log
2014-01-29 20:24 - 2013-05-09 14:28 - 00000000 __SHD C:\ProgramData\RazorU0
2014-01-29 20:24 - 2009-09-18 17:30 - 00000000 ____D C:\Windows\de-DE
2014-01-29 20:14 - 2014-01-02 23:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:11 - 2014-01-29 20:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 20:05 - 2009-07-14 05:33 - 00511712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:03 - 2014-01-29 19:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:39 - 2013-08-19 16:12 - 00002130 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D C:\RegBackup
2014-01-29 19:23 - 2014-01-29 19:23 - 00003408 ____N C:\bootsqm.dat
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:49 - 2014-01-29 00:25 - 00000000 ____D C:\ComboFix
2014-01-29 00:49 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 00:22 - 2014-01-27 14:44 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-27 15:01 - 2014-01-27 14:47 - 00000000 ____D C:\Windows\erdnt
2014-01-27 15:00 - 2011-05-10 07:25 - 00000000 ____D C:\Users\Sara
2014-01-27 14:59 - 2014-01-08 16:58 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-27 14:50 - 2014-01-27 14:47 - 00000000 ____D C:\Qoobox
2014-01-26 15:36 - 2014-01-26 15:35 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 17:12 - 2013-11-21 12:59 - 00000000 ____D C:\Users\Sara\Desktop\Neuer Ordner
2014-01-04 14:52 - 2012-10-12 20:07 - 00000000 ____D C:\Program Files\Steam
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-03 19:12 - 2011-11-07 09:37 - 00000000 ____D C:\spiele 0002
2014-01-03 15:56 - 2014-01-02 23:16 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-03 15:56 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-03 15:56 - 2012-04-03 19:05 - 00000000 ____D C:\ProgramData\DivX
2014-01-03 15:52 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:31 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:17 - 2014-01-02 23:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:17 - 2014-01-02 23:15 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-02 00:17 - 2011-06-06 12:04 - 00000000 ____D C:\Users\Sara\Documents\My Games
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:50 - 2014-01-01 03:48 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:45 - 2011-05-10 09:50 - 00000000 ____D C:\Users\Sara\AppData\Local\Windows Live
2014-01-01 03:43 - 2014-01-01 03:42 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
Files to move or delete:
====================
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 16:22
==================== End Of Log ============================
--- --- --- |
|
30.01.2014, 16:30
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7 Chrome Trojaner, Werbe-Popup Horror!ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.01.2014, 10:34
| #11 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=e7c66bcac6731d4b809eeda67d9744ba # engine=16871 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-01-31 03:22:05 # local_time=2014-01-31 04:22:05 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776574 100 94 4929880 142769716 0 0 # scanned=388757 # found=12 # cleaned=0 # scan_time=18226 sh=0144DAD6530EDBF83280FF7B7ACE933567C6AF13 ft=1 fh=1852f3471a1c93e3 vn="Win32/AdWare.Yontoo.F application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Yontoo\Y2Desktop.Updater.exe.vir" sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir" sh=D6CF7460A4F696A0E053E042B09C92A7970F30BD ft=1 fh=3da28455addb719c vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir" sh=6C2C50D9C50E39CED222B13580C9F6CF9DCC9B65 ft=1 fh=0fc1e47e1a397901 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="C:\Program Files\Dead Island Riptide\Game.exe" sh=6C2C50D9C50E39CED222B13580C9F6CF9DCC9B65 ft=1 fh=0fc1e47e1a397901 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="C:\Programme\Dead Island Riptide\Game.exe" sh=6C2C50D9C50E39CED222B13580C9F6CF9DCC9B65 ft=1 fh=0fc1e47e1a397901 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\RazorU0\piztmhvct.exe.vir" sh=ACFD7F89AE9F22605B240DC7E15773B6D54B6889 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\RazorU0\_piztmhvct_.exe.zip" sh=EB99D95890FB4C477BBC58C1F0D0024282ED294F ft=0 fh=0000000000000000 vn="VBS/CoinMiner.N trojan" ac=I fn="C:\Qoobox\Quarantine\C\Users\Sara\AppData\Roaming\WindowsHelp\usft_ext.exe.vbs.vir" sh=0000000000000000000000000000000000000000 ft=- fh=0000000000000000 vn="Win32/CoinMiner.BX trojan" ac=I fn="D:\Sara\UseNeXT\wizard\Dead Island Riptide - Reloaded\rld-deisrtn.iso" sh=6E77D2869692E896CABD2232B1C8B43FC1EF5C27 ft=0 fh=0000000000000000 vn="a variant of Win32/Packed.VMProtect.AAH trojan" ac=I fn="G:\Filme\Lords Usenet - Partner SSL - News - The Elder Scro\de-tesvsdb.iso" sh=2563EE52329A14930BAF79805FBC442BCED029B2 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="G:\Spiele\Dead island riptide\JDownload's\8748484LN.rar" sh=6C2C50D9C50E39CED222B13580C9F6CF9DCC9B65 ft=1 fh=0fc1e47e1a397901 vn="a variant of Win32/Injector.AKXG trojan" ac=I fn="G:\Spiele\Dead island riptide\JDownload's\DIR LAN FIX\LAN FIX\Game.exe" Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x86 (UAC is disabled!) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 CCleaner Java(TM) 6 Update 25 Java 7 Update 25 Java version out of Date! Adobe Flash Player 10 Flash Player out of Date! Adobe Flash Player 11.9.900.170 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox (3.6.18) Firefox out of Date! Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.76 ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 29-01-2014 01
Ran by Sara (administrator) on SARA-PC on 31-01-2014 10:33:51
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Valve Corporation) C:\Program Files\Steam\Steam.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKCU\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKCU\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
HKCU\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_9_900_170_Plugin.exe -update plugin [839560 2013-12-15] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-08-25]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl3cc84fd8; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{8E4BB91B-B42F-4B2E-9CFB-0126F2A983C8}\MpKsl3cc84fd8.sys [40392 2014-01-30] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
R3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [x]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [x]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ C:\Users\Sara\Desktop\Don't Starve.url
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:30 - 2014-01-29 20:32 - 00000000 ____D C:\AdwCleaner
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:10 - 2014-01-29 20:11 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 20:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 19:40 - 2014-01-29 20:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:52 - 2014-01-29 20:44 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:25 - 2014-01-29 00:49 - 00000000 ____D C:\ComboFix
2014-01-27 14:50 - 2011-06-26 07:45 - 00256000 _____ C:\Windows\PEV.exe
2014-01-27 14:50 - 2010-11-07 18:20 - 00208896 _____ C:\Windows\MBR.exe
2014-01-27 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00098816 _____ C:\Windows\sed.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00080412 _____ C:\Windows\grep.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00068096 _____ C:\Windows\zip.exe
2014-01-27 14:47 - 2014-01-27 15:01 - 00000000 ____D C:\Windows\erdnt
2014-01-27 14:47 - 2014-01-27 14:50 - 00000000 ____D C:\Qoobox
2014-01-27 14:44 - 2014-01-29 00:22 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-26 15:35 - 2014-01-26 15:36 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-26 15:34 - 2014-01-31 10:33 - 00013103 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-01-31 10:33 - 00000000 ____D C:\FRST
2014-01-26 15:34 - 2014-01-29 20:44 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-27 14:59 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:16 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-02 23:16 - 2014-01-02 23:17 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:15 - 2014-01-03 15:52 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:31 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:15 - 2014-01-02 23:17 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-31 10:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-02 23:14 - 2014-01-03 15:56 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-01 03:51 - 2014-01-08 18:24 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:48 - 2014-01-01 03:50 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:42 - 2014-01-01 03:43 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
==================== One Month Modified Files and Folders =======
2014-01-31 10:33 - 2014-01-26 15:34 - 00013103 _____ C:\Users\Sara\Downloads\FRST.txt
2014-01-31 10:33 - 2014-01-26 15:34 - 00000000 ____D C:\FRST
2014-01-31 10:28 - 2013-07-17 09:07 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-31 10:14 - 2014-01-02 23:14 - 00000284 _____ C:\Windows\Tasks\FoxTab.job
2014-01-31 03:00 - 2011-05-10 07:16 - 01213141 _____ C:\Windows\WindowsUpdate.log
2014-01-31 02:14 - 2012-02-27 21:20 - 00000000 ____D C:\Users\Sara\AppData\Roaming\TS3Client
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 23:14 - 2011-05-10 07:28 - 01621400 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-30 20:28 - 2013-07-17 09:07 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 17:27 - 2012-10-12 20:07 - 00000000 ____D C:\Program Files\Steam
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ C:\Users\Sara\Desktop\Don't Starve.url
2014-01-30 15:14 - 2013-08-05 19:37 - 00017286 _____ C:\Windows\setupact.log
2014-01-30 15:14 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:14 - 2009-07-14 05:34 - 00019152 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 15:11 - 2011-05-11 11:06 - 00000000 ____D C:\Program Files\Common Files\Akamai
2014-01-30 15:09 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-29 20:44 - 2014-01-29 00:52 - 00000000 ____D C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 20:44 - 2014-01-26 15:34 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:32 - 2014-01-29 20:30 - 00000000 ____D C:\AdwCleaner
2014-01-29 20:32 - 2013-07-17 09:05 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Common
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:25 - 2011-05-10 08:38 - 00136000 _____ C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 20:24 - 2013-08-05 19:37 - 00049416 _____ C:\Windows\PFRO.log
2014-01-29 20:24 - 2013-05-09 14:28 - 00000000 __SHD C:\ProgramData\RazorU0
2014-01-29 20:24 - 2009-09-18 17:30 - 00000000 ____D C:\Windows\de-DE
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:11 - 2014-01-29 20:10 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 20:05 - 2009-07-14 05:33 - 00511712 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:03 - 2014-01-29 19:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:39 - 2013-08-19 16:12 - 00002130 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:49 - 2014-01-29 00:25 - 00000000 ____D C:\ComboFix
2014-01-29 00:49 - 2009-07-14 03:04 - 00000215 _____ C:\Windows\system.ini
2014-01-29 00:22 - 2014-01-27 14:44 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-27 15:01 - 2014-01-27 14:47 - 00000000 ____D C:\Windows\erdnt
2014-01-27 15:00 - 2011-05-10 07:25 - 00000000 ____D C:\Users\Sara
2014-01-27 14:59 - 2014-01-08 16:58 - 00000000 ____D C:\Program Files\ESO Survey Live
2014-01-27 14:50 - 2014-01-27 14:47 - 00000000 ____D C:\Qoobox
2014-01-26 15:36 - 2014-01-26 15:35 - 00033647 _____ C:\Users\Sara\Downloads\Addition.txt
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
2014-01-04 17:12 - 2013-11-21 12:59 - 00000000 ____D C:\Users\Sara\Desktop\Neuer Ordner
2014-01-04 14:51 - 2014-01-04 14:51 - 00000676 _____ C:\Users\Sara\Desktop\The Elder Scrolls V Skyrim - Verknüpfung.lnk
2014-01-03 19:12 - 2011-11-07 09:37 - 00000000 ____D C:\spiele 0002
2014-01-03 15:56 - 2014-01-02 23:16 - 00000000 ____D C:\Program Files\Common Files\DivX Shared
2014-01-03 15:56 - 2014-01-02 23:14 - 00000000 ____D C:\Program Files\DSP-worx
2014-01-03 15:56 - 2012-04-03 19:05 - 00000000 ____D C:\ProgramData\DivX
2014-01-03 15:52 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\Mobogenie
2014-01-02 23:31 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\cache
2014-01-02 23:21 - 2014-01-02 23:21 - 35527107 _____ C:\Users\Sara\Downloads\Enhanced_Blood_Textures_2_0-60-2-0.rar
2014-01-02 23:21 - 2014-01-02 23:21 - 04056962 _____ C:\Users\Sara\Downloads\Detailed_Faces-2_00-26-2-0.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 40763536 _____ C:\Users\Sara\Downloads\RWTT_2-1_High_U3-711.7z
2014-01-02 23:20 - 2014-01-02 23:20 - 04884125 _____ C:\Users\Sara\Downloads\Glowing_Ore_Veins_300_2_00-193-1.rar
2014-01-02 23:17 - 2014-01-02 23:16 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DivX
2014-01-02 23:17 - 2014-01-02 23:15 - 00000212 _____ C:\Users\Sara\daemonprocess.txt
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\Documents\Mobogenie
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\AppData\Local\genienext
2014-01-02 23:15 - 2014-01-02 23:15 - 00000000 ____D C:\Users\Sara\.android
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\LavFilters
2014-01-02 23:14 - 2014-01-02 23:14 - 00000000 ____D C:\Users\Sara\AppData\Roaming\CDXReader
2014-01-02 23:13 - 2014-01-02 23:13 - 00000000 ____D C:\Users\Sara\AppData\Roaming\DigitalSites
2014-01-02 21:10 - 2014-01-02 21:10 - 00001773 _____ C:\Users\Sara\Desktop\BioShock Infinite.lnk
2014-01-02 00:17 - 2011-06-06 12:04 - 00000000 ____D C:\Users\Sara\Documents\My Games
2014-01-01 03:51 - 2014-01-01 03:51 - 00001060 _____ C:\Users\Sara\Desktop\GIMP 2.lnk
2014-01-01 03:51 - 2014-01-01 03:51 - 00000000 ____D C:\Users\Sara\AppData\Local\gegl-0.2
2014-01-01 03:50 - 2014-01-01 03:48 - 00000000 ____D C:\Program Files\GIMP 2
2014-01-01 03:45 - 2011-05-10 09:50 - 00000000 ____D C:\Users\Sara\AppData\Local\Windows Live
2014-01-01 03:43 - 2014-01-01 03:42 - 90396104 _____ (The GIMP Team ) C:\Users\Sara\Downloads\gimp-2.8.10-setup.exe
Files to move or delete:
====================
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 15:37
==================== End Of Log ============================
--- --- --- |
|
31.01.2014, 10:36
| #12 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! wollte fragen was folgende fehlermeldung bedeutet, kommt relativ oft, wenn ich programme starten will. Ansonnsten vielen Dank für deine Hilfe, ich werde nichtmehr von Werbung erschlagen ^^ |
|
01.02.2014, 10:14
| #13 |
| /// the machine /// TB-Ausbilder | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Java, Flash , ADobe und Firefox updaten. Das Spiel welches ESET angemeckert hat würde ich löschen. Bei welchen Programmen kommt das? FRST bitte öffnen, Haken setzen bei Addditional und scannen, poste bitte beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.02.2014, 21:12
| #14 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! es öffnet sich bei unterschiedlichen sachen, immer direkt nachdem ich den pc hochgefahren hab. manchmal beim starten vom internetexplorer, manchmal bei GW2, oder anderen Programmen. FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Sara (administrator) on SARA-PC on 04-02-2014 21:09:40
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ICQ) C:\Users\Sara\AppData\Roaming\ICQM\icq.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\Sara\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-08-25]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 21:06 - 2014-02-04 21:07 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST (1).exe
2014-02-04 20:56 - 2014-02-04 20:56 - 00000782 _____ () C:\Windows\PFRO.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000056 _____ () C:\Windows\setupact.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ () C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ () C:\Users\Sara\Desktop\Don't Starve.url
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:30 - 2014-01-29 20:32 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ () C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:10 - 2014-01-29 20:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 19:40 - 2014-01-29 20:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D () C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ () C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D () C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:52 - 2014-01-29 20:44 - 00000000 ____D () C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:25 - 2014-01-29 00:49 - 00000000 ____D () C:\ComboFix
2014-01-27 14:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-27 14:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-27 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-27 14:47 - 2014-01-27 15:01 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 14:47 - 2014-01-27 14:50 - 00000000 ____D () C:\Qoobox
2014-01-27 14:44 - 2014-01-29 00:22 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-26 15:35 - 2014-01-26 15:36 - 00033647 _____ () C:\Users\Sara\Downloads\Addition.txt
2014-01-26 15:34 - 2014-02-04 21:10 - 00013186 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-02-04 21:09 - 00000000 ____D () C:\FRST
2014-01-26 15:34 - 2014-01-29 20:44 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ () C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ () C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-27 14:59 - 00000000 ____D () C:\Program Files\ESO Survey Live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ () C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
==================== One Month Modified Files and Folders =======
2014-02-04 21:10 - 2014-01-26 15:34 - 00013186 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-02-04 21:09 - 2014-01-26 15:34 - 00000000 ____D () C:\FRST
2014-02-04 21:07 - 2014-02-04 21:06 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST (1).exe
2014-02-04 21:06 - 2011-05-10 07:16 - 01372752 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 21:04 - 2009-07-14 05:34 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:04 - 2009-07-14 05:34 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:00 - 2011-05-10 07:28 - 01621400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 20:58 - 2011-05-11 11:06 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-02-04 20:57 - 2013-07-17 09:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 20:56 - 2014-02-04 20:56 - 00000782 _____ () C:\Windows\PFRO.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000056 _____ () C:\Windows\setupact.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 20:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 10:40 - 2012-10-12 20:07 - 00000000 ____D () C:\Program Files\Steam
2014-01-31 10:39 - 2011-05-10 17:12 - 00000000 ____D () C:\Windows\Panther
2014-01-31 10:28 - 2013-07-17 09:07 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ () C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-31 10:14 - 2014-01-02 23:14 - 00000284 _____ () C:\Windows\Tasks\FoxTab.job
2014-01-31 02:14 - 2012-02-27 21:20 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\TS3Client
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ () C:\Users\Sara\Desktop\Don't Starve.url
2014-01-29 20:44 - 2014-01-29 00:52 - 00000000 ____D () C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 20:44 - 2014-01-26 15:34 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:32 - 2014-01-29 20:30 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:32 - 2013-07-17 09:05 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Common
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ () C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:25 - 2011-05-10 08:38 - 00136000 _____ () C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 20:24 - 2013-05-09 14:28 - 00000000 __SHD () C:\ProgramData\RazorU0
2014-01-29 20:24 - 2009-09-18 17:30 - 00000000 ____D () C:\Windows\de-DE
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:11 - 2014-01-29 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:05 - 2009-07-14 05:33 - 00511712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:03 - 2014-01-29 19:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:39 - 2013-08-19 16:12 - 00002130 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D () C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ () C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D () C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:49 - 2014-01-29 00:25 - 00000000 ____D () C:\ComboFix
2014-01-29 00:49 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-01-29 00:22 - 2014-01-27 14:44 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-27 15:01 - 2014-01-27 14:47 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 15:00 - 2011-05-10 07:25 - 00000000 ____D () C:\Users\Sara
2014-01-27 14:59 - 2014-01-08 16:58 - 00000000 ____D () C:\Program Files\ESO Survey Live
2014-01-27 14:50 - 2014-01-27 14:47 - 00000000 ____D () C:\Qoobox
2014-01-26 15:36 - 2014-01-26 15:35 - 00033647 _____ () C:\Users\Sara\Downloads\Addition.txt
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D () C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ () C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ () C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ () C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
Files to move or delete:
====================
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 15:37
==================== End Of Log ============================
--- --- --- --- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Sara at 2014-02-04 21:10:55
Running from C:\Users\Sara\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Wulin (Version: 0.0.1.011 - gPotato)
AION Free-To-Play (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (Version: 2.70.0000 - Gameforge) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atlantica (Version: 21662 - NEXON Europe S.A.R.L)
Audacity 1.2.6 (Version: - )
Biet-O-Matic v2.14.12 (Version: 2.14.12 - BOM Development Team)
BioShock Infinite (Version: - Irrational Games)
Black & White® 2 (Version: 1.00.0000 - Lionhead Studios)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (Version: - )
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0 - Brother Industries, Ltd.)
Cake Mania 2 (Version: - )
Cake Mania 3 (Version: - )
Call of Duty Black Ops II (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.20 - Piriform)
Corel Graphics - Windows Shell Extension (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Painter 12 - IPM (Version: 12.4 - Corel Corporation) Hidden
Corel Painter 12 (Version: 12.2.1.1212 - Corel Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (Version: 5.1.0.0333 - DT Soft Ltd)
DarksidersInstaller (Version: 1.00.1000 - Ihr Firmenname)
DarkWave Studio 3.2.9 (Version: 3.2.9 - ExperimentalScene)
Dead Island Riptide (c) Deep Silver version 1 (Version: 1 - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Deponia (Version: 1.0 - Daedalic Entertainment)
Diablo III (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Kunst des Mordens - Die geheimen Akten (Version: - )
Diner Dash 2 Restaurant Rescue (Version: - )
Diner Dash 5: BOOM (Version: - )
Diner Dash Flo on the Go (Version: - )
Diner Dash: Flo Through Time (Version: - )
Dishonored (Version: - )
Disney Toontown Online (Version: - Walt Disney Internet Group)
DivX-Setup (Version: 2.6.1.8 - DivX, LLC)
Don't Starve (Version: - Klei Entertainment)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
EasyBits GO (HKCU Version: - EasyBits Media)
Enlightenus (Version: - )
EPSON-Drucker-Software (Version: - )
ESO Survey Live version 1.3.0 (Version: 1.3.0 - Immersyve, Inc.)
F.A.C.E.S. (Version: - )
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fairy Maids (Version: - )
Farm Craft (Version: - )
Farm Tribe (Version: - )
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio CD Burner version 1.4.8 (Version: - DVDVideoSoft Limited.)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Chrome Frame (Version: 65.119.72 - Google, Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (Version: - NCsoft Corporation, Ltd.)
Haunted Halls: Kindheitsängste Sammleredition (Version: - )
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
ICQ 8.0 (build 6017) (HKCU Version: 8.0.6017.0 - Mail.Ru)
ICQ7.5 (Version: 7.5 - ICQ)
Inkscape 0.48.0 (Version: 0.48.0 - )
Install(GE) (Version: 1.0 - AeriaGames)
IrfanView (remove only) (Version: 4.28 - Irfan Skiljan)
iTunes (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (Version: 6.0.250 - Oracle)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4 - )
League of Legends (Version: 1.02.0000 - Riot Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.) Hidden
MabinogiEU (Version: - devCAT)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x86 (Version: 1.0.0 - Microsoft)
Minecraft Cracked (Version: 1.4.7 - MINECRAFTinstall.net)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
Mystic Inn (Version: - )
NC Launcher (GameForge) (Version: - NCsoft)
NVIDIA PhysX (Version: 9.09.0203 - NVIDIA Corporation)
Online Games Manager v1.20 (Version: 1.20.13 - Real Networks, Inc.)
Orcs Must Die 2 (Version: - )
Origin (Version: 9.0.2.2065 - Electronic Arts, Inc.)
Overlord II (Version: 1.0 - Codemasters)
Painter 12 - Content (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - DE (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - FR (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - IT (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Painter (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.4 - Corel Corporation) Hidden
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
Pangya (Ntreev USA) (Version: - )
Path of Exile (Version: - Grinding Gear Games)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plantasia (Version: - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Razer Synapse 2.0 (Version: 1.13.1 - Razer Inc.)
Room Arranger (Version: 5.6.8 - Jan Adamec)
Sacred 2 (Version: 2.0.2.0 - Ascaron Entertainment)
Sandlot Games Client Services 1.2.2 (Version: - Sandlot Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sonic & All-Stars Racing Transformed (Version: - Sumo Digital)
SPORE™ (Version: 1.00.0000 - Electronic Arts)
Steam (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (Version: 4.1.72.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 6 (Version: 6.0.10511 - TeamViewer GmbH)
TERA (Version: 16.04 - Frogster Online Gaming GmbH)
The Elder Scrolls Online Beta (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (Version: - Bethesda Game Studios)
Trust 5.1 Surround Headset (Version: - )
Twisted Lands - Insomniac (Version: - )
UltraStar Deluxe (Version: 1.1 - USDX Team)
Uninstall 1.0.0.1 (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
Urban Legends: The Maze (Version: - )
UseNeXT by Tangysoft (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.9 (Version: 1.1.9 - VideoLAN)
War of Angels (Version: - )
Warframe (Version: - Digital Extremes)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (Version: 5.3.0.17128 - Blizzard Entertainment)
YouTube Song Downloader (Version: 7.92 - Abelssoft)
YouTube Song Downloader (Version: 8.2 - Abelssoft)
==================== Restore Points =========================
29-01-2014 18:36:30 Tweaking.com - Windows Repair
30-01-2014 16:25:54 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 03:04 - 2014-01-29 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0565C2F2-F6E2-4B7D-B4CA-A3315A833AAE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {12D6E651-F8B2-4144-BD21-00CD802F3DBB} - System32\Tasks\RNUpgradeHelperResumePrompt_Sara => C:\Users\Sara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe [2011-06-27] (RealNetworks, Inc.)
Task: {1397BF44-6D5E-4804-BFDF-59710A9196A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50C5F7EA-4332-4E16-8CA9-04795B6E0B09} - System32\Tasks\{4D262156-A9F7-4BF1-914E-AFA7D9CD1406} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9CD27547-D76B-40ED-B8D5-3935F9E57236} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {CA066D31-83D1-4529-BE0D-6941F1F83945} - System32\Tasks\FoxTab => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF956DD2-1F2B-47E3-9243-7989021CB6AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {D8A7ADB3-735C-4459-A3C3-A1C3B8B23F79} - System32\Tasks\Windows Update Check - 0x0F2A0355 => C:\ProgramData\RazorU0\piztmhvct.exe
Task: {EA7000B4-8AC2-4291-8E88-DE8541914866} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F681302C-CB0D-4F1F-8533-93EE7E29573F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-20 01:09 - 2013-04-20 01:09 - 00851456 _____ () C:\Users\Sara\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 19:39 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 19:39 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:149327FE
AlternateDataStreams: C:\ProgramData\TEMP:1604D047
AlternateDataStreams: C:\ProgramData\TEMP:162E02F7
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0
AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:439E3411
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:46A2F27B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B12D1A7D
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E2458802
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:FB08C210
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2014 09:10:58 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:10:58.181]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:10:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:10:23.677]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:09:49.174]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:14 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:09:14.671]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:40 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:08:40.167]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:08:05.663]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:07:31 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:07:31.160]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:56 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:06:56.355]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:21 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:06:21.830]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:05:47 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:05:47.328]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
System errors:
=============
Error: (02/04/2014 08:57:13 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (02/04/2014 08:56:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2014 08:56:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (02/04/2014 08:56:07 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:05 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:04 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:03 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (01/30/2014 11:15:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (01/30/2014 11:14:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (01/30/2014 11:13:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Microsoft Office Sessions:
=========================
Error: (02/04/2014 09:10:58 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:10:58.181]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:10:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:10:23.677]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:49 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:09:49.174]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:14 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:09:14.671]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:40 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:08:40.167]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:05 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:08:05.663]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:07:31 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:07:31.160]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:56 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:06:56.355]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:21 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:06:21.830]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:05:47 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:05:47.328]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 2295.18 MB
Available physical RAM: 1045.84 MB
Total Pagefile: 6389.47 MB
Available Pagefile: 4640.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.28 MB
==================== Drives ================================
Drive c: (Programme) (Fixed) (Total:488.18 GB) (Free:75.96 GB) NTFS
Drive d: (Datein) (Fixed) (Total:443.23 GB) (Free:233.5 GB) NTFS
Drive f: (DEPONIA) (CDROM) (Total:2.55 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 48443A2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-02-2014
Ran by Sara (administrator) on SARA-PC on 04-02-2014 21:09:40
Running from C:\Users\Sara\Downloads
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Razer Inc.) C:\Program Files\Razer\Synapse\RzSynapse.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(ICQ) C:\Users\Sara\AppData\Roaming\ICQM\icq.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTAgent.exe
(Akamai Technologies, Inc.) C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Farbar) C:\Users\Sara\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Razer Synapse] - C:\Program Files\Razer\Synapse\RzSynapse.exe [606040 2013-08-15] (Razer Inc.)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [6210840 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\...\Run: [DivXMediaServer] - C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [icq] - C:\Users\Sara\AppData\Roaming\ICQM\icq.exe [27598184 2013-04-20] (ICQ)
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Sara\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3956404115-2358615362-3616498794-1000\...\Run: [DAEMON Tools Pro Agent] - C:\Program Files\DAEMON Tools Pro\DTAgent.exe [3111744 2012-04-26] (DT Soft Ltd)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/?gws_rd=cr
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\32.0.1700.102\npchrome_frame.dll (Google Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default
FF NetworkProxy: "type", 0
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Users\Sara\AppData\Roaming\Mozilla\Firefox\Profiles\ix9b8sac.default\searchplugins\search_the_web.xml
FF StartMenuInternet: FIREFOX.EXE - C:\Spiele\firefox.exe
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-19]
CHR Extension: (Google Drive) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-19]
CHR Extension: (YouTube) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-19]
CHR Extension: (Google Wallet) - C:\Users\Sara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR HKLM\...\Chrome\Extension: [koalekbhpbggkcfhkkbolikjoaobbppi] - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx [2013-08-25]
========================== Services (Whitelisted) =================
R2 Akamai; c:\program files\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-01] (Akamai Technologies, Inc.)
S4 Hamachi2Svc; D:\Sara\Hamachi\hamachi-2.exe [1435984 2013-05-15] (LogMeIn Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S4 npggsvc; C:\Windows\system32\GameMon.des [4241016 2011-03-13] (INCA Internet Co., Ltd.)
S4 ogmservice; C:\Program Files\Online Games Manager\ogmservice.exe [559168 2013-03-12] (RealNetworks, Inc.)
==================== Drivers (Whitelisted) ====================
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-26] (DT Soft Ltd)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R3 LGBusEnum; C:\Windows\System32\drivers\LGBusEnum.sys [19720 2009-11-24] (Logitech Inc.)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [39960 2013-05-30] (Logitech Inc.)
R3 LGVirHid; C:\Windows\System32\drivers\LGVirHid.sys [14856 2009-11-24] (Logitech Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 rzdaendpt; C:\Windows\System32\DRIVERS\rzdaendpt.sys [22272 2012-05-08] (Razer USA Ltd)
S3 rzudd; C:\Windows\System32\DRIVERS\rzudd.sys [119480 2013-08-21] (Razer Inc)
S3 rzvkeyboard; C:\Windows\System32\DRIVERS\rzvkeyboard.sys [18560 2012-05-15] (Razer USA Ltd)
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] ()
S3 USBMULCD; C:\Windows\System32\drivers\CM106.sys [1516544 2009-05-14] (C-Media Electronics Inc)
R3 WmBEnum; C:\Windows\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\Windows\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\Windows\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\Windows\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
S3 catchme; \??\C:\Users\Sara\AppData\Local\Temp\catchme.sys [X]
S3 EagleNT; \??\C:\Windows\system32\drivers\EagleNT.sys [X]
S3 EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 21:06 - 2014-02-04 21:07 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST (1).exe
2014-02-04 20:56 - 2014-02-04 20:56 - 00000782 _____ () C:\Windows\PFRO.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000056 _____ () C:\Windows\setupact.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ () C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ () C:\Users\Sara\Desktop\Don't Starve.url
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:30 - 2014-01-29 20:32 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ () C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:10 - 2014-01-29 20:11 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:10 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 19:40 - 2014-01-29 20:03 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D () C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ () C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D () C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:52 - 2014-01-29 20:44 - 00000000 ____D () C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 00:25 - 2014-01-29 00:49 - 00000000 ____D () C:\ComboFix
2014-01-27 14:50 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-27 14:50 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-27 14:50 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-27 14:50 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-27 14:47 - 2014-01-27 15:01 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 14:47 - 2014-01-27 14:50 - 00000000 ____D () C:\Qoobox
2014-01-27 14:44 - 2014-01-29 00:22 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-26 15:35 - 2014-01-26 15:36 - 00033647 _____ () C:\Users\Sara\Downloads\Addition.txt
2014-01-26 15:34 - 2014-02-04 21:10 - 00013186 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-01-26 15:34 - 2014-02-04 21:09 - 00000000 ____D () C:\FRST
2014-01-26 15:34 - 2014-01-29 20:44 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-15 16:01 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 16:01 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 16:01 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 16:01 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 18:22 - 2014-01-12 14:40 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ () C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ () C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-27 14:59 - 00000000 ____D () C:\Program Files\ESO Survey Live
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ () C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
==================== One Month Modified Files and Folders =======
2014-02-04 21:10 - 2014-01-26 15:34 - 00013186 _____ () C:\Users\Sara\Downloads\FRST.txt
2014-02-04 21:09 - 2014-01-26 15:34 - 00000000 ____D () C:\FRST
2014-02-04 21:07 - 2014-02-04 21:06 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST (1).exe
2014-02-04 21:06 - 2011-05-10 07:16 - 01372752 _____ () C:\Windows\WindowsUpdate.log
2014-02-04 21:04 - 2009-07-14 05:34 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:04 - 2009-07-14 05:34 - 00019152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 21:00 - 2011-05-10 07:28 - 01621400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-04 20:58 - 2011-05-11 11:06 - 00000000 ____D () C:\Program Files\Common Files\Akamai
2014-02-04 20:57 - 2013-07-17 09:07 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-04 20:56 - 2014-02-04 20:56 - 00000782 _____ () C:\Windows\PFRO.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000056 _____ () C:\Windows\setupact.log
2014-02-04 20:56 - 2014-02-04 20:56 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-04 20:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-01-31 10:40 - 2012-10-12 20:07 - 00000000 ____D () C:\Program Files\Steam
2014-01-31 10:39 - 2011-05-10 17:12 - 00000000 ____D () C:\Windows\Panther
2014-01-31 10:28 - 2013-07-17 09:07 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 10:25 - 2014-01-31 10:25 - 00987425 _____ () C:\Users\Sara\Downloads\SecurityCheck.exe
2014-01-31 10:14 - 2014-01-02 23:14 - 00000284 _____ () C:\Windows\Tasks\FoxTab.job
2014-01-31 02:14 - 2012-02-27 21:20 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\TS3Client
2014-01-30 23:16 - 2014-01-30 23:16 - 02347384 _____ (ESET) C:\Users\Sara\Downloads\esetsmartinstaller_enu.exe
2014-01-30 16:58 - 2014-01-30 16:58 - 00000216 _____ () C:\Users\Sara\Desktop\Don't Starve.url
2014-01-29 20:44 - 2014-01-29 00:52 - 00000000 ____D () C:\Users\Sara\Downloads\FRST-OlderVersion
2014-01-29 20:44 - 2014-01-26 15:34 - 01137152 _____ (Farbar) C:\Users\Sara\Downloads\FRST.exe
2014-01-29 20:42 - 2014-01-29 20:42 - 00001144 _____ () C:\Users\Sara\Desktop\JRT.txt
2014-01-29 20:41 - 2014-01-29 20:41 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 20:40 - 2014-01-29 20:40 - 01037068 _____ (Thisisu) C:\Users\Sara\Downloads\JRT.exe
2014-01-29 20:32 - 2014-01-29 20:30 - 00000000 ____D () C:\AdwCleaner
2014-01-29 20:32 - 2013-07-17 09:05 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Common
2014-01-29 20:30 - 2014-01-29 20:30 - 01166132 _____ () C:\Users\Sara\Downloads\adwcleaner.exe
2014-01-29 20:25 - 2011-05-10 08:38 - 00136000 _____ () C:\Users\Sara\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-29 20:24 - 2013-05-09 14:28 - 00000000 __SHD () C:\ProgramData\RazorU0
2014-01-29 20:24 - 2009-09-18 17:30 - 00000000 ____D () C:\Windows\de-DE
2014-01-29 20:11 - 2014-01-29 20:11 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Malwarebytes
2014-01-29 20:11 - 2014-01-29 20:10 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 20:10 - 2014-01-29 20:10 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Sara\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 20:10 - 2014-01-29 20:10 - 00001080 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 20:10 - 2014-01-29 20:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 20:05 - 2009-07-14 05:33 - 00511712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-29 20:03 - 2014-01-29 19:40 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-01-29 19:39 - 2013-08-19 16:12 - 00002130 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-29 19:37 - 2014-01-29 19:37 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-SARA-PC-Microsoft-Windows-7-Professional-(32-bit).dat
2014-01-29 19:36 - 2014-01-29 19:36 - 00000000 ____D () C:\RegBackup
2014-01-29 19:17 - 2014-01-29 19:17 - 02903255 _____ () C:\Users\Sara\Downloads\tweaking.com_windows_repair_aio.zip
2014-01-29 19:17 - 2014-01-29 19:17 - 00000000 ____D () C:\Users\Sara\Desktop\Tweaking.com - Windows Repair
2014-01-29 00:49 - 2014-01-29 00:25 - 00000000 ____D () C:\ComboFix
2014-01-29 00:49 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2014-01-29 00:22 - 2014-01-27 14:44 - 05175619 ____R (Swearware) C:\Users\Sara\Downloads\ComboFix.exe
2014-01-27 15:01 - 2014-01-27 14:47 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 15:00 - 2011-05-10 07:25 - 00000000 ____D () C:\Users\Sara
2014-01-27 14:59 - 2014-01-08 16:58 - 00000000 ____D () C:\Program Files\ESO Survey Live
2014-01-27 14:50 - 2014-01-27 14:47 - 00000000 ____D () C:\Qoobox
2014-01-26 15:36 - 2014-01-26 15:35 - 00033647 _____ () C:\Users\Sara\Downloads\Addition.txt
2014-01-19 08:32 - 2011-05-12 08:14 - 00231584 _____ (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-16 01:00 - 2013-12-05 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-16 00:58 - 2011-05-10 10:27 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-12 14:40 - 2014-01-10 18:22 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\Awesomium
2014-01-09 19:15 - 2014-01-09 19:15 - 00000000 ____D () C:\ProgramData\Elder Scrolls Online
2014-01-08 18:24 - 2014-01-01 03:51 - 00000000 ____D () C:\Users\Sara\.gimp-2.8
2014-01-08 18:11 - 2014-01-08 18:11 - 00001460 _____ () C:\Users\Sara\AppData\Local\recently-used.xbel
2014-01-08 17:54 - 2014-01-08 17:54 - 11386496 _____ () C:\Users\Sara\Downloads\ScanImage582.tif
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\Documents\Elder Scrolls Online
2014-01-08 16:58 - 2014-01-08 16:58 - 00000000 ____D () C:\Users\Sara\AppData\Roaming\com.immersyve.Paladin.live
2014-01-08 16:55 - 2014-01-08 16:55 - 00000909 _____ () C:\Users\Sara\Desktop\The Elder Scrolls Online Beta.lnk
2014-01-08 16:54 - 2014-01-08 16:54 - 55903624 _____ ( ) C:\Users\Sara\Downloads\Install_ESO_Beta.exe
Files to move or delete:
====================
C:\Users\Sara\error_report.exe
C:\Users\Sara\jagex_cl_runescape_LIVE.dat
C:\Users\Sara\OverwolfTeamSpeakInstaller.exe
C:\Users\Sara\package_inst.exe
C:\Users\Sara\QtCore4.dll
C:\Users\Sara\QtGui4.dll
C:\Users\Sara\QtNetwork4.dll
C:\Users\Sara\QtSql4.dll
C:\Users\Sara\random.dat
C:\Users\Sara\ts3client_win32.exe
Some content of TEMP:
====================
C:\Users\Sara\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-30 15:37
==================== End Of Log ============================
--- --- --- FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-02-2014
Ran by Sara at 2014-02-04 21:10:55
Running from C:\Users\Sara\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.6.0.19140 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 10 ActiveX (Version: 10.3.181.26 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader X (10.1.1) - Deutsch (Version: 10.1.1 - Adobe Systems Incorporated)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Age of Wulin (Version: 0.0.1.011 - gPotato)
AION Free-To-Play (Version: 2.70.0000 - Gameforge)
AION Free-To-Play (Version: 2.70.0000 - Gameforge) Hidden
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
Akamai NetSession Interface Service (Version: - )
AMD Accelerated Video Transcoding (Version: 2.00.0002 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.923.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.873.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Media Foundation Decoders (Version: 1.0.70405.2224 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Atlantica (Version: 21662 - NEXON Europe S.A.R.L)
Audacity 1.2.6 (Version: - )
Biet-O-Matic v2.14.12 (Version: 2.14.12 - BOM Development Team)
BioShock Infinite (Version: - Irrational Games)
Black & White® 2 (Version: 1.00.0000 - Lionhead Studios)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Borderlands 2 (Version: - )
Brother MFL-Pro Suite MFC-8460N (Version: 1.0.0.0 - Brother Industries, Ltd.)
Cake Mania 2 (Version: - )
Cake Mania 3 (Version: - )
Call of Duty Black Ops II (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center (Version: 2012.0405.2205.37728 - Ihr Firmenname) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (Version: 2012.0405.2204.37728 - Advanced Micro Devices, Inc.) Hidden
ccc-utility (Version: 2012.0405.2205.37728 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 3.20 - Piriform)
Corel Graphics - Windows Shell Extension (Version: 16.1.0.843 - Corel Corporation)
Corel Graphics - Windows Shell Extension (Version: 16.1.843 - Corel Corporation) Hidden
Corel Painter 12 - IPM (Version: 12.4 - Corel Corporation) Hidden
Corel Painter 12 (Version: 12.2.1.1212 - Corel Corporation)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Pro (Version: 5.1.0.0333 - DT Soft Ltd)
DarksidersInstaller (Version: 1.00.1000 - Ihr Firmenname)
DarkWave Studio 3.2.9 (Version: 3.2.9 - ExperimentalScene)
Dead Island Riptide (c) Deep Silver version 1 (Version: 1 - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
Deponia (Version: 1.0 - Daedalic Entertainment)
Diablo III (Version: 1.0.8.16603 - Blizzard Entertainment)
Die Kunst des Mordens - Die geheimen Akten (Version: - )
Diner Dash 2 Restaurant Rescue (Version: - )
Diner Dash 5: BOOM (Version: - )
Diner Dash Flo on the Go (Version: - )
Diner Dash: Flo Through Time (Version: - )
Dishonored (Version: - )
Disney Toontown Online (Version: - Walt Disney Internet Group)
DivX-Setup (Version: 2.6.1.8 - DivX, LLC)
Don't Starve (Version: - Klei Entertainment)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
EasyBits GO (HKCU Version: - EasyBits Media)
Enlightenus (Version: - )
EPSON-Drucker-Software (Version: - )
ESO Survey Live version 1.3.0 (Version: 1.3.0 - Immersyve, Inc.)
F.A.C.E.S. (Version: - )
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios)
Fable III (Version: 1.0.0000.131 - Microsoft Game Studios) Hidden
Fairy Maids (Version: - )
Farm Craft (Version: - )
Farm Tribe (Version: - )
Fotogalerie (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Audio CD Burner version 1.4.8 (Version: - DVDVideoSoft Limited.)
GIMP 2.8.10 (Version: 2.8.10 - The GIMP Team)
Google Chrome (Version: 32.0.1700.102 - Google Inc.)
Google Chrome Frame (Version: 65.119.72 - Google, Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Guild Wars 2 (Version: - NCsoft Corporation, Ltd.)
Haunted Halls: Kindheitsängste Sammleredition (Version: - )
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789) (Version: 1 - Microsoft Corporation)
HP Officejet Pro 8600 - Grundlegende Software für das Gerät (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Update (Version: 5.003.000.004 - Hewlett-Packard)
I.R.I.S. OCR (Version: 12.3.4.0 - HP)
IconHandler 32 bit (Version: 2.0 - Corel Corporation) Hidden
ICQ 8.0 (build 6017) (HKCU Version: 8.0.6017.0 - Mail.Ru)
ICQ7.5 (Version: 7.5 - ICQ)
Inkscape 0.48.0 (Version: 0.48.0 - )
Install(GE) (Version: 1.0 - AeriaGames)
IrfanView (remove only) (Version: 4.28 - Irfan Skiljan)
iTunes (Version: 11.1.2.32 - Apple Inc.)
Java 7 Update 25 (Version: 7.0.250 - Oracle)
Java Auto Updater (Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 25 (Version: 6.0.250 - Oracle)
JDownloader 0.9 (Version: 0.9 - AppWork GmbH)
K-Lite Codec Pack 6.0.4 (Basic) (Version: 6.0.4 - )
League of Legends (Version: 1.02.0000 - Riot Games)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Hidden
Logitech Gaming Software 5.10 (Version: 5.10.127 - Logitech)
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.)
LogMeIn Hamachi (Version: 2.1.0.362 - LogMeIn, Inc.) Hidden
MabinogiEU (Version: - devCAT)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU (Version: 9.0.30729 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft_VC100_CRT_x86 (Version: 1.0.0 - Microsoft)
Minecraft Cracked (Version: 1.4.7 - MINECRAFTinstall.net)
Movie Maker (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox (3.6.18) (Version: 3.6.18 (en-US) - Mozilla)
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (Version: 16.4.1108.0727 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0 - Microsoft Corporation)
Mystic Inn (Version: - )
NC Launcher (GameForge) (Version: - NCsoft)
NVIDIA PhysX (Version: 9.09.0203 - NVIDIA Corporation)
Online Games Manager v1.20 (Version: 1.20.13 - Real Networks, Inc.)
Orcs Must Die 2 (Version: - )
Origin (Version: 9.0.2.2065 - Electronic Arts, Inc.)
Overlord II (Version: 1.0 - Codemasters)
Painter 12 - Content (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Core (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - DE (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - EN (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - FR (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - IT (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Painter (Version: 12.4 - Corel Corporation) Hidden
Painter 12 - Setup Files (Version: 12.4 - Corel Corporation) Hidden
Pando Media Booster (Version: 2.6.0.8 - Pando Networks Inc.)
Pangya (Ntreev USA) (Version: - )
Path of Exile (Version: - Grinding Gear Games)
Photo Gallery (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Plantasia (Version: - )
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Razer Synapse 2.0 (Version: 1.13.1 - Razer Inc.)
Room Arranger (Version: 5.6.8 - Jan Adamec)
Sacred 2 (Version: 2.0.2.0 - Ascaron Entertainment)
Sandlot Games Client Services 1.2.2 (Version: - Sandlot Games)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sonic & All-Stars Racing Transformed (Version: - Sumo Digital)
SPORE™ (Version: 1.00.0000 - Electronic Arts)
Steam (Version: 1.0.0.0 - Valve Corporation)
System Requirements Lab (Version: 4.1.72.0 - Husdawg, LLC)
TeamSpeak 3 Client (HKCU Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 6 (Version: 6.0.10511 - TeamViewer GmbH)
TERA (Version: 16.04 - Frogster Online Gaming GmbH)
The Elder Scrolls Online Beta (Version: 0.3.4 - )
The Elder Scrolls V: Skyrim (Version: - Bethesda Game Studios)
Trust 5.1 Surround Headset (Version: - )
Twisted Lands - Insomniac (Version: - )
UltraStar Deluxe (Version: 1.1 - USDX Team)
Uninstall 1.0.0.1 (Version: - )
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (Version: - Microsoft)
Urban Legends: The Maze (Version: - )
UseNeXT by Tangysoft (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.1.9 (Version: 1.1.9 - VideoLAN)
War of Angels (Version: - )
Warframe (Version: - Digital Extremes)
Windows Live Communications Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinRAR 4.00 (32-Bit) (Version: 4.00.0 - win.rar GmbH)
World of Warcraft (Version: 5.3.0.17128 - Blizzard Entertainment)
YouTube Song Downloader (Version: 7.92 - Abelssoft)
YouTube Song Downloader (Version: 8.2 - Abelssoft)
==================== Restore Points =========================
29-01-2014 18:36:30 Tweaking.com - Windows Repair
30-01-2014 16:25:54 DirectX wurde installiert
==================== Hosts content: ==========================
2009-07-14 03:04 - 2014-01-29 00:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {0565C2F2-F6E2-4B7D-B4CA-A3315A833AAE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-06-22] (Piriform Ltd)
Task: {12D6E651-F8B2-4144-BD21-00CD802F3DBB} - System32\Tasks\RNUpgradeHelperResumePrompt_Sara => C:\Users\Sara\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe [2011-06-27] (RealNetworks, Inc.)
Task: {1397BF44-6D5E-4804-BFDF-59710A9196A6} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {50C5F7EA-4332-4E16-8CA9-04795B6E0B09} - System32\Tasks\{4D262156-A9F7-4BF1-914E-AFA7D9CD1406} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {9CD27547-D76B-40ED-B8D5-3935F9E57236} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {CA066D31-83D1-4529-BE0D-6941F1F83945} - System32\Tasks\FoxTab => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {CF956DD2-1F2B-47E3-9243-7989021CB6AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-07-17] (Google Inc.)
Task: {D8A7ADB3-735C-4459-A3C3-A1C3B8B23F79} - System32\Tasks\Windows Update Check - 0x0F2A0355 => C:\ProgramData\RazorU0\piztmhvct.exe
Task: {EA7000B4-8AC2-4291-8E88-DE8541914866} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: {F681302C-CB0D-4F1F-8533-93EE7E29573F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-3956404115-2358615362-3616498794-1000 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\FoxTab.job => C:\Users\Sara\AppData\Roaming\FoxTab\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2011-09-27 06:23 - 2011-09-27 06:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 06:22 - 2011-09-27 06:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-04-20 01:09 - 2013-04-20 01:09 - 00851456 _____ () C:\Users\Sara\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-29 19:39 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-29 19:39 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-29 19:39 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:149327FE
AlternateDataStreams: C:\ProgramData\TEMP:1604D047
AlternateDataStreams: C:\ProgramData\TEMP:162E02F7
AlternateDataStreams: C:\ProgramData\TEMP:1A4BF204
AlternateDataStreams: C:\ProgramData\TEMP:1ECED34B
AlternateDataStreams: C:\ProgramData\TEMP:2216A431
AlternateDataStreams: C:\ProgramData\TEMP:22741C1F
AlternateDataStreams: C:\ProgramData\TEMP:2ADF9928
AlternateDataStreams: C:\ProgramData\TEMP:2E9900EE
AlternateDataStreams: C:\ProgramData\TEMP:33384BC0
AlternateDataStreams: C:\ProgramData\TEMP:3BCA993F
AlternateDataStreams: C:\ProgramData\TEMP:3EC5BC08
AlternateDataStreams: C:\ProgramData\TEMP:413E2927
AlternateDataStreams: C:\ProgramData\TEMP:439E3411
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:46A2F27B
AlternateDataStreams: C:\ProgramData\TEMP:4E79C4F8
AlternateDataStreams: C:\ProgramData\TEMP:4EFA2FC7
AlternateDataStreams: C:\ProgramData\TEMP:5E9B629B
AlternateDataStreams: C:\ProgramData\TEMP:6E2D80C8
AlternateDataStreams: C:\ProgramData\TEMP:6FDE1666
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:762408BA
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:8944C195
AlternateDataStreams: C:\ProgramData\TEMP:91486201
AlternateDataStreams: C:\ProgramData\TEMP:9547F1DB
AlternateDataStreams: C:\ProgramData\TEMP:9CF728A6
AlternateDataStreams: C:\ProgramData\TEMP:A88BE334
AlternateDataStreams: C:\ProgramData\TEMP:AFC732F7
AlternateDataStreams: C:\ProgramData\TEMP:B12D1A7D
AlternateDataStreams: C:\ProgramData\TEMP:C37283B5
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CBAF0C30
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D999FFD5
AlternateDataStreams: C:\ProgramData\TEMP:DDEB08FD
AlternateDataStreams: C:\ProgramData\TEMP:E2458802
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
AlternateDataStreams: C:\ProgramData\TEMP:F1F936DF
AlternateDataStreams: C:\ProgramData\TEMP:F264BECE
AlternateDataStreams: C:\ProgramData\TEMP:F3591DDB
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:FB08C210
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/04/2014 09:10:58 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:10:58.181]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:10:23 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:10:23.677]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:49 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:09:49.174]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:14 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:09:14.671]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:40 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:08:40.167]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:05 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:08:05.663]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:07:31 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:07:31.160]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:56 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:06:56.355]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:21 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:06:21.830]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:05:47 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2014/02/04 21:05:47.328]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
System errors:
=============
Error: (02/04/2014 08:57:13 PM) (Source: Service Control Manager) (User: )
Description: Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden des Dienstes "Windows Search" Korrekturmaßnahmen (Neustart des Diensts) durchzuführen, ist fehlgeschlagen. Fehler:
%%1056
Error: (02/04/2014 08:56:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (02/04/2014 08:56:43 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (02/04/2014 08:56:07 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:05 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:04 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (02/04/2014 08:56:03 PM) (Source: Disk) (User: )
Description: Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
Error: (01/30/2014 11:15:55 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (01/30/2014 11:14:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Error: (01/30/2014 11:13:42 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst WSearch erreicht.
Microsoft Office Sessions:
=========================
Error: (02/04/2014 09:10:58 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:10:58.181]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:10:23 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:10:23.677]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:49 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:09:49.174]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:09:14 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:09:14.671]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:40 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:08:40.167]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:08:05 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:08:05.663]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:07:31 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:07:31.160]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:56 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:06:56.355]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:06:21 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:06:21.830]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
Error: (02/04/2014 09:05:47 PM) (Source: Brother BrLog)(User: )
Description: STIBrtSTI: [2014/02/04 21:05:47.328]: [00001232]: GetDeviceIpAddress: GetAddressByName [BRN_906D1E] Error
==================== Memory info ===========================
Percentage of memory in use: 54%
Total physical RAM: 2295.18 MB
Available physical RAM: 1045.84 MB
Total Pagefile: 6389.47 MB
Available Pagefile: 4640.9 MB
Total Virtual: 2047.88 MB
Available Virtual: 1913.28 MB
==================== Drives ================================
Drive c: (Programme) (Fixed) (Total:488.18 GB) (Free:75.96 GB) NTFS
Drive d: (Datein) (Fixed) (Total:443.23 GB) (Free:233.5 GB) NTFS
Drive f: (DEPONIA) (CDROM) (Total:2.55 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 48443A2B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=443 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
04.02.2014, 21:22
| #15 |
| | Windows 7 Chrome Trojaner, Werbe-Popup Horror! Wollte fragen ob ich die Sachen die im Anhang angezeigt werden löschen soll /kann, werden halt bei mir angezeigt. und welches spiel meinst du bei ESET? Ich finde in der Auflistung nichts ^^; |
|
WARNUNG an die MITLESER: 
Linear-Darstellung
