| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Problem, Savings Wizard und Awesomehp lassen sich nicht entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
31.01.2014, 15:20
| #1 |
| |  Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Ich habe ein kleines großes Problem  Ich habe mir aus dem i-Net ne verseuchte Datei downloadet die von Norton 360 (Bezahlte Version) als unbedenklich eingestuft wurde. So nach dem installieren dann erstmal die doch relativ gewohnte bösen Überraschung das es ein Paket voll mit Adware und sonstigem Schrott war der sich sofort eingenistet hat auf dem PC. Ich habe neben Norton noch Malwarebytes und Adwcleaner drauf diese 3 Programme schaffen es aber einfach nicht den Müll ausfindig zu machen und zu löschen. Im Falle von Awesomehp handelt es sich um eine Hartnäckige Startseite die im Internet Explorer und in Firefox festklebt und sich nicht über Addons enfernen lässt da darunter nichts zu finden ist. Savings Wizard ist da sogar noch schlimmer. Er sitzt im Google Chrome Browser fest und lässt sich werder mit Geek noch mit Eraser noch mit iObit entfernen. Wenn ich die Datei unter %LOCALAPPDATA% lösche dann ist er zwar nicht mehr aktiviert aber er kommt nach der Neuinstallation von Chrome wieder drauf. Ich bin mächtig am verzweifel da ich meistens Chrome nutzte und darunter auch auf das Online Banking zugreife. Jemand eine passende Antwort?? Bitte   |
|
31.01.2014, 15:26
| #2 |
| /// TB-Ausbilder   | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Hi,
__________________mach bitte Folgendes: Schritt 1 Downloade dir bitte
Schritt 2 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
31.01.2014, 16:58
| #3 |
| | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Shortcut Cleaner:
__________________Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler) hxxp://www.bleepingcomputer.com/ Copyright 2008-2014 BleepingComputer.com More Information about Shortcut Cleaner can be found at this link: hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/ Windows Version: Windows 8.1 Program started at: 01/31/2014 04:53:51 PM. Scanning for registry hijacks: * No issues found in the Registry. Searching for Hijacked Shortcuts: Searching C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\ * Shortcut Cleaned: C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 Searching C:\ProgramData\Microsoft\Windows\Start Menu\ Searching C:\Users\Marcel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ * Shortcut Cleaned: C:\Users\Marcel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 * Shortcut Cleaned: C:\Users\Marcel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 Searching C:\Users\Public\Desktop\ Searching C:\Users\Marcel\Desktop 3 bad shortcuts found. Program finished at: 01/31/2014 04:53:53 PM Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s) Addition TextdateiFRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014 01
Ran by Marcel at 2014-01-31 16:56:57
Running from C:\Users\Marcel\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton 360 (Enabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 (Enabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
==================== Installed Programs ======================
µTorrent (HKCU Version: 3.3.2.30488 - BitTorrent Inc.)
3DMark (x32 Version: 1.1 - Futuremark)
7-Zip 9.20 (x32 Version: - )
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
AlienAutopsy (Version: 3.4.6422.14 - PC-Doctor, Inc.)
AlienRespawn - Support Software (x32 Version: 1.6.1.1 - Alienware)
AlienRespawn (x32 Version: 1.6.1.1 - Alienware)
Alienware Command Center (Version: 3.0.29.0 - Alienware Corp.) Hidden
Alienware Command Center (x32 Version: 3.0.29.0 - Alienware Corp.)
Alienware Customer Surveys (x32 Version: 1.11.4124 - Dell Inc.)
Alienware Digital Delivery (x32 Version: 2.7.1000.0 - Dell Products, LP)
Alienware On-Screen Display (x32 Version: 0.33.0.10C - )
Alienware On-Screen Display (x32 Version: 0.33.0.10C - ) Hidden
Apple Application Support (x32 Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.)
Assassin’s Creed IV Black Flag (x32 Version: - Ubisoft Montreal)
AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
AutoCAD 2014 Language Pack - Deutsch (German) (Version: 19.1.18.0 - Autodesk) Hidden
Autodesk 360 (Version: 4.0.27.1 - Autodesk)
Autodesk App Manager (x32 Version: 1.1.0 - Autodesk)
Autodesk AutoCAD 2014 - Deutsch (German) (Version: 19.1.18.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk)
Autodesk Content Service (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Content Service Language Pack (x32 Version: 3.1.3.0 - Autodesk) Hidden
Autodesk Featured Apps (x32 Version: 1.1.0 - Autodesk)
Autodesk Material Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Autodesk Material Library Base Resolution Image Library 2014 (x32 Version: 4.0.19.0 - Autodesk)
Battle.net (x32 Version: - Blizzard Entertainment)
Battlefield 4™ (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (Version: 6.30.95.48 - Broadcom Corporation)
Call of Duty: Ghosts - Multiplayer (x32 Version: - )
Call of Duty: Ghosts (x32 Version: - Infinity Ward)
CCleaner (Version: 4.07 - Piriform)
Classic Shell (Version: 4.0.2 - IvoSoft)
CPUID CPU-Z 1.67.1 (Version: - )
CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.1.2417 - CyberLink Corp.) Hidden
CyberLink Media Suite Essentials (x32 Version: 10.0 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.2126 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.2413 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (x32 Version: 10.0.4828.52 - CyberLink Corp.) Hidden
Debut Video Capture Software (x32 Version: 1.82 - NCH Software)
Dolby Home Theater v4 (x32 Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dota 2 (x32 Version: - Valve)
DSC/AA Factory Installer (Version: 3.4.6299.48 - PC-Doctor, Inc.) Hidden
EMSC (x32 Version: 0.0.0.25 - Compal Electronics, Inc.) Hidden
Eraser 6.0.10.2620 (Version: 6.0.2620 - The Eraser Project)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
EVEREST Home Edition v2.20 (x32 Version: 2.20 - Lavalys Inc)
Futuremark SystemInfo (x32 Version: 4.22.211 - Futuremark)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
iFunbox (v2.7.2386.747), iFunbox DevTeam (x32 Version: v2.7.2386.747 - )
Intel(R) Management Engine Components (x32 Version: 9.5.10.1658 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation)
Intel(R) Rapid Storage Technology (Version: 12.0.7.1002 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
IObit Uninstaller (x32 Version: 3.0.4.922 - IObit)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Killing Floor (x32 Version: - Tripwire Interactive)
Left 4 Dead 2 (x32 Version: - Valve)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Security Scan Plus (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft Office Home and Business 2013 - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 16.4.6012.0828 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (x32 Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (Version: 3.5.8080.0 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Norton 360 (x32 Version: 21.1.0.18 - Symantec Corporation)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) Hidden
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Origin (x32 Version: 9.3.10.4710 - Electronic Arts, Inc.)
PunkBuster Services (x32 Version: 0.991 - Even Balance, Inc.)
RAGE (x32 Version: - id Software)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6876 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation) Hidden
SketchUp Import for AutoCAD 2014 (x32 Version: 1.1.0 - Autodesk)
Skype™ 6.10 (x32 Version: 6.10.104 - Skype Technologies S.A.)
ST Microelectronics 3 Axis Digital Accelerometer Solution (x32 Version: 4.12.0040 - ST Microelectronics)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Synaptics Pointing Device Driver (Version: 16.3.8.62 - Synaptics Incorporated)
TeamSpeak 3 Client (x32 Version: 3.0.13 - TeamSpeak Systems GmbH)
TERA (x32 Version: 7 - Gameforge Productions GmbH)
Tunngle beta (x32 Version: - Tunngle.net GmbH)
Uplay (x32 Version: 4.0 - Ubisoft)
WIDCOMM Bluetooth Software (Version: 12.0.0.6300 - Broadcom Corporation)
WinPcap 4.1.3 (x32 Version: 4.1.0.2980 - Riverbed Technology, Inc.)
WinRAR 5.01 (64-Bit) (Version: 5.01.0 - win.rar GmbH)
Wireshark 1.10.4 (32-bit) (x32 Version: 1.10.4 - The Wireshark developer community, hxxp://www.wireshark.org)
==================== Restore Points =========================
15-01-2014 18:12:26 Installed iTunes
17-01-2014 15:23:45 Windows Modules Installer
28-01-2014 14:18:23 Windows Update
30-01-2014 08:29:08 Removed BlueStacks Notification Center
31-01-2014 08:55:49 Norton_Power_Eraser_20140131095548458
==================== Hosts content: ==========================
2013-08-22 14:25 - 2014-01-30 20:29 - 00000871 ____A C:\WINDOWS\system32\Drivers\etc\hosts
54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
==================== Scheduled Tasks (whitelisted) =============
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05D183BB-9043-4E18-9364-B08237EFF417} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1C1E1AB0-CBD4-4B1C-881A-DA4BD71988F8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-13] (Google Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {20DAE030-2535-4502-BBAA-440238656F5E} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {2359CC53-6BD2-4566-B5DE-B2B171BE01ED} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-12-03] (CyberLink Corp.)
Task: {299D114A-1B21-42BB-8224-03794BCF9D45} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\WSCStub.exe [2013-10-08] (Symantec Corporation)
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2CEAAAFD-535C-44E5-83DF-C22E21347A56} - \UpdaterEX No Task File
Task: {2F3597A0-9E65-4D91-9B56-C9E407273C5C} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {4267C15B-67BC-4871-83B1-F7682107B51B} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-12-03] (CyberLink)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {67EAD513-6E80-4A54-AE10-4D7B5EBC609F} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\AlienAutopsy\uaclauncher.exe [2013-08-22] (PC-Doctor, Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {75A9478A-77F8-4E13-8F11-DFCD77E8F28E} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\SymErr.exe [2013-08-01] (Symantec Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {78B5846A-55A9-4E9D-AD90-3D39386D74A6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {8201DFFF-E9EC-4CD9-84B7-2F19A741E264} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9219D7BB-B0A8-4719-8E2D-4FF6BF551CCD} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\AlienAutopsy\sessionchecker.exe [2013-12-07] (PC-Doctor, Inc.)
Task: {9283BC3D-7712-43D7-9CD9-79D0EDE8E03F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {9720F834-C015-4473-81B6-2B050818047C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-01-17] (Microsoft Corporation)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {D8BF0B9E-D50C-4410-9F4B-51A678A95A35} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F072918F-1F6B-4534-BCDE-DEE16015F9F8} - System32\Tasks\EVGAPrecision => C:\Program Files (x86)\EVGA Precision X\EVGAPrecision.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
==================== Loaded Modules (whitelisted) =============
2013-11-02 17:22 - 2013-08-19 10:21 - 00020256 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayIcon.dll
2013-11-02 17:22 - 2013-08-19 10:21 - 00019232 _____ () C:\Program Files (x86)\AlienRespawn\Components\Shell\DBROverlayNotBackuped.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00124448 _____ () C:\Program Files\Autodesk\Autodesk Sync\QJson.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00045088 _____ () C:\Program Files\Autodesk\Autodesk Sync\QtSolutions_MFCMigrationFramework_Ad_2.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00056352 _____ () C:\Program Files\Autodesk\Autodesk Sync\qoauth_Ad_1.dll
2013-02-05 00:21 - 2013-02-05 00:21 - 00937504 _____ () C:\Program Files\Autodesk\Autodesk Sync\qca_Ad_2.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-08-07 14:27 - 2013-08-07 14:27 - 00110088 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2013-11-02 17:06 - 2013-03-12 09:20 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2009-12-18 11:07 - 2009-12-18 11:07 - 00577536 _____ () C:\Program Files (x86)\Alienware On-Screen Display\EMSC.dll
2013-11-02 17:17 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 11:34 - 2012-06-08 11:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-10-23 13:15 - 2013-10-23 13:15 - 00230376 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\directsound_win32.dll
2013-10-23 13:15 - 2013-10-23 13:15 - 00237032 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll
2013-10-23 13:15 - 2013-10-23 13:15 - 00431080 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\clientquery_plugin.dll
2013-10-23 13:15 - 2013-10-23 13:15 - 00555496 _____ () C:\Program Files (x86)\TeamSpeak 3 Client\plugins\teamspeak_control_plugin.dll
2014-01-31 11:33 - 2014-01-23 06:56 - 00715544 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libglesv2.dll
2014-01-31 11:33 - 2014-01-23 06:56 - 00100120 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\libegl.dll
2014-01-31 11:33 - 2014-01-23 06:56 - 04055320 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\pdf.dll
2014-01-31 11:33 - 2014-01-23 06:57 - 00399640 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ppGoogleNaClPluginChrome.dll
2014-01-31 11:33 - 2014-01-23 06:55 - 01634584 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\ffmpegsumo.dll
2014-01-31 11:33 - 2014-01-23 06:56 - 13615896 _____ () C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.102\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Marcel\SkyDrive:ms-properties
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 16307.02 MB
Available physical RAM: 13636.32 MB
Total Pagefile: 18739.02 MB
Available Pagefile: 15746.43 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:688.85 GB) (Free:432.17 GB) NTFS
Drive d: (DATA) (Fixed) (Total:10.5 GB) (Free:10.36 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: FD6C80C4)
Partition: GPT Partition Type
========================================================
Disk: 1 (Size: 11 GB) (Disk ID: 5C4FE4CA)
Partition: GPT Partition Type
==================== End Of Log ============================
FRST Textdatei FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Marcel (administrator) on MARCEL on 31-01-2014 16:56:42
Running from C:\Users\Marcel\Downloads
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BitTorrent Inc.) C:\Users\Marcel\AppData\Roaming\uTorrent\uTorrent.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TeamSpeak Systems GmbH) C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\livecomm.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Alienware)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [Alienware Survey] - c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-08-20] ()
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKCU\...\Run: [uTorrent] - C:\Users\Marcel\AppData\Roaming\uTorrent\uTorrent.exe [1307736 2014-01-28] (BitTorrent Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKCU\...\Policies\Explorer: []
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-de
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {477C94E0-1170-402F-997E-BB631ECA700B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {477C94E0-1170-402F-997E-BB631ECA700B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {477C94E0-1170-402F-997E-BB631ECA700B} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Savings Wizard BHO - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - C:\Program Files (x86)\Savings Wizard\FrameworkBHO64.dll No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\msudb1vn.default
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\msudb1vn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
CHR DefaultNewTabURL:
CHR Extension: (Savings Wizard) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam [2014-01-31]
CHR Extension: (Google Docs) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google-Suche) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Norton Identity Protection) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Google Mail) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-27]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-20] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2013-11-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-11-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [x]
==================== Drivers (Whitelisted) ====================
S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-04-30] (Broadcom Corporation.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-25] (Symantec Corporation)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-25] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-24] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2012-12-03] (Qualcomm Atheros, Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140130.023\ENG64.SYS [126040 2014-01-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140130.023\EX64.SYS [2099288 2014-01-15] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Users\Marcel\AppData\Local\Temp\EverestDriver.sys [x]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 16:56 - 2014-01-31 16:56 - 00027901 _____ C:\Users\Marcel\Downloads\FRST.txt
2014-01-31 16:56 - 2014-01-31 16:56 - 00000000 ____D C:\FRST
2014-01-31 16:55 - 2014-01-31 16:56 - 02079744 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2014-01-31 16:55 - 2014-01-31 16:55 - 75656646 _____ C:\Users\Marcel\Downloads\2503.part231.rar.part
2014-01-31 16:53 - 2014-01-31 16:55 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part230.rar
2014-01-31 16:53 - 2014-01-31 16:53 - 00003370 _____ C:\sc-cleaner.txt
2014-01-31 16:52 - 2014-01-31 16:53 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\sc-cleaner.exe
2014-01-31 16:51 - 2014-01-31 16:53 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part229.rar
2014-01-31 16:51 - 2014-01-31 16:51 - 110440146 _____ C:\Users\Marcel\Downloads\2503.part228.rar.part
2014-01-31 16:48 - 2014-01-31 16:51 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part227.rar
2014-01-31 16:47 - 2014-01-31 16:51 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part226.rar
2014-01-31 16:44 - 2014-01-31 16:48 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part225.rar
2014-01-31 16:44 - 2014-01-31 16:47 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part224.rar
2014-01-31 16:41 - 2014-01-31 16:44 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part223.rar
2014-01-31 16:41 - 2014-01-31 16:44 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part222.rar
2014-01-31 15:17 - 2014-01-31 16:41 - 100896386 _____ C:\Users\Marcel\Downloads\2503.part221.rar.part
2014-01-31 15:16 - 2014-01-31 16:41 - 105032138 _____ C:\Users\Marcel\Downloads\2503.part220.rar.part
2014-01-31 15:10 - 2014-01-31 15:17 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part219.rar
2014-01-31 15:08 - 2014-01-31 15:16 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part218.rar
2014-01-31 15:03 - 2014-01-31 15:10 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part217.rar
2014-01-31 11:33 - 2014-01-31 16:39 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 10:45 - 2014-01-31 10:45 - 00000000 ____D C:\Users\Marcel\AppData\Local\Eraser 6
2014-01-31 09:58 - 2014-01-31 09:58 - 00001761 _____ C:\Users\Public\Desktop\Eraser.lnk
2014-01-31 09:58 - 2014-01-31 09:58 - 00000000 ____D C:\Program Files\Eraser
2014-01-31 09:52 - 2014-01-31 10:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\NPE
2014-01-31 09:41 - 2014-01-31 09:41 - 00001255 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00001231 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\IObit
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\ProgramData\IObit
2014-01-31 09:33 - 2014-01-31 11:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\Google
2014-01-31 08:36 - 2014-01-31 08:36 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\PCDr
2014-01-31 08:20 - 2014-01-31 08:20 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (3).txt
2014-01-31 07:51 - 2014-01-31 07:40 - 01166132 _____ C:\Users\Marcel\Desktop\adwcleaner-3.018.exe
2014-01-31 07:41 - 2014-01-31 11:36 - 00000000 ____D C:\AdwCleaner
2014-01-30 20:49 - 2014-01-09 09:17 - 02146304 _____ (Geek Uninstaller Software) C:\Users\Marcel\Desktop\geek.exe
2014-01-30 20:33 - 2014-01-30 20:34 - 00000000 ____D C:\Users\Marcel\AppData\Local\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\Documents\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\genienext
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\.android
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 _____ C:\Users\Marcel\daemonprocess.txt
2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\ProgramData\WPM
2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Users\Marcel\Documents\RegistryDr
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-30 20:32 - 2014-01-30 20:34 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-30 20:29 - 2014-01-30 23:34 - 00000000 ____D C:\Program Files (x86)\Bench
2014-01-30 20:29 - 2014-01-30 20:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-30 20:27 - 2014-01-30 20:27 - 00000068 _____ C:\Users\Marcel\Desktop\TS3 Server adresse.txt
2014-01-30 19:51 - 2014-01-30 20:15 - 00000000 ____D C:\Users\Marcel\AppData\Local\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00001160 _____ C:\Users\Public\Desktop\Battle.net.lnk
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2014-01-30 19:43 - 2014-01-30 19:44 - 00000000 ____D C:\ProgramData\Battle.net
2014-01-30 19:08 - 2014-01-30 19:06 - 11861359 _____ C:\Users\Marcel\Desktop\nickellissas_120913_27012-L4D2.zip
2014-01-30 19:08 - 2014-01-30 19:00 - 39255055 _____ C:\Users\Marcel\Desktop\demonic_infected_pack_280811_12462-L4D2.zip
2014-01-30 19:08 - 2014-01-30 18:59 - 03274564 _____ C:\Users\Marcel\Desktop\revenant_060713_26177-L4D2.zip
2014-01-30 14:37 - 2014-01-30 14:38 - 00000203 _____ C:\Users\Marcel\Documents\debug.log
2014-01-30 13:58 - 2014-01-31 15:09 - 00000000 ____D C:\Users\Marcel\Desktop\ThelastofUS
2014-01-30 13:57 - 2014-01-31 15:09 - 00000000 ____D C:\Users\Marcel\Desktop\schrott
2014-01-30 11:42 - 2014-01-30 11:44 - 00000389 _____ C:\Users\Marcel\Documents\plot.log
2014-01-30 10:22 - 2014-01-30 10:22 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (2).txt
2014-01-30 09:59 - 2014-01-30 14:38 - 00000000 ____D C:\Users\Marcel\AppData\Local\cache
2014-01-30 09:54 - 2014-01-30 09:54 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-30 09:53 - 2014-01-30 09:53 - 00002021 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-30 09:52 - 2014-01-30 09:54 - 00000000 ____D C:\Users\Marcel\AppData\Local\Autodesk
2014-01-30 09:52 - 2014-01-30 09:52 - 00002118 _____ C:\Users\Public\Desktop\AutoCAD 2014 - Deutsch (German).lnk
2014-01-30 09:51 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-30 09:51 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files (x86)\Autodesk
2014-01-30 09:50 - 2014-01-30 09:50 - 00001342 _____ C:\WINDOWS\DirectX.log
2014-01-30 09:48 - 2014-01-30 09:59 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Autodesk
2014-01-30 09:48 - 2014-01-30 09:59 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-30 09:47 - 2014-01-30 09:47 - 00000000 ____D C:\Autodesk
2014-01-30 09:45 - 2014-01-30 09:45 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014 - Kopie
2014-01-30 09:32 - 2014-01-30 09:32 - 00000000 ____D C:\Users\Marcel\Desktop\Autodesk.AutoCAD.2014.WIN64.German-XFORCE
2014-01-30 07:57 - 2014-01-30 07:57 - 00000000 ____D C:\Users\Marcel\Desktop\0030
2014-01-30 07:33 - 2014-01-30 07:33 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\WinRAR
2014-01-30 07:32 - 2014-01-30 07:32 - 00000993 _____ C:\Users\Public\Desktop\WinRAR.lnk
2014-01-30 07:32 - 2014-01-30 07:32 - 00000000 ____D C:\Program Files\WinRAR
2014-01-29 22:17 - 2014-01-30 09:44 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014
2014-01-29 16:54 - 2013-07-12 16:48 - 00035328 _____ C:\Users\Marcel\Desktop\left4gore.exe
2014-01-29 16:48 - 2014-01-29 16:48 - 00000000 ____D C:\Users\Marcel\Desktop\Left4Uncut [09.07.2013]
2014-01-28 20:46 - 2014-01-28 20:49 - 00000000 ____D C:\Users\Marcel\Desktop\bilder
2014-01-28 17:46 - 2014-01-28 19:12 - 00000000 ____D C:\Users\Marcel\Desktop\JDownloader
2014-01-28 17:46 - 2014-01-28 17:45 - 31419822 _____ C:\Users\Marcel\Desktop\JDownloader.zip
2014-01-28 17:38 - 2014-01-28 17:38 - 00000900 _____ C:\Users\Marcel\Desktop\µTorrent.lnk
2014-01-28 17:38 - 2014-01-28 17:38 - 00000880 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 17:37 - 2014-01-31 16:54 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\uTorrent
2014-01-28 17:37 - 2014-01-30 09:46 - 00000000 ____D C:\Users\Marcel\Desktop\AutoCAD 2014 ordner
2014-01-16 20:37 - 2014-01-16 20:36 - 06647920 _____ C:\Users\Marcel\Desktop\The C90s - Shine A Light (Flight Facilities Remix).aac
2014-01-16 00:46 - 2014-01-16 00:46 - 00045042 _____ C:\Users\Marcel\Desktop\preferenceloader_2.2.2_iphoneos-arm.deb
2014-01-15 22:41 - 2014-01-15 22:41 - 08779186 _____ C:\Users\Marcel\Desktop\eu.heinelt.ifile_2.0.1-1_iphoneos-arm_fabius.deb
2014-01-15 22:31 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 22:31 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 22:31 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 22:31 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 22:31 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 22:31 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:31 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 22:31 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:31 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 22:31 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 22:31 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 19:13 - 2014-01-15 19:14 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Apple Computer
2014-01-15 19:13 - 2014-01-15 19:13 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 19:13 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple Computer
2014-01-15 19:13 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iPod
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-15 19:11 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Bonjour
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-15 19:00 - 2014-01-15 19:14 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\iFunbox_UserCache
2014-01-15 19:00 - 2014-01-15 19:00 - 00001070 _____ C:\Users\Public\Desktop\iFunbox.lnk
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2014-01-15 18:58 - 2014-01-15 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One Month Modified Files and Folders =======
2014-01-31 16:56 - 2014-01-31 16:56 - 00027901 _____ C:\Users\Marcel\Downloads\FRST.txt
2014-01-31 16:56 - 2014-01-31 16:56 - 00000000 ____D C:\FRST
2014-01-31 16:56 - 2014-01-31 16:55 - 02079744 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2014-01-31 16:55 - 2014-01-31 16:55 - 75656646 _____ C:\Users\Marcel\Downloads\2503.part231.rar.part
2014-01-31 16:55 - 2014-01-31 16:53 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part230.rar
2014-01-31 16:54 - 2014-01-28 17:37 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\uTorrent
2014-01-31 16:53 - 2014-01-31 16:53 - 00003370 _____ C:\sc-cleaner.txt
2014-01-31 16:53 - 2014-01-31 16:52 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\sc-cleaner.exe
2014-01-31 16:53 - 2014-01-31 16:51 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part229.rar
2014-01-31 16:53 - 2013-11-14 11:31 - 00001452 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 16:51 - 2014-01-31 16:51 - 110440146 _____ C:\Users\Marcel\Downloads\2503.part228.rar.part
2014-01-31 16:51 - 2014-01-31 16:48 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part227.rar
2014-01-31 16:51 - 2014-01-31 16:47 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part226.rar
2014-01-31 16:49 - 2013-12-04 16:51 - 01397137 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-31 16:48 - 2014-01-31 16:44 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part225.rar
2014-01-31 16:47 - 2014-01-31 16:44 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part224.rar
2014-01-31 16:44 - 2014-01-31 16:41 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part223.rar
2014-01-31 16:44 - 2014-01-31 16:41 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part222.rar
2014-01-31 16:44 - 2013-11-13 13:58 - 00003596 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521883235-1359198826-403492938-1002
2014-01-31 16:41 - 2014-01-31 15:17 - 100896386 _____ C:\Users\Marcel\Downloads\2503.part221.rar.part
2014-01-31 16:41 - 2014-01-31 15:16 - 105032138 _____ C:\Users\Marcel\Downloads\2503.part220.rar.part
2014-01-31 16:41 - 2013-11-15 20:22 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\TS3Client
2014-01-31 16:39 - 2014-01-31 11:33 - 00002197 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 16:39 - 2013-12-03 19:04 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\ClassicShell
2014-01-31 16:39 - 2013-11-13 22:17 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 16:38 - 2013-11-14 11:33 - 00000000 ___RD C:\Users\Marcel\SkyDrive
2014-01-31 16:38 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-31 15:17 - 2014-01-31 15:10 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part219.rar
2014-01-31 15:16 - 2014-01-31 15:08 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part218.rar
2014-01-31 15:10 - 2014-01-31 15:03 - 112000000 _____ C:\Users\Marcel\Downloads\2503.part217.rar
2014-01-31 15:09 - 2014-01-30 13:58 - 00000000 ____D C:\Users\Marcel\Desktop\ThelastofUS
2014-01-31 15:09 - 2014-01-30 13:57 - 00000000 ____D C:\Users\Marcel\Desktop\schrott
2014-01-31 15:08 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Marcel\Desktop\iPod Backup
2014-01-31 15:08 - 2013-11-13 15:12 - 00428032 ___SH C:\Users\Marcel\Desktop\Thumbs.db
2014-01-31 15:02 - 2013-11-13 14:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-31 14:27 - 2013-11-13 22:17 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 11:41 - 2013-09-30 05:14 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-31 11:41 - 2013-09-30 04:56 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-31 11:41 - 2013-09-30 04:56 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-31 11:36 - 2014-01-31 07:41 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:36 - 2013-12-18 08:01 - 00041570 _____ C:\WINDOWS\PFRO.log
2014-01-31 11:36 - 2013-11-14 10:54 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-31 11:36 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-31 11:33 - 2014-01-31 09:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\Google
2014-01-31 11:33 - 2013-11-13 22:17 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-31 10:53 - 2013-11-26 14:53 - 00000000 ____D C:\Users\Marcel\AppData\Local\CrashDumps
2014-01-31 10:45 - 2014-01-31 10:45 - 00000000 ____D C:\Users\Marcel\AppData\Local\Eraser 6
2014-01-31 10:24 - 2013-11-02 17:15 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2014-01-31 10:01 - 2014-01-31 09:52 - 00000000 ____D C:\Users\Marcel\AppData\Local\NPE
2014-01-31 09:58 - 2014-01-31 09:58 - 00001761 _____ C:\Users\Public\Desktop\Eraser.lnk
2014-01-31 09:58 - 2014-01-31 09:58 - 00000000 ____D C:\Program Files\Eraser
2014-01-31 09:58 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-31 09:52 - 2013-11-26 11:45 - 00000000 ____D C:\ProgramData\Norton
2014-01-31 09:41 - 2014-01-31 09:41 - 00001255 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00001231 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\IObit
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\ProgramData\IObit
2014-01-31 08:36 - 2014-01-31 08:36 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\PCDr
2014-01-31 08:20 - 2014-01-31 08:20 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (3).txt
2014-01-31 07:40 - 2014-01-31 07:51 - 01166132 _____ C:\Users\Marcel\Desktop\adwcleaner-3.018.exe
2014-01-30 23:34 - 2014-01-30 20:29 - 00000000 ____D C:\Program Files (x86)\Bench
2014-01-30 23:08 - 2013-11-02 17:15 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-30 23:06 - 2013-12-08 12:45 - 00000000 ____D C:\Users\Marcel\Desktop\winject
2014-01-30 22:30 - 2014-01-30 20:32 - 00000000 ____D C:\ProgramData\WPM
2014-01-30 22:30 - 2014-01-30 20:32 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-30 20:37 - 2013-08-22 15:44 - 00458512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-30 20:35 - 2014-01-30 20:32 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-01-30 20:35 - 2014-01-30 20:32 - 00000000 ____D C:\Users\Marcel\Documents\RegistryDr
2014-01-30 20:35 - 2014-01-30 20:32 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-30 20:34 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\Mobogenie
2014-01-30 20:34 - 2014-01-30 20:32 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\Documents\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\genienext
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\.android
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 _____ C:\Users\Marcel\daemonprocess.txt
2014-01-30 20:33 - 2013-11-14 10:57 - 00000000 ____D C:\Users\Marcel
2014-01-30 20:29 - 2014-01-30 20:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-30 20:29 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2014-01-30 20:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2014-01-30 20:27 - 2014-01-30 20:27 - 00000068 _____ C:\Users\Marcel\Desktop\TS3 Server adresse.txt
2014-01-30 20:15 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00001160 _____ C:\Users\Public\Desktop\Battle.net.lnk
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2014-01-30 19:44 - 2014-01-30 19:43 - 00000000 ____D C:\ProgramData\Battle.net
2014-01-30 19:06 - 2014-01-30 19:08 - 11861359 _____ C:\Users\Marcel\Desktop\nickellissas_120913_27012-L4D2.zip
2014-01-30 19:00 - 2014-01-30 19:08 - 39255055 _____ C:\Users\Marcel\Desktop\demonic_infected_pack_280811_12462-L4D2.zip
2014-01-30 18:59 - 2014-01-30 19:08 - 03274564 _____ C:\Users\Marcel\Desktop\revenant_060713_26177-L4D2.zip
2014-01-30 16:01 - 2013-11-15 18:38 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Skype
2014-01-30 14:38 - 2014-01-30 14:37 - 00000203 _____ C:\Users\Marcel\Documents\debug.log
2014-01-30 14:38 - 2014-01-30 09:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\cache
2014-01-30 11:44 - 2014-01-30 11:42 - 00000389 _____ C:\Users\Marcel\Documents\plot.log
2014-01-30 10:22 - 2014-01-30 10:22 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (2).txt
2014-01-30 09:59 - 2014-01-30 09:48 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Autodesk
2014-01-30 09:59 - 2014-01-30 09:48 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-30 09:54 - 2014-01-30 09:54 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-30 09:54 - 2014-01-30 09:52 - 00000000 ____D C:\Users\Marcel\AppData\Local\Autodesk
2014-01-30 09:53 - 2014-01-30 09:53 - 00002021 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-30 09:53 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-30 09:53 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files\Autodesk
2014-01-30 09:52 - 2014-01-30 09:52 - 00002118 _____ C:\Users\Public\Desktop\AutoCAD 2014 - Deutsch (German).lnk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files (x86)\Autodesk
2014-01-30 09:50 - 2014-01-30 09:50 - 00001342 _____ C:\WINDOWS\DirectX.log
2014-01-30 09:47 - 2014-01-30 09:47 - 00000000 ____D C:\Autodesk
2014-01-30 09:46 - 2014-01-28 17:37 - 00000000 ____D C:\Users\Marcel\Desktop\AutoCAD 2014 ordner
2014-01-30 09:45 - 2014-01-30 09:45 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014 - Kopie
2014-01-30 09:44 - 2014-01-29 22:17 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014
2014-01-30 09:32 - 2014-01-30 09:32 - 00000000 ____D C:\Users\Marcel\Desktop\Autodesk.AutoCAD.2014.WIN64.German-XFORCE
2014-01-30 09:31 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-30 07:57 - 2014-01-30 07:57 - 00000000 ____D C:\Users\Marcel\Desktop\0030
2014-01-30 07:33 - 2014-01-30 07:33 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\WinRAR
2014-01-30 07:32 - 2014-01-30 07:32 - 00000993 _____ C:\Users\Public\Desktop\WinRAR.lnk
2014-01-30 07:32 - 2014-01-30 07:32 - 00000000 ____D C:\Program Files\WinRAR
2014-01-29 22:18 - 2013-11-15 13:21 - 00349696 ___SH C:\Users\Marcel\Downloads\Thumbs.db
2014-01-29 16:48 - 2014-01-29 16:48 - 00000000 ____D C:\Users\Marcel\Desktop\Left4Uncut [09.07.2013]
2014-01-29 13:07 - 2013-12-05 07:30 - 00004909 _____ C:\WINDOWS\setupact.log
2014-01-29 12:56 - 2013-11-18 16:40 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2014-01-29 08:00 - 2013-12-04 08:01 - 00000000 ____D C:\Users\Marcel\Desktop\HTML neu neu
2014-01-28 20:49 - 2014-01-28 20:46 - 00000000 ____D C:\Users\Marcel\Desktop\bilder
2014-01-28 19:12 - 2014-01-28 17:46 - 00000000 ____D C:\Users\Marcel\Desktop\JDownloader
2014-01-28 18:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-28 17:45 - 2014-01-28 17:46 - 31419822 _____ C:\Users\Marcel\Desktop\JDownloader.zip
2014-01-28 17:38 - 2014-01-28 17:38 - 00000900 _____ C:\Users\Marcel\Desktop\µTorrent.lnk
2014-01-28 17:38 - 2014-01-28 17:38 - 00000880 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 15:31 - 2013-12-18 22:31 - 00000154 _____ C:\Users\Marcel\AppData\Roaming\WB.CFG
2014-01-28 15:05 - 2013-12-20 07:46 - 00000000 ____D C:\ProgramData\ProductData
2014-01-27 20:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-27 20:57 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-17 16:24 - 2013-11-14 08:13 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 16:24 - 2013-11-14 08:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 20:38 - 2013-12-11 11:15 - 00000000 ____D C:\Users\Marcel\Desktop\German Top 100 Single Charts 07.10.2013
2014-01-16 20:36 - 2014-01-16 20:37 - 06647920 _____ C:\Users\Marcel\Desktop\The C90s - Shine A Light (Flight Facilities Remix).aac
2014-01-16 00:46 - 2014-01-16 00:46 - 00045042 _____ C:\Users\Marcel\Desktop\preferenceloader_2.2.2_iphoneos-arm.deb
2014-01-15 22:57 - 2013-11-15 06:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 22:41 - 2014-01-15 22:41 - 08779186 _____ C:\Users\Marcel\Desktop\eu.heinelt.ifile_2.0.1-1_iphoneos-arm_fabius.deb
2014-01-15 19:14 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Apple Computer
2014-01-15 19:14 - 2014-01-15 19:00 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\iFunbox_UserCache
2014-01-15 19:13 - 2014-01-15 19:13 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 19:13 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iPod
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-15 19:12 - 2014-01-15 19:11 - 00000000 ____D C:\ProgramData\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Bonjour
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-15 19:00 - 2014-01-15 19:00 - 00001070 _____ C:\Users\Public\Desktop\iFunbox.lnk
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2014-01-15 18:58 - 2014-01-15 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-01-09 09:17 - 2014-01-30 20:49 - 02146304 _____ (Geek Uninstaller Software) C:\Users\Marcel\Desktop\geek.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\geek_x64.exe
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-28 18:14
==================== End Of Log ============================
|
|
31.01.2014, 17:19
| #4 |
| /// TB-Ausbilder | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Welche Probleme bestehen nach folgendem Fix noch? Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms}
BHO: Savings Wizard BHO - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - C:\Program Files (x86)\Savings Wizard\FrameworkBHO64.dll No File
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
CHR Extension: (Savings Wizard) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam [2014-01-31]
S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [x]
2014-01-30 20:33 - 2014-01-30 20:34 - 00000000 ____D C:\Users\Marcel\AppData\Local\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\Documents\Mobogenie
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\genienext
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\.android
2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 _____ C:\Users\Marcel\daemonprocess.txt
2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\ProgramData\WPM
2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\Program Files (x86)\SupTab
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Users\Marcel\Documents\RegistryDr
2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-30 20:32 - 2014-01-30 20:34 - 00000000 ____D C:\Program Files (x86)\Mobogenie
2014-01-30 20:29 - 2014-01-30 23:34 - 00000000 ____D C:\Program Files (x86)\Bench
54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
Task: {2CEAAAFD-535C-44E5-83DF-C22E21347A56} - \UpdaterEX No Task File
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ cheers, Leo |
|
31.01.2014, 18:56
| #5 |
| | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Awesomehp ist wohl zugrunde gegangen aber Savings Wizard hat sich erneut in Chrome eingenistet und wird durch "Unternehmensrichtlinien installiert" geschützt. Zwar wurde das Programm durch FRST beschädigt aber restlos verschwunden ist es nicht. Savings Wizard kommt nach dem löschen von chrome und neuinstallion wieder! Habe es getestet  Fixlog Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-01-2014 01 Ran by Marcel at 2014-01-31 18:46:02 Run:1 Running from C:\Users\Marcel\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** HKLM-x32\...\Run: [mobilegeni daemon] - C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms} HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms} HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1391110188&from=amt&uid=3219913727_198339_C04AC7F4&q={searchTerms} BHO: Savings Wizard BHO - {5682CA62-1A80-40AE-82A0-B67833CE75FF} - C:\Program Files (x86)\Savings Wizard\FrameworkBHO64.dll No File FF DefaultSearchEngine: awesomehp FF SelectedSearchEngine: awesomehp CHR Extension: (Savings Wizard) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam [2014-01-31] S2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe -service [x] 2014-01-30 20:33 - 2014-01-30 20:34 - 00000000 ____D C:\Users\Marcel\AppData\Local\Mobogenie 2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\Documents\Mobogenie 2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\genienext 2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 ____D C:\Users\Marcel\.android 2014-01-30 20:33 - 2014-01-30 20:33 - 00000000 _____ C:\Users\Marcel\daemonprocess.txt 2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\ProgramData\WPM 2014-01-30 20:32 - 2014-01-30 22:30 - 00000000 ____D C:\Program Files (x86)\SupTab 2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin 2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Users\Marcel\Documents\RegistryDr 2014-01-30 20:32 - 2014-01-30 20:35 - 00000000 ____D C:\Program Files (x86)\Registry Dr 2014-01-30 20:32 - 2014-01-30 20:34 - 00000000 ____D C:\Program Files (x86)\Mobogenie 2014-01-30 20:29 - 2014-01-30 23:34 - 00000000 ____D C:\Program Files (x86)\Bench 54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam Task: {2CEAAAFD-535C-44E5-83DF-C22E21347A56} - \UpdaterEX No Task File ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\mobilegeni daemon => Value deleted successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully. HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key deleted successfully. HKCR\CLSID\{5682CA62-1A80-40AE-82A0-B67833CE75FF} => Key deleted successfully. Firefox DefaultSearchEngine deleted successfully. Firefox SelectedSearchEngine deleted successfully. C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajakpekbmnkgnjbpajgkdhimcbeoocam => Moved successfully. IePluginService => Service deleted successfully. C:\Users\Marcel\AppData\Local\Mobogenie => Moved successfully. C:\Users\Marcel\Documents\Mobogenie => Moved successfully. C:\Users\Marcel\AppData\Local\genienext => Moved successfully. C:\Users\Marcel\.android => Moved successfully. C:\Users\Marcel\daemonprocess.txt => Moved successfully. C:\ProgramData\WPM => Moved successfully. C:\Program Files (x86)\SupTab => Moved successfully. C:\WINDOWS\SysWOW64\AI_RecycleBin => Moved successfully. C:\Users\Marcel\Documents\RegistryDr => Moved successfully. C:\Program Files (x86)\Registry Dr => Moved successfully. C:\Program Files (x86)\Mobogenie => Moved successfully. C:\Program Files (x86)\Bench => Moved successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2CEAAAFD-535C-44E5-83DF-C22E21347A56} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2CEAAAFD-535C-44E5-83DF-C22E21347A56} => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully. ==== End of Fixlog ==== Geändert von MBKing (31.01.2014 um 19:09 Uhr) |
|
31.01.2014, 19:11
| #6 |
| /// TB-Ausbilder | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Ok. Schritt 1 ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
__________________ --> Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen |
|
01.02.2014, 22:31
| #7 |
| | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen ESET ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=3e4807528956464595518344ce647eb1 # engine=16889 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2014-01-31 09:35:03 # local_time=2014-01-31 10:35:03 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.2.9200 NT # compatibility_mode=3592 16777213 100 88 48953 141866599 0 0 # compatibility_mode=5893 16776574 100 94 5761595 14037805 0 0 # scanned=253714 # found=1 # cleaned=0 # scan_time=3414 sh=BF79D5C0175D384675C98D0ED5DC13FFFDF07807 ft=1 fh=71ae7b54df38edf4 vn="a variant of Win32/Skintrim.LT trojan" ac=I fn="C:\Users\Marcel\AppData\Local\Microsoft\Windows\INetCache\IE\RDN4IIAP\download[1].php" FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014 01
Ran by Marcel (administrator) on MARCEL on 31-01-2014 22:41:22
Running from C:\Users\Marcel\Desktop
Windows 8.1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Autodesk, Inc.) C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionService.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCServiceController.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(BitTorrent Inc.) C:\Users\Marcel\AppData\Roaming\uTorrent\uTorrent.exe
(Autodesk, Inc.) C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
() C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Java\jre7\bin\javaw.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe
(Alienware) C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienwareTactXMacroController.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9600.16422_x64__8wekyb3d8bbwe\glcnd.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFusionController.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Farbar) C:\Users\Marcel\Desktop\FRST64 (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7174728 2013-03-29] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-09] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-04-10] (Intel Corporation)
HKLM\...\Run: [Command Center Controllers] - C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe [13840 2013-05-29] (Alienware)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\WINDOWS\system32\nvspcap64.dll [1064224 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3011312 2013-04-08] (Synaptics Incorporated)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM-x32\...\Run: [Alienware Survey] - c:\Program Files (x86)\Alienware Customer Surveys\AlienSurvey.exe [7396920 2013-04-23] (Alienware, Inc.)
HKLM-x32\...\Run: [AlienwareOn-ScreenDisplay] - C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe [4434224 2013-08-20] ()
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [102928 2012-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [179928 2013-01-03] (cyberlink)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKCU\...\Run: [uTorrent] - C:\Users\Marcel\AppData\Roaming\uTorrent\uTorrent.exe [1307736 2014-01-28] (BitTorrent Inc.)
HKCU\...\Run: [Autodesk Sync] - C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe [1081224 2013-02-05] (Autodesk, Inc.)
HKCU\...\Policies\Explorer: []
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.alienwarearena.com/welcome-de
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {477C94E0-1170-402F-997E-BB631ECA700B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKLM-x32 - {477C94E0-1170-402F-997E-BB631ECA700B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=DCJB
SearchScopes: HKCU - {477C94E0-1170-402F-997E-BB631ECA700B} URL =
BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 54.204.28.26 ajakpekbmnkgnjbpajgkdhimcbeoocam
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\msudb1vn.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Marcel\AppData\Roaming\Mozilla\Firefox\Profiles\msudb1vn.default\extensions\lightningnewtab@gmail.com.xpi
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-31]
CHR Extension: (Google Drive) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-31]
CHR Extension: (YouTube) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-31]
CHR Extension: (Google-Suche) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-31]
CHR Extension: (Norton Identity Protection) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-31]
CHR Extension: (Google Wallet) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-31]
CHR Extension: (Google Mail) - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-31]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-27]
CHR HKLM-x32\...\Chrome\Extension: [pkndmigholgfjlniaohblojbhgjbkakn] - C:\Users\Marcel\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv2.crx [2014-01-27]
==================== Services (Whitelisted) =================
R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [12288 2012-12-13] (Autodesk, Inc.)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [245888 2013-01-02] (CyberLink)
S3 Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\SystemInfo\FMSISvc.exe [520416 2013-10-15] (Futuremark)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-10] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
S3 ioloEnergyBooster; C:\Program Files\Alienware\Command Center\ioloEnergyBooster.exe [6145872 2012-11-01] (iolo technologies, LLC)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151744 2013-12-20] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe [264360 2013-10-08] (Symantec Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-14] (NVIDIA Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2013-11-28] ()
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-11-23] ()
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-25] ()
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-03-01] (Riverbed Technology, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [239176 2013-02-20] (Realtek Semiconductor)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [758224 2013-11-06] (Tunngle.net GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
S3 AcpiCtlDrv; C:\Windows\System32\drivers\AcpiCtlDrv.sys [25880 2012-07-17] (Intel Corporation)
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-13] (Windows (R) Win 7 DDK provider)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2014-01-10] (Symantec Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-04-30] (Broadcom Corporation.)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2013-01-25] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-25] (Symantec Corporation)
R0 EMSC; C:\Windows\System32\drivers\EMSC.SYS [17720 2012-07-10] ()
R0 EMSC; C:\Windows\SysWOW64\drivers\EMSC.SYS [15160 2012-07-10] ()
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-25] (Symantec Corporation)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-10] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140130.001\IDSvia64.sys [521944 2014-01-24] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2013-11-11] (Microsoft Corporation)
R3 Ke2200; C:\Windows\system32\DRIVERS\e22w8x64.sys [174448 2012-12-03] (Qualcomm Atheros, Inc.)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-07-26] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\ENG64.SYS [126040 2014-01-15] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140131.002\EX64.SYS [2099288 2014-01-15] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-03-01] (Riverbed Technology, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2013-10-26] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [32496 2013-04-08] (Synaptics Incorporated)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-27] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-10] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R3 ST_Accel; C:\Windows\system32\DRIVERS\ST_Accel.sys [91360 2013-04-11] (STMicroelectronics)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-27] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1501000.012\SymELAM.sys [23568 2013-09-10] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-27] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-26] (Symantec Corporation)
R3 tap0901t; C:\Windows\system32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
S3 EverestDriver; \??\C:\Users\Marcel\AppData\Local\Temp\EverestDriver.sys [x]
S3 GPUZ; \??\C:\WINDOWS\TEMP\GPUZ.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 22:41 - 2014-01-31 22:41 - 00026423 _____ C:\Users\Marcel\Desktop\FRST.txt
2014-01-31 22:24 - 2014-01-31 22:41 - 205214151 _____ C:\Users\Marcel\Downloads\HABIB+COBRA+CFW+4.53+V1.03.zip
2014-01-31 22:09 - 2014-01-31 22:14 - 203771236 _____ C:\Users\Marcel\Downloads\HABIB_4.50_PS3UPDAT.PUP
2014-01-31 21:35 - 2014-01-31 21:35 - 02347384 _____ (ESET) C:\Users\Marcel\Downloads\esetsmartinstaller_enu (1).exe
2014-01-31 21:10 - 2014-01-31 21:10 - 02347384 _____ (ESET) C:\Users\Marcel\Downloads\esetsmartinstaller_enu.exe
2014-01-31 21:02 - 2013-11-23 18:27 - 00000177 _____ C:\Users\Marcel\Desktop\Share-online.biz Premium Account!.url
2014-01-31 21:02 - 2013-11-23 18:27 - 00000120 _____ C:\Users\Marcel\Desktop\Cloudzer.net Premium Account!.url
2014-01-31 21:02 - 2013-11-23 18:27 - 00000113 _____ C:\Users\Marcel\Desktop\Uploaded.net Premium Account!.url
2014-01-31 21:02 - 2013-05-22 22:48 - 00000000 ____D C:\Users\Marcel\Desktop\CheckMe
2014-01-31 20:56 - 2014-01-31 20:56 - 00000000 ____D C:\Program Files (x86)\Flyff
2014-01-31 20:54 - 2014-01-31 20:54 - 00695128 _____ C:\Users\Marcel\Downloads\Flyff_DE.exe
2014-01-31 20:46 - 2014-01-31 21:05 - 00000000 ____D C:\Users\Marcel\Desktop\The last of US
2014-01-31 18:52 - 2014-01-31 18:53 - 08515304 _____ (DonationCoder.com ) C:\Users\Marcel\Downloads\Screenshot48CaptorSetup.exe
2014-01-31 18:52 - 2014-01-31 18:52 - 00001117 _____ C:\Users\Marcel\Desktop\Screenshot Captor.lnk
2014-01-31 18:52 - 2014-01-31 18:52 - 00000058 _____ C:\Users\Marcel\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Users\Marcel\Documents\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\ProgramData\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Program Files (x86)\ScreenshotCaptor
2014-01-31 18:44 - 2014-01-31 18:45 - 02079744 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64 (1).exe
2014-01-31 18:41 - 2014-01-31 18:41 - 00002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 16:56 - 2014-01-31 18:46 - 00000000 ____D C:\FRST
2014-01-31 16:56 - 2014-01-31 16:57 - 00056238 _____ C:\Users\Marcel\Downloads\FRST.txt
2014-01-31 16:56 - 2014-01-31 16:57 - 00021017 _____ C:\Users\Marcel\Downloads\Addition.txt
2014-01-31 16:55 - 2014-01-31 16:56 - 02079744 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2014-01-31 16:53 - 2014-01-31 16:53 - 00003370 _____ C:\sc-cleaner.txt
2014-01-31 16:52 - 2014-01-31 16:53 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\sc-cleaner.exe
2014-01-31 10:45 - 2014-01-31 10:45 - 00000000 ____D C:\Users\Marcel\AppData\Local\Eraser 6
2014-01-31 09:58 - 2014-01-31 09:58 - 00001761 _____ C:\Users\Public\Desktop\Eraser.lnk
2014-01-31 09:58 - 2014-01-31 09:58 - 00000000 ____D C:\Program Files\Eraser
2014-01-31 09:52 - 2014-01-31 10:01 - 00000000 ____D C:\Users\Marcel\AppData\Local\NPE
2014-01-31 09:41 - 2014-01-31 09:41 - 00001255 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00001231 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\IObit
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\ProgramData\IObit
2014-01-31 09:33 - 2014-01-31 18:41 - 00000000 ____D C:\Users\Marcel\AppData\Local\Google
2014-01-31 08:36 - 2014-01-31 08:36 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\PCDr
2014-01-31 08:20 - 2014-01-31 08:20 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (3).txt
2014-01-31 07:51 - 2014-01-31 07:40 - 01166132 _____ C:\Users\Marcel\Desktop\adwcleaner-3.018.exe
2014-01-31 07:41 - 2014-01-31 11:36 - 00000000 ____D C:\AdwCleaner
2014-01-30 20:49 - 2014-01-09 09:17 - 02146304 _____ (Geek Uninstaller Software) C:\Users\Marcel\Desktop\geek.exe
2014-01-30 20:29 - 2014-01-30 20:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-30 20:27 - 2014-01-30 20:27 - 00000068 _____ C:\Users\Marcel\Desktop\TS3 Server adresse.txt
2014-01-30 19:51 - 2014-01-30 20:15 - 00000000 ____D C:\Users\Marcel\AppData\Local\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00001160 _____ C:\Users\Public\Desktop\Battle.net.lnk
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2014-01-30 19:43 - 2014-01-30 19:44 - 00000000 ____D C:\ProgramData\Battle.net
2014-01-30 19:08 - 2014-01-30 19:06 - 11861359 _____ C:\Users\Marcel\Desktop\nickellissas_120913_27012-L4D2.zip
2014-01-30 19:08 - 2014-01-30 19:00 - 39255055 _____ C:\Users\Marcel\Desktop\demonic_infected_pack_280811_12462-L4D2.zip
2014-01-30 19:08 - 2014-01-30 18:59 - 03274564 _____ C:\Users\Marcel\Desktop\revenant_060713_26177-L4D2.zip
2014-01-30 14:37 - 2014-01-30 14:38 - 00000203 _____ C:\Users\Marcel\Documents\debug.log
2014-01-30 13:58 - 2014-01-31 20:46 - 00000000 ____D C:\Users\Marcel\Desktop\ThelastofUS
2014-01-30 13:57 - 2014-01-31 15:09 - 00000000 ____D C:\Users\Marcel\Desktop\schrott
2014-01-30 11:42 - 2014-01-30 11:44 - 00000389 _____ C:\Users\Marcel\Documents\plot.log
2014-01-30 10:22 - 2014-01-30 10:22 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (2).txt
2014-01-30 09:59 - 2014-01-30 14:38 - 00000000 ____D C:\Users\Marcel\AppData\Local\cache
2014-01-30 09:54 - 2014-01-30 09:54 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-30 09:53 - 2014-01-30 09:53 - 00002021 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-30 09:52 - 2014-01-30 09:54 - 00000000 ____D C:\Users\Marcel\AppData\Local\Autodesk
2014-01-30 09:52 - 2014-01-30 09:52 - 00002118 _____ C:\Users\Public\Desktop\AutoCAD 2014 - Deutsch (German).lnk
2014-01-30 09:51 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-30 09:51 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files (x86)\Autodesk
2014-01-30 09:50 - 2014-01-30 09:50 - 00001342 _____ C:\WINDOWS\DirectX.log
2014-01-30 09:48 - 2014-01-30 09:59 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Autodesk
2014-01-30 09:48 - 2014-01-30 09:59 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-30 09:47 - 2014-01-30 09:47 - 00000000 ____D C:\Autodesk
2014-01-30 09:45 - 2014-01-30 09:45 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014 - Kopie
2014-01-30 09:32 - 2014-01-30 09:32 - 00000000 ____D C:\Users\Marcel\Desktop\Autodesk.AutoCAD.2014.WIN64.German-XFORCE
2014-01-30 07:57 - 2014-01-30 07:57 - 00000000 ____D C:\Users\Marcel\Desktop\0030
2014-01-30 07:33 - 2014-01-30 07:33 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\WinRAR
2014-01-30 07:32 - 2014-01-30 07:32 - 00000993 _____ C:\Users\Public\Desktop\WinRAR.lnk
2014-01-30 07:32 - 2014-01-30 07:32 - 00000000 ____D C:\Program Files\WinRAR
2014-01-29 22:17 - 2014-01-30 09:44 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014
2014-01-29 16:54 - 2013-07-12 16:48 - 00035328 _____ C:\Users\Marcel\Desktop\left4gore.exe
2014-01-29 16:48 - 2014-01-29 16:48 - 00000000 ____D C:\Users\Marcel\Desktop\Left4Uncut [09.07.2013]
2014-01-28 20:46 - 2014-01-28 20:49 - 00000000 ____D C:\Users\Marcel\Desktop\bilder
2014-01-28 17:46 - 2014-01-28 19:12 - 00000000 ____D C:\Users\Marcel\Desktop\JDownloader
2014-01-28 17:46 - 2014-01-28 17:45 - 31419822 _____ C:\Users\Marcel\Desktop\JDownloader.zip
2014-01-28 17:38 - 2014-01-28 17:38 - 00000900 _____ C:\Users\Marcel\Desktop\µTorrent.lnk
2014-01-28 17:38 - 2014-01-28 17:38 - 00000880 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 17:37 - 2014-01-31 22:40 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\uTorrent
2014-01-28 17:37 - 2014-01-30 09:46 - 00000000 ____D C:\Users\Marcel\Desktop\AutoCAD 2014 ordner
2014-01-16 20:37 - 2014-01-16 20:36 - 06647920 _____ C:\Users\Marcel\Desktop\The C90s - Shine A Light (Flight Facilities Remix).aac
2014-01-16 00:46 - 2014-01-16 00:46 - 00045042 _____ C:\Users\Marcel\Desktop\preferenceloader_2.2.2_iphoneos-arm.deb
2014-01-15 22:41 - 2014-01-15 22:41 - 08779186 _____ C:\Users\Marcel\Desktop\eu.heinelt.ifile_2.0.1-1_iphoneos-arm_fabius.deb
2014-01-15 22:31 - 2013-12-09 01:15 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-01-15 22:31 - 2013-11-27 16:36 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-01-15 22:31 - 2013-11-27 12:41 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-01-15 22:31 - 2013-11-27 11:34 - 00138240 _____ C:\WINDOWS\system32\OEMLicense.dll
2014-01-15 22:31 - 2013-11-27 10:54 - 00103936 _____ C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-01-15 22:31 - 2013-11-27 09:48 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:31 - 2013-11-27 09:45 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-01-15 22:31 - 2013-11-27 09:40 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 22:31 - 2013-11-27 09:38 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-01-15 22:31 - 2013-11-27 09:17 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 22:31 - 2013-11-27 09:12 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 19:13 - 2014-01-15 19:14 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Apple Computer
2014-01-15 19:13 - 2014-01-15 19:13 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 19:13 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple Computer
2014-01-15 19:13 - 2012-08-21 13:01 - 00033240 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iPod
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-15 19:11 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Bonjour
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-15 19:00 - 2014-01-15 19:14 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\iFunbox_UserCache
2014-01-15 19:00 - 2014-01-15 19:00 - 00001070 _____ C:\Users\Public\Desktop\iFunbox.lnk
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2014-01-15 18:58 - 2014-01-15 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
==================== One Month Modified Files and Folders =======
2014-01-31 22:41 - 2014-01-31 22:41 - 00026423 _____ C:\Users\Marcel\Desktop\FRST.txt
2014-01-31 22:41 - 2014-01-31 22:24 - 205214151 _____ C:\Users\Marcel\Downloads\HABIB+COBRA+CFW+4.53+V1.03.zip
2014-01-31 22:41 - 2014-01-31 16:56 - 00000000 ____D C:\FRST
2014-01-31 22:40 - 2014-01-28 17:37 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\uTorrent
2014-01-31 22:37 - 2013-12-03 19:04 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\ClassicShell
2014-01-31 22:27 - 2013-11-13 22:17 - 00001124 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 22:26 - 2013-11-15 20:22 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\TS3Client
2014-01-31 22:16 - 2013-12-04 16:51 - 01406316 _____ C:\WINDOWS\WindowsUpdate.log
2014-01-31 22:14 - 2014-01-31 22:09 - 203771236 _____ C:\Users\Marcel\Downloads\HABIB_4.50_PS3UPDAT.PUP
2014-01-31 22:02 - 2013-11-13 14:15 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-01-31 22:02 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\sru
2014-01-31 21:50 - 2013-11-13 13:58 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3521883235-1359198826-403492938-1002
2014-01-31 21:35 - 2014-01-31 21:35 - 02347384 _____ (ESET) C:\Users\Marcel\Downloads\esetsmartinstaller_enu (1).exe
2014-01-31 21:33 - 2013-11-26 14:53 - 00000000 ____D C:\Users\Marcel\AppData\Local\CrashDumps
2014-01-31 21:15 - 2013-09-30 05:14 - 01780340 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-31 21:15 - 2013-09-30 04:56 - 00766620 _____ C:\WINDOWS\system32\perfh007.dat
2014-01-31 21:15 - 2013-09-30 04:56 - 00159902 _____ C:\WINDOWS\system32\perfc007.dat
2014-01-31 21:12 - 2013-12-05 07:30 - 00005704 _____ C:\WINDOWS\setupact.log
2014-01-31 21:10 - 2014-01-31 21:10 - 02347384 _____ (ESET) C:\Users\Marcel\Downloads\esetsmartinstaller_enu.exe
2014-01-31 21:05 - 2014-01-31 20:46 - 00000000 ____D C:\Users\Marcel\Desktop\The last of US
2014-01-31 20:56 - 2014-01-31 20:56 - 00000000 ____D C:\Program Files (x86)\Flyff
2014-01-31 20:54 - 2014-01-31 20:54 - 00695128 _____ C:\Users\Marcel\Downloads\Flyff_DE.exe
2014-01-31 20:46 - 2014-01-30 13:58 - 00000000 ____D C:\Users\Marcel\Desktop\ThelastofUS
2014-01-31 19:24 - 2013-11-02 17:15 - 00000000 ____D C:\Program Files (x86)\Steam
2014-01-31 18:54 - 2013-11-13 15:12 - 00436736 ___SH C:\Users\Marcel\Desktop\Thumbs.db
2014-01-31 18:53 - 2014-01-31 18:52 - 08515304 _____ (DonationCoder.com ) C:\Users\Marcel\Downloads\Screenshot48CaptorSetup.exe
2014-01-31 18:52 - 2014-01-31 18:52 - 00001117 _____ C:\Users\Marcel\Desktop\Screenshot Captor.lnk
2014-01-31 18:52 - 2014-01-31 18:52 - 00000058 _____ C:\Users\Marcel\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Users\Marcel\Documents\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\ProgramData\DonationCoder
2014-01-31 18:52 - 2014-01-31 18:52 - 00000000 ____D C:\Program Files (x86)\ScreenshotCaptor
2014-01-31 18:46 - 2013-11-14 10:57 - 00000000 ____D C:\Users\Marcel
2014-01-31 18:45 - 2014-01-31 18:44 - 02079744 _____ (Farbar) C:\Users\Marcel\Desktop\FRST64 (1).exe
2014-01-31 18:41 - 2014-01-31 18:41 - 00002269 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-31 18:41 - 2014-01-31 09:33 - 00000000 ____D C:\Users\Marcel\AppData\Local\Google
2014-01-31 18:40 - 2013-11-13 22:17 - 00000000 ____D C:\Program Files (x86)\Google
2014-01-31 17:44 - 2013-12-19 21:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-31 17:44 - 2013-11-02 17:15 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2014-01-31 16:57 - 2014-01-31 16:56 - 00056238 _____ C:\Users\Marcel\Downloads\FRST.txt
2014-01-31 16:57 - 2014-01-31 16:56 - 00021017 _____ C:\Users\Marcel\Downloads\Addition.txt
2014-01-31 16:56 - 2014-01-31 16:55 - 02079744 _____ (Farbar) C:\Users\Marcel\Downloads\FRST64.exe
2014-01-31 16:53 - 2014-01-31 16:53 - 00003370 _____ C:\sc-cleaner.txt
2014-01-31 16:53 - 2014-01-31 16:52 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Marcel\Downloads\sc-cleaner.exe
2014-01-31 16:53 - 2013-11-14 11:31 - 00001452 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 16:39 - 2013-11-13 22:17 - 00001120 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 16:38 - 2013-11-14 11:33 - 00000000 ___RD C:\Users\Marcel\SkyDrive
2014-01-31 15:09 - 2014-01-30 13:57 - 00000000 ____D C:\Users\Marcel\Desktop\schrott
2014-01-31 15:08 - 2013-12-03 22:19 - 00000000 ____D C:\Users\Marcel\Desktop\iPod Backup
2014-01-31 11:36 - 2014-01-31 07:41 - 00000000 ____D C:\AdwCleaner
2014-01-31 11:36 - 2013-12-18 08:01 - 00041570 _____ C:\WINDOWS\PFRO.log
2014-01-31 11:36 - 2013-11-14 10:54 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-31 11:36 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2014-01-31 10:45 - 2014-01-31 10:45 - 00000000 ____D C:\Users\Marcel\AppData\Local\Eraser 6
2014-01-31 10:01 - 2014-01-31 09:52 - 00000000 ____D C:\Users\Marcel\AppData\Local\NPE
2014-01-31 09:58 - 2014-01-31 09:58 - 00001761 _____ C:\Users\Public\Desktop\Eraser.lnk
2014-01-31 09:58 - 2014-01-31 09:58 - 00000000 ____D C:\Program Files\Eraser
2014-01-31 09:58 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2014-01-31 09:52 - 2013-11-26 11:45 - 00000000 ____D C:\ProgramData\Norton
2014-01-31 09:41 - 2014-01-31 09:41 - 00001255 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00001231 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\IObit
2014-01-31 09:41 - 2014-01-31 09:41 - 00000000 ____D C:\ProgramData\IObit
2014-01-31 08:36 - 2014-01-31 08:36 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\PCDr
2014-01-31 08:20 - 2014-01-31 08:20 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (3).txt
2014-01-31 07:40 - 2014-01-31 07:51 - 01166132 _____ C:\Users\Marcel\Desktop\adwcleaner-3.018.exe
2014-01-30 23:06 - 2013-12-08 12:45 - 00000000 ____D C:\Users\Marcel\Desktop\winject
2014-01-30 20:37 - 2013-08-22 15:44 - 00458512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-30 20:29 - 2014-01-30 20:29 - 00000306 __RSH C:\ProgramData\ntuser.pol
2014-01-30 20:29 - 2013-08-22 16:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2014-01-30 20:29 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2014-01-30 20:27 - 2014-01-30 20:27 - 00000068 _____ C:\Users\Marcel\Desktop\TS3 Server adresse.txt
2014-01-30 20:15 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00001160 _____ C:\Users\Public\Desktop\Battle.net.lnk
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Battle.net
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Users\Marcel\AppData\Local\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\ProgramData\Blizzard Entertainment
2014-01-30 19:51 - 2014-01-30 19:51 - 00000000 ____D C:\Program Files (x86)\Battle.net
2014-01-30 19:44 - 2014-01-30 19:43 - 00000000 ____D C:\ProgramData\Battle.net
2014-01-30 19:06 - 2014-01-30 19:08 - 11861359 _____ C:\Users\Marcel\Desktop\nickellissas_120913_27012-L4D2.zip
2014-01-30 19:00 - 2014-01-30 19:08 - 39255055 _____ C:\Users\Marcel\Desktop\demonic_infected_pack_280811_12462-L4D2.zip
2014-01-30 18:59 - 2014-01-30 19:08 - 03274564 _____ C:\Users\Marcel\Desktop\revenant_060713_26177-L4D2.zip
2014-01-30 16:01 - 2013-11-15 18:38 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Skype
2014-01-30 14:38 - 2014-01-30 14:37 - 00000203 _____ C:\Users\Marcel\Documents\debug.log
2014-01-30 14:38 - 2014-01-30 09:59 - 00000000 ____D C:\Users\Marcel\AppData\Local\cache
2014-01-30 11:44 - 2014-01-30 11:42 - 00000389 _____ C:\Users\Marcel\Documents\plot.log
2014-01-30 10:22 - 2014-01-30 10:22 - 00000000 _____ C:\Users\Marcel\Desktop\Neues Textdokument (2).txt
2014-01-30 09:59 - 2014-01-30 09:48 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Autodesk
2014-01-30 09:59 - 2014-01-30 09:48 - 00000000 ____D C:\ProgramData\Autodesk
2014-01-30 09:54 - 2014-01-30 09:54 - 00000000 ____D C:\ProgramData\FLEXnet
2014-01-30 09:54 - 2014-01-30 09:52 - 00000000 ____D C:\Users\Marcel\AppData\Local\Autodesk
2014-01-30 09:53 - 2014-01-30 09:53 - 00002021 _____ C:\Users\Public\Desktop\Autodesk 360.lnk
2014-01-30 09:53 - 2014-01-30 09:53 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2014-01-30 09:53 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files\Common Files\Autodesk Shared
2014-01-30 09:53 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files\Autodesk
2014-01-30 09:52 - 2014-01-30 09:52 - 00002118 _____ C:\Users\Public\Desktop\AutoCAD 2014 - Deutsch (German).lnk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Users\Public\Documents\Autodesk
2014-01-30 09:51 - 2014-01-30 09:51 - 00000000 ____D C:\Program Files (x86)\Autodesk
2014-01-30 09:50 - 2014-01-30 09:50 - 00001342 _____ C:\WINDOWS\DirectX.log
2014-01-30 09:47 - 2014-01-30 09:47 - 00000000 ____D C:\Autodesk
2014-01-30 09:46 - 2014-01-28 17:37 - 00000000 ____D C:\Users\Marcel\Desktop\AutoCAD 2014 ordner
2014-01-30 09:45 - 2014-01-30 09:45 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014 - Kopie
2014-01-30 09:44 - 2014-01-29 22:17 - 00000000 ____D C:\Users\Marcel\Desktop\Auto CAD 2014
2014-01-30 09:32 - 2014-01-30 09:32 - 00000000 ____D C:\Users\Marcel\Desktop\Autodesk.AutoCAD.2014.WIN64.German-XFORCE
2014-01-30 09:31 - 2013-08-22 16:36 - 00000000 __RHD C:\Users\Public\Libraries
2014-01-30 07:57 - 2014-01-30 07:57 - 00000000 ____D C:\Users\Marcel\Desktop\0030
2014-01-30 07:33 - 2014-01-30 07:33 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\WinRAR
2014-01-30 07:32 - 2014-01-30 07:32 - 00000993 _____ C:\Users\Public\Desktop\WinRAR.lnk
2014-01-30 07:32 - 2014-01-30 07:32 - 00000000 ____D C:\Program Files\WinRAR
2014-01-29 22:18 - 2013-11-15 13:21 - 00349696 ___SH C:\Users\Marcel\Downloads\Thumbs.db
2014-01-29 16:48 - 2014-01-29 16:48 - 00000000 ____D C:\Users\Marcel\Desktop\Left4Uncut [09.07.2013]
2014-01-29 12:56 - 2013-11-18 16:40 - 00000022 _____ C:\WINDOWS\GPU-Z.INI
2014-01-29 08:00 - 2013-12-04 08:01 - 00000000 ____D C:\Users\Marcel\Desktop\HTML neu neu
2014-01-28 20:49 - 2014-01-28 20:46 - 00000000 ____D C:\Users\Marcel\Desktop\bilder
2014-01-28 19:12 - 2014-01-28 17:46 - 00000000 ____D C:\Users\Marcel\Desktop\JDownloader
2014-01-28 18:14 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2014-01-28 17:45 - 2014-01-28 17:46 - 31419822 _____ C:\Users\Marcel\Desktop\JDownloader.zip
2014-01-28 17:38 - 2014-01-28 17:38 - 00000900 _____ C:\Users\Marcel\Desktop\µTorrent.lnk
2014-01-28 17:38 - 2014-01-28 17:38 - 00000880 _____ C:\Users\Marcel\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-01-28 15:31 - 2013-12-18 22:31 - 00000154 _____ C:\Users\Marcel\AppData\Roaming\WB.CFG
2014-01-28 15:05 - 2013-12-20 07:46 - 00000000 ____D C:\ProgramData\ProductData
2014-01-27 20:57 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\WinStore
2014-01-27 20:57 - 2013-08-22 14:25 - 00262144 ___SH C:\WINDOWS\system32\config\ELAM
2014-01-17 16:24 - 2013-11-14 08:13 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-17 16:24 - 2013-11-14 08:13 - 00000000 ____D C:\WINDOWS\system32\MRT
2014-01-16 20:38 - 2013-12-11 11:15 - 00000000 ____D C:\Users\Marcel\Desktop\German Top 100 Single Charts 07.10.2013
2014-01-16 20:36 - 2014-01-16 20:37 - 06647920 _____ C:\Users\Marcel\Desktop\The C90s - Shine A Light (Flight Facilities Remix).aac
2014-01-16 00:46 - 2014-01-16 00:46 - 00045042 _____ C:\Users\Marcel\Desktop\preferenceloader_2.2.2_iphoneos-arm.deb
2014-01-15 22:57 - 2013-11-15 06:26 - 00000000 ____D C:\Program Files\Microsoft Office 15
2014-01-15 22:41 - 2014-01-15 22:41 - 08779186 _____ C:\Users\Marcel\Desktop\eu.heinelt.ifile_2.0.1-1_iphoneos-arm_fabius.deb
2014-01-15 19:14 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\Apple Computer
2014-01-15 19:14 - 2014-01-15 19:00 - 00000000 ____D C:\Users\Marcel\AppData\Roaming\iFunbox_UserCache
2014-01-15 19:13 - 2014-01-15 19:13 - 00001797 _____ C:\Users\Public\Desktop\iTunes.lnk
2014-01-15 19:13 - 2014-01-15 19:13 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Users\Marcel\AppData\Local\Apple
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\Apple Computer
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files\iPod
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2014-01-15 19:12 - 2014-01-15 19:12 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2014-01-15 19:12 - 2014-01-15 19:11 - 00000000 ____D C:\ProgramData\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Common Files\Apple
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files\Bonjour
2014-01-15 19:11 - 2014-01-15 19:11 - 00000000 ____D C:\Program Files (x86)\Bonjour
2014-01-15 19:00 - 2014-01-15 19:00 - 00001070 _____ C:\Users\Public\Desktop\iFunbox.lnk
2014-01-15 19:00 - 2014-01-15 19:00 - 00000000 ____D C:\Program Files (x86)\i-Funbox DevTeam
2014-01-15 18:58 - 2014-01-15 18:58 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2014-01-09 09:17 - 2014-01-30 20:49 - 02146304 _____ (Geek Uninstaller Software) C:\Users\Marcel\Desktop\geek.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00693240 _____ C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-06 23:31 - 2013-08-22 16:38 - 00105464 _____ C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
Some content of TEMP:
====================
C:\Users\Marcel\AppData\Local\Temp\geek_x64.exe
C:\Users\Marcel\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-28 18:14
==================== End Of Log ============================
--- --- --- schade das mir da keiner helfen kann... |
|
07.02.2014, 10:04
| #8 |
| /// TB-Ausbilder | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Sorry für die Verzögerung. Welche Probleme bestehen jetzt noch?
__________________ cheers, Leo |
|
07.02.2014, 10:33
| #9 |
| | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Savings Wizard ist immer noch Aktiv und sitzt im System (bild oben)damit meine ich wenn ich Chrome deinstalliere und wieder neu installiere dann ist er erneut in Chrome drinne allerdings wieder mit Icon und Ordner im chrome local ordner |
|
13.02.2014, 08:54
| #10 |
| /// TB-Ausbilder | Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen Das sollte jetzt erkennt werden: Starte noch einmal FRST.
__________________ cheers, Leo |
|
| Themen zu Problem, Savings Wizard und Awesomehp lassen sich nicht entfernen |
| adware, awesomehp, awesomehp entfernen, enfernen, entfernen, firefox, i-net, internet, internet explorer, malwarebytes, mobogenie, mobogenie entfernen, neuinstallation, nicht mehr, norton, norton 360, online banking, problem, programme, startseite, win32/skintrim.lt |
Linear-Darstellung
