| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: [WINDOWS 8] Komischer Chinesische Eintrag unter DiensteWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.02.2014, 12:43
| #1 |
| | ![[WINDOWS 8] Komischer Chinesische Eintrag unter Dienste - Standard](images/icons/icon1.gif){kind=icon} [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste Guten Tag , wünsche ich  ,Ich habe ein komisches blödes Problem , Also aber nochmal vom Anfang : Vor ca. 2 Wochen ist es ganz komisch geworden , als ich an diesem Tag einmal meinen PC Neustarten , ging dies einfach nichtmehr , es kam nichteinmal der Windows Bildschirm , also ich konnte nur ins BIOS wo ich einen SyS Check gemacht hatte wo heraus kam das meine CPU beschädigt sei , ich probierte jedoch weiter ( Ich habe einmal ne Linux CD eingelegt um von dieser zu Booten und zu schauen ob die Dateien noch da sind , was Positiv verlief ) ich habe sicherlich 50 mal probiert zu Booten , was ganz am Ende auch funktionierte , obwohl ich nichts auch nur irgenwie anders gemacht habe wie davor. Aber nunja das wunderte mich sehr , und freute mich aber auch da nichts gelöscht wurde . Ich ließ dann auch einmal die Free Version von Avira drüber laufen , die konnte jedoch nichts feststellen, was mich behruigte. Ich machte ab da an einfach alles Normal weiter , bis vor 3 Tagen wo ich mal zufällig in meinen Taskmanager ging ( Ich stellte die Priorität für ein Spiel höher) doch siehe da ich entdeckt plötzdlich das komische das da : bei Name : 楗敳潂瑯獁楳瑳湡t steht und bei beschreibung 楗敳䈠潯⁴獁楳瑳湡t" das steht und es steht dabei das der Prozess beendet ist . jetzt ist es so das ich nicht weis ob das estwas mit dem Vorfall vor 2 Wochen zu tun hat , jedoch weis ich das dieses Chinesische dingens da nicht hingehört , Nun bin ich auf dieses tolle Forum gekommen wo einem viel geholfen wird , und hoffe das mir jemand helfen kann , da ich mich mit Virusen nicht auskenne , Und ich danke euch schoneinmal für die Hilfe . PS: Ich habe mir in diesen Tagen auch nicht heruntergeladen wo irgendwie ein Virus mit dabei sein könnte . MfG Boeingpilot |
|
01.02.2014, 15:22
| #2 |
| /// the machine /// TB-Ausbilder    | [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.02.2014, 15:37
| #3 |
| | ![[WINDOWS 8] Komischer Chinesische Eintrag unter Dienste - Icon26](images/icons/icon26.gif){kind=icon} [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste Wielen Dank , hier ist einmal FRST
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 03
Ran by Fabian (administrator) on FABIPC on 01-02-2014 15:26:05
Running from C:\Users\Fabian\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files (x86)\Orange Mobiles Internet\AssistantServices.exe
() C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe
() C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(TigerVNC Project) C:\Program Files (x86)\TigerVNC\winvnc4.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Jan Kiesewalter) C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\Orange Mobiles Internet\UIExec.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [ApnTBMon] - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1778640 2014-01-11] (APN)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Orange Mobiles Internet\UIExec.exe [157000 2012-07-25] ()
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [623376 2013-11-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [ClockGen] - C:\Users\Fabian\Desktop\ClockGen.exe -i p=0
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [IR_SERVER] - C:\PROGRA~2\Realtek\REALTE~2\IR_SERVER.exe
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2014-01-14] (Hewlett-Packard)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [uTorrent] - C:\Users\Fabian\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [BackgroundContainer] - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-29] (Electronic Arts)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [CyberGhost] - C:\Program Files\CyberGhost 5\CyberGhost.EXE [358000 2014-01-16] (CyberGhost S.R.L.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\MountPoints2: {4151745c-6c7d-11e3-be97-20689d3318cf} - "G:\Startme.exe"
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\MountPoints2: {a37988cd-fb93-11e2-be74-20689d3318cf} - "G:\AutoRun.exe"
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
URLSearchHook: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
URLSearchHook: HKCU - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM - {5E1F3188-CD42-4818-BF6C-F632977A29F1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {FB7D981A-976D-4BA8-80AD-29872C9A3C35} URL =
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - {5E1F3188-CD42-4818-BF6C-F632977A29F1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKCU - {5E1F3188-CD42-4818-BF6C-F632977A29F1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://at.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKCU - {C25460F8-8591-4752-B757-1258CF467736} URL = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=50f19af800000000000000ff9369e847&r=187
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: Softonic Helper Object - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll (Softonic.com)
Toolbar: HKLM-x32 - Hotspot Shield Toolbar - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - C:\Program Files (x86)\Hotspot_Shield\prxtbHots.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Softonic Toolbar - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll (Softonic.com)
Toolbar: HKCU - No Name - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default
FF Homepage: https://www.google.com/analytics/web/?et&authuser=0#realtime/rt-overview/a46668730w77731111p80356051/%3Ffilter.list%3D1%3D%3DAustria%3B%26mapMode.type%3DgeoChart/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Savings Advisor - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\Extensions\ciuvo-extension@avira.de [2014-01-16]
FF Extension: WebSparkle - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\Extensions\firefox@websparkle.biz.xpi [2013-12-07]
FF Extension: QuickStores-Toolbar - C:\Program Files (x86)\Mozilla Firefox\extensions\quickstores@quickstores.de [2013-12-20]
Chrome:
=======
CHR HomePage: hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=48&cc=&mi=50f19af800000000000000ff9369e847
CHR DefaultSearchKeyword: softonic
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=49&cc=&mi=50f19af800000000000000ff9369e847
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-26]
CHR Extension: (Google Drive) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-26]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-26]
CHR Extension: (Avira Sparberater) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-01-16]
CHR Extension: (Google-Suche) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-26]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-19]
CHR Extension: (Norton Identity Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-10-26]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Google Mail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
CHR HKLM-x32\...\Chrome\Extension: [elchiiiejkobdbblfejjkbphbddgmljf] - C:\Program Files (x86)\Softonic\Softonic\1.8.21.14\Softonic.crx [2013-06-11]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-11] (APN LLC.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [398096 2013-11-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-11-18] (BlueStack Systems, Inc.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-10-30] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UI Assistant Service; C:\Program Files (x86)\Orange Mobiles Internet\AssistantServices.exe [274760 2012-07-25] ()
R2 Update WebSparkle; C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe [103200 2014-01-30] ()
R2 Util WebSparkle; C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe [103200 2014-01-30] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [5737493 2013-07-04] (TigerVNC Project)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-19] (Atheros)
S4 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數 [x]
==================== Drivers (Whitelisted) ====================
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [77584 2013-11-18] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-19] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-19] (Atheros)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 zte_cdc_acm; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-11] (ZTE)
S3 zte_cdc_ecm; C:\Windows\system32\DRIVERS\zte_cdc_ecm.sys [36864 2011-08-11] (ZTE)
S3 zte_cpo; C:\Windows\system32\DRIVERS\zte_cpo.sys [14336 2011-08-11] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\drivers\zte_ecm_enum.sys [56320 2011-08-11] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\drivers\zte_ecm_enum_filter.sys [56320 2011-08-11] (ZTE)
S3 DfSdkS;
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [x]
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-01 15:26 - 2014-02-01 15:26 - 00026424 _____ () C:\Users\Fabian\Downloads\FRST.txt
2014-02-01 15:25 - 2014-02-01 15:26 - 00000000 ____D () C:\FRST
2014-02-01 15:24 - 2014-02-01 15:25 - 02080256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe
2014-02-01 13:35 - 2014-02-01 13:35 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-31 19:11 - 2014-01-31 19:17 - 741343232 _____ () C:\Users\Fabian\Downloads\ubuntu-12.04.3-desktop-i386.iso
2014-01-29 15:52 - 2014-01-31 19:01 - 00000000 ____D () C:\Users\Fabian\Downloads\Ubuntu1204
2014-01-29 15:34 - 2014-01-29 15:42 - 805796465 ____R () C:\Users\Fabian\Downloads\ubuntu1204.zip
2014-01-29 15:30 - 2014-01-29 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-29 15:23 - 2014-01-29 15:23 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\PowerISO
2014-01-29 15:21 - 2014-01-29 15:21 - 00000000 ____D () C:\Users\Fabian\Documents\Virtual Machines
2014-01-29 15:16 - 2014-01-07 23:42 - 2962227200 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.img
2014-01-29 15:02 - 2014-01-29 15:14 - 817931404 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.zip
2014-01-29 14:58 - 2014-01-31 19:01 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VMware
2014-01-29 14:58 - 2014-01-31 18:59 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\VMware
2014-01-29 14:54 - 2013-10-18 12:46 - 00064080 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2014-01-29 14:54 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2014-01-29 14:54 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2014-01-29 14:54 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2014-01-29 14:53 - 2013-10-18 12:44 - 00032848 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\VMkbd.sys
2014-01-29 14:52 - 2013-10-18 12:45 - 00437328 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2014-01-29 14:52 - 2013-10-18 12:45 - 00358480 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2014-01-29 14:52 - 2013-10-18 12:45 - 00030800 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2014-01-29 14:51 - 2013-10-18 12:45 - 00930384 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2014-01-29 14:51 - 2013-10-09 08:04 - 00053816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2014-01-29 14:50 - 2014-02-01 13:31 - 00000000 ____D () C:\ProgramData\VMware
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-29 14:47 - 2014-01-29 14:48 - 98508144 _____ (VMware, Inc.) C:\Users\Fabian\Downloads\VMware-player-6.0.1-1379776.exe
2014-01-28 20:28 - 2014-01-28 20:28 - 106322704 _____ (Oracle Corporation) C:\Users\Fabian\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-01-27 17:27 - 2014-01-27 17:27 - 00819176 _____ (Google Inc.) C:\Users\Fabian\Downloads\ChromeSetup.exe
2014-01-27 16:36 - 2014-01-27 16:36 - 48399371 _____ () C:\Users\Fabian\Downloads\FSX FlyTampa - St. Maarten.zip
2014-01-26 13:57 - 2014-01-26 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2014-01-26 13:56 - 2013-07-18 03:52 - 41806050 _____ (Tim Piglet Conrad) C:\Users\Fabian\Desktop\Pilatus_PC-7SAF_v.2_Swiss_Airforce_FSX.exe
2014-01-26 13:49 - 2014-01-26 13:59 - 31415966 _____ () C:\Users\Fabian\Downloads\a380aiba380x.zip
2014-01-26 13:48 - 2014-01-26 13:56 - 41742644 _____ () C:\Users\Fabian\Downloads\pilatus_pc-7saf_v.2_swiss_airforce_fsx.zip
2014-01-26 13:39 - 2014-01-26 13:39 - 02078208 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2014-01-26 09:15 - 2014-01-26 09:16 - 05874040 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de(1).exe
2014-01-25 16:41 - 2014-01-25 16:41 - 00650600 _____ () C:\Users\Fabian\Downloads\SP-Comic_Install.exe
2014-01-25 16:22 - 2014-01-25 16:24 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-01-25 16:21 - 2014-01-25 16:21 - 05930360 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de.exe
2014-01-25 16:19 - 2014-01-25 16:19 - 00228366 _____ () C:\Users\Fabian\Downloads\IBIS_droid_plugin_v1.0.ams
2014-01-25 16:16 - 2014-01-25 16:16 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup(1).zip
2014-01-25 12:47 - 2014-01-25 12:49 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU(1).msi
2014-01-25 12:38 - 2014-01-25 12:40 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU(1).exe
2014-01-25 12:36 - 2014-01-25 12:37 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU.msi
2014-01-25 12:33 - 2014-01-25 12:35 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU.exe
2014-01-25 12:11 - 2014-01-25 12:11 - 00000000 ____D () C:\Archivos de programa
2014-01-25 12:08 - 2014-01-25 12:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado's SKYLANE C182Q FSX
2014-01-25 12:03 - 2014-01-25 12:06 - 355589403 _____ () C:\Users\Fabian\Downloads\AS_APPROACHING-INNSBRUCK_FSX_V120.rar
2014-01-25 12:03 - 2014-01-25 12:03 - 46117489 _____ () C:\Users\Fabian\Downloads\FSX GAP2 Muster-Onsabruck.rar
2014-01-25 12:02 - 2014-01-25 12:03 - 39368702 _____ () C:\Users\Fabian\Downloads\Carenado PA28RT 201 Arrow IV.rar
2014-01-25 12:01 - 2014-01-25 12:03 - 167328894 _____ () C:\Users\Fabian\Downloads\Carenado CT206 HD FSX_Prepar3d.rar
2014-01-25 12:01 - 2014-01-25 12:02 - 59539491 _____ () C:\Users\Fabian\Downloads\Carenado - AC11 Commander 114.rar
2014-01-25 12:01 - 2014-01-25 12:01 - 27942161 _____ () C:\Users\Fabian\Downloads\Cessna 182Q Skylane FSX.rar
2014-01-25 08:30 - 2014-01-25 08:30 - 00002204 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-24 23:35 - 2014-01-24 23:39 - 64334583 _____ () C:\Users\Fabian\Downloads\Citaro-G-Sound.zip
2014-01-24 21:17 - 2014-01-31 19:38 - 00000000 ____D () C:\Users\Fabian\Documents\Flight Simulator X-Dateien
2014-01-24 20:55 - 2014-01-24 20:55 - 00000222 _____ () C:\Users\Fabian\Desktop\OMSI 2.url
2014-01-24 20:34 - 2014-01-24 20:34 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-01-24 19:33 - 2014-01-27 17:13 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa
2014-01-24 19:31 - 2010-06-26 15:42 - 00000226 _____ () C:\Users\Fabian\Downloads\Leia-me.txt
2014-01-24 19:31 - 2010-06-26 15:31 - 103859111 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.exe
2014-01-24 19:26 - 2011-10-26 13:54 - 14859848 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.ptp
2014-01-24 19:25 - 2014-01-24 19:25 - 14851912 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.zip
2014-01-24 15:36 - 2014-01-24 15:37 - 73578015 _____ () C:\Users\Fabian\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-01-24 15:28 - 2014-01-24 15:28 - 06072408 _____ (TeamViewer GmbH) C:\Users\Fabian\Downloads\TeamViewer_Setup_de-ckc.exe
2014-01-23 22:39 - 2014-01-23 22:39 - 00280744 _____ () C:\WINDOWS\Minidump\012314-68999-01.dmp
2014-01-23 22:39 - 2014-01-23 22:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-23 22:38 - 2014-01-23 22:38 - 611501992 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-23 13:33 - 2014-01-23 13:33 - 00041504 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-01-22 18:08 - 2014-02-01 10:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ArmA 2
2014-01-22 18:08 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-22 17:23 - 2014-01-22 17:23 - 00000221 _____ () C:\Users\Fabian\Desktop\Arma 2.url
2014-01-21 19:20 - 2014-01-21 19:20 - 00000000 ____D () C:\ProgramData\OMSI AM
2014-01-21 19:14 - 2014-01-25 16:17 - 00001165 _____ () C:\Users\Public\Desktop\OMSI Addon Manager.lnk
2014-01-21 19:14 - 2014-01-25 16:17 - 00000000 ____D () C:\Program Files (x86)\OMSI Addon Manager
2014-01-21 19:14 - 2014-01-21 19:14 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup.zip
2014-01-21 19:14 - 2014-01-21 19:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\OMSI AM
2014-01-21 17:08 - 2014-01-21 17:08 - 103852119 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.zip
2014-01-21 16:54 - 2014-01-21 16:54 - 01382800 _____ () C:\Users\Fabian\Downloads\VP-Galactic_Install.exe
2014-01-21 16:46 - 2014-01-21 16:46 - 00777576 _____ () C:\Users\Fabian\Downloads\VP-SciFi_Install.exe
2014-01-21 16:32 - 2014-01-25 16:24 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Screaming Bee
2014-01-21 16:29 - 2014-01-25 16:41 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-01-21 16:27 - 2014-01-21 16:27 - 02970992 _____ () C:\Users\Fabian\Downloads\MorphVOXJunior_Install-1.exe
2014-01-21 14:57 - 2014-01-21 14:57 - 00278503 _____ () C:\Users\Fabian\Downloads\Community ENB.rar
2014-01-20 22:33 - 2014-01-20 22:33 - 01110476 _____ () C:\Users\Fabian\Downloads\7z920.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-20 22:24 - 2014-01-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-01-20 22:23 - 2014-01-20 22:23 - 05556306 _____ (Jared Breland ) C:\Users\Fabian\Downloads\uniextract161.exe
2014-01-20 20:12 - 2014-01-30 17:14 - 00134656 ___SH () C:\Users\Fabian\Downloads\Thumbs.db
2014-01-20 18:04 - 2014-01-20 18:09 - 00000811 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-01-20 18:04 - 2014-01-20 18:04 - 00000000 ____D () C:\Aerosoft
2014-01-20 12:24 - 2014-01-20 12:24 - 00002599 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Pictures Download Manager.lnk
2014-01-20 12:24 - 2014-01-20 12:24 - 00002569 _____ () C:\Users\Fabian\Desktop\Sony Pictures Download Manager.lnk
2014-01-19 15:48 - 2014-01-19 16:00 - 00000000 ____D () C:\Users\Fabian\Desktop\voice_9987
2014-01-19 10:28 - 2013-12-22 12:34 - 326440960 _____ () C:\Users\Fabian\Desktop\r1_k2333_voice_9987_15499
2014-01-19 09:51 - 2013-12-22 12:35 - 261312559 _____ () C:\Users\Fabian\Desktop\r1_k2333_voice_9987_15499.tar
2014-01-19 09:03 - 2014-01-19 09:03 - 00000000 ____D () C:\Users\Fabian\Desktop\jts3
2014-01-18 16:13 - 2014-01-18 16:13 - 00001322 _____ () C:\Users\Fabian\Desktop\Skiregion Simulator 2012 Demo.lnk
2014-01-18 16:12 - 2014-01-18 16:13 - 00000000 ____D () C:\Program Files (x86)\Skiregion Simulator 2012 Demo
2014-01-18 16:10 - 2014-01-18 16:11 - 158257304 _____ (GIANTS Software ) C:\Users\Fabian\Downloads\SkiRegionSimulator2012DemoDE.exe
2014-01-16 18:53 - 2014-01-16 18:53 - 00003408 _____ () C:\WINDOWS\System32\Tasks\aviraSWU
2014-01-16 18:53 - 2014-01-16 18:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Avira
2014-01-16 18:49 - 2014-01-16 18:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-01-16 18:49 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-16 18:49 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-01-16 18:49 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-01-15 18:19 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 18:19 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:19 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 18:19 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:19 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2014-01-15 18:19 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2014-01-15 18:19 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2014-01-15 18:19 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2014-01-15 18:19 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-01-15 18:19 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-01-15 18:19 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2014-01-15 18:19 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-01-15 18:19 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-01-15 18:19 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-01-15 18:19 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Quest3D
2014-01-14 20:01 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\Documents\ShipSimExtremes Userdata
2014-01-14 20:01 - 2014-01-14 20:01 - 00001169 _____ () C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
2014-01-14 20:01 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ship Simulator Extremes
2014-01-14 19:50 - 2014-01-14 19:50 - 00000000 ____D () C:\Program Files (x86)\Vstep
2014-01-12 12:48 - 2008-08-15 15:43 - 00034304 _____ (Thrustmaster) C:\WINDOWS\SysWOW64\tmffbdrv.dll
2014-01-12 12:48 - 2008-08-15 15:42 - 00041984 _____ (Thrustmaster) C:\WINDOWS\system32\tmffbdrv.dll
2014-01-12 12:48 - 2008-08-15 09:30 - 00276992 _____ (Thrustmaster) C:\WINDOWS\system32\tmffbcpl.dll
2014-01-12 12:48 - 2008-08-15 09:30 - 00241664 _____ (Thrustmaster) C:\WINDOWS\SysWOW64\tmffbcpl.dll
2014-01-12 12:36 - 2005-01-28 11:49 - 00106496 _____ (Guillemot Corporation) C:\WINDOWS\SysWOW64\GUStrLib.dll
2014-01-12 12:36 - 2003-03-19 00:20 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2014-01-12 12:29 - 2014-01-12 12:48 - 00000000 ____D () C:\Program Files (x86)\Thrustmaster
2014-01-12 12:18 - 2007-01-20 04:44 - 00208304 _____ (Macrovision Corporation) C:\WINDOWS\system32\isrt.dll
2014-01-12 12:18 - 2006-05-16 15:07 - 00099840 _____ (Macrovision Corporation) C:\WINDOWS\system32\_IsRes.dll
2014-01-10 23:56 - 2014-01-10 23:56 - 00000000 ____D () C:\Users\Fabian\Documents\SH3
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Program Files (x86)\GameShadow
2014-01-10 23:45 - 2014-01-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-01-10 23:04 - 2014-01-10 23:04 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Nexway
2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D () C:\Program Files\CPUID
2014-01-10 18:35 - 2014-01-10 18:35 - 00000000 ____D () C:\Games
2014-01-06 18:39 - 2014-01-06 18:39 - 00000000 ____D () C:\ProgramData\HP
2014-01-06 18:28 - 2014-01-06 18:28 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 18:27 - 2014-01-06 18:27 - 00087704 _____ () C:\WINDOWS\cadkasdeinst01.exe
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Schule\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Gast\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\fbwuser\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Administrator\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-01-06 12:48 - 2014-01-06 12:48 - 00001353 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Craften Terminal.lnk
2014-01-06 12:30 - 2014-01-06 12:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 12:30 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Craften.de
2014-01-04 14:33 - 2014-01-29 14:33 - 00000312 _____ () C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job
2014-01-04 14:33 - 2014-01-04 14:33 - 00003032 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdater_UPDATES
2014-01-04 14:32 - 2014-02-01 15:01 - 00000312 _____ () C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2014-01-04 14:32 - 2014-01-29 14:32 - 00000320 _____ () C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job
2014-01-04 14:32 - 2014-01-11 14:38 - 00003154 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2014-01-04 14:32 - 2014-01-04 14:32 - 00003040 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer_UPDATES
2014-01-04 14:32 - 2014-01-04 14:32 - 00002884 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer_DEFAULT
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\WinZip
2014-01-04 14:31 - 2014-01-11 14:41 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer
2014-01-04 14:31 - 2014-01-04 16:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\FileZilla
2014-01-04 14:31 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Nico Mak Computing
2014-01-04 14:31 - 2012-02-08 10:29 - 00018760 _____ (WinZip Computing, S.L.(WinZip Computing)) C:\WINDOWS\system32\roboot64.exe
2014-01-04 10:31 - 2014-01-22 15:17 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\.minecraft
2014-01-03 18:55 - 2014-01-03 18:56 - 00675988 _____ () C:\Users\Fabian\Desktop\Minecraft.exe
==================== One Month Modified Files and Folders =======
2014-02-01 15:26 - 2014-02-01 15:26 - 00026424 _____ () C:\Users\Fabian\Downloads\FRST.txt
2014-02-01 15:26 - 2014-02-01 15:25 - 00000000 ____D () C:\FRST
2014-02-01 15:25 - 2014-02-01 15:24 - 02080256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64(1).exe
2014-02-01 15:09 - 2013-10-26 20:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-01 15:05 - 2013-10-26 18:45 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 15:01 - 2014-01-04 14:32 - 00000312 _____ () C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job
2014-02-01 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-01 13:35 - 2014-02-01 13:35 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-01 13:33 - 2013-10-26 18:45 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 13:31 - 2014-01-29 14:50 - 00000000 ____D () C:\ProgramData\VMware
2014-02-01 13:30 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-01 13:29 - 2012-07-26 06:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-01 13:24 - 2013-11-01 16:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 12:05 - 2013-10-26 19:02 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\TS3Client
2014-02-01 11:43 - 2013-11-29 19:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Skype
2014-02-01 10:25 - 2013-10-26 18:29 - 01902366 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-01 10:16 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ArmA 2
2014-01-31 21:26 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Fabian\.VirtualBox
2014-01-31 19:38 - 2014-01-24 21:17 - 00000000 ____D () C:\Users\Fabian\Documents\Flight Simulator X-Dateien
2014-01-31 19:26 - 2013-10-26 18:48 - 00000600 _____ () C:\Users\Fabian\AppData\Roaming\winscp.rnd
2014-01-31 19:18 - 2013-08-04 19:06 - 00000000 ____D () C:\Users\Fabian\VirtualBox VMs
2014-01-31 19:17 - 2014-01-31 19:11 - 741343232 _____ () C:\Users\Fabian\Downloads\ubuntu-12.04.3-desktop-i386.iso
2014-01-31 19:01 - 2014-01-29 15:52 - 00000000 ____D () C:\Users\Fabian\Downloads\Ubuntu1204
2014-01-31 19:01 - 2014-01-29 14:58 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VMware
2014-01-31 19:01 - 2013-10-26 19:21 - 00000600 _____ () C:\Users\Fabian\AppData\Local\PUTTY.RND
2014-01-31 18:59 - 2014-01-29 14:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\VMware
2014-01-30 17:14 - 2014-01-20 20:12 - 00134656 ___SH () C:\Users\Fabian\Downloads\Thumbs.db
2014-01-29 19:17 - 2013-12-30 17:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2014-01-29 19:08 - 2013-10-30 11:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\uTorrent
2014-01-29 15:42 - 2014-01-29 15:34 - 805796465 ____R () C:\Users\Fabian\Downloads\ubuntu1204.zip
2014-01-29 15:30 - 2014-01-29 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-29 15:27 - 2013-10-26 18:11 - 00000000 ____D () C:\Users\Fabian
2014-01-29 15:23 - 2014-01-29 15:23 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\PowerISO
2014-01-29 15:21 - 2014-01-29 15:21 - 00000000 ____D () C:\Users\Fabian\Documents\Virtual Machines
2014-01-29 15:14 - 2014-01-29 15:02 - 817931404 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.zip
2014-01-29 14:51 - 2012-08-30 21:00 - 00842810 _____ () C:\WINDOWS\system32\perfh007.dat
2014-01-29 14:51 - 2012-08-30 21:00 - 00193842 _____ () C:\WINDOWS\system32\perfc007.dat
2014-01-29 14:51 - 2012-08-03 23:40 - 02005988 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-01-29 14:50 - 2014-01-29 14:50 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-01-29 14:48 - 2014-01-29 14:47 - 98508144 _____ (VMware, Inc.) C:\Users\Fabian\Downloads\VMware-player-6.0.1-1379776.exe
2014-01-29 14:35 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-01-29 14:33 - 2014-01-04 14:33 - 00000312 _____ () C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job
2014-01-29 14:32 - 2014-01-04 14:32 - 00000320 _____ () C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job
2014-01-28 20:31 - 2012-07-26 08:28 - 01976542 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-28 20:30 - 2013-10-26 18:31 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VirtualStore
2014-01-28 20:28 - 2014-01-28 20:28 - 106322704 _____ (Oracle Corporation) C:\Users\Fabian\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-01-27 21:01 - 2013-10-26 20:17 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2014-01-27 17:27 - 2014-01-27 17:27 - 00819176 _____ (Google Inc.) C:\Users\Fabian\Downloads\ChromeSetup.exe
2014-01-27 17:13 - 2014-01-24 19:33 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa
2014-01-27 16:36 - 2014-01-27 16:36 - 48399371 _____ () C:\Users\Fabian\Downloads\FSX FlyTampa - St. Maarten.zip
2014-01-26 21:31 - 2013-12-15 22:08 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-26 21:31 - 2013-12-15 22:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-26 13:59 - 2014-01-26 13:49 - 31415966 _____ () C:\Users\Fabian\Downloads\a380aiba380x.zip
2014-01-26 13:57 - 2014-01-26 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2014-01-26 13:56 - 2014-01-26 13:48 - 41742644 _____ () C:\Users\Fabian\Downloads\pilatus_pc-7saf_v.2_swiss_airforce_fsx.zip
2014-01-26 13:39 - 2014-01-26 13:39 - 02078208 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2014-01-26 09:16 - 2014-01-26 09:15 - 05874040 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de(1).exe
2014-01-25 16:41 - 2014-01-25 16:41 - 00650600 _____ () C:\Users\Fabian\Downloads\SP-Comic_Install.exe
2014-01-25 16:41 - 2014-01-21 16:29 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-01-25 16:41 - 2013-11-16 20:36 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\QuickStoresToolbar
2014-01-25 16:24 - 2014-01-25 16:22 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-01-25 16:24 - 2014-01-21 16:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Screaming Bee
2014-01-25 16:22 - 2012-07-26 08:21 - 00049771 _____ () C:\WINDOWS\setupact.log
2014-01-25 16:21 - 2014-01-25 16:21 - 05930360 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de.exe
2014-01-25 16:19 - 2014-01-25 16:19 - 00228366 _____ () C:\Users\Fabian\Downloads\IBIS_droid_plugin_v1.0.ams
2014-01-25 16:17 - 2014-01-21 19:14 - 00001165 _____ () C:\Users\Public\Desktop\OMSI Addon Manager.lnk
2014-01-25 16:17 - 2014-01-21 19:14 - 00000000 ____D () C:\Program Files (x86)\OMSI Addon Manager
2014-01-25 16:17 - 2013-10-26 18:35 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 16:16 - 2014-01-25 16:16 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup(1).zip
2014-01-25 12:58 - 2012-08-30 11:56 - 00286005 _____ () C:\WINDOWS\DirectX.log
2014-01-25 12:52 - 2013-12-13 20:00 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Game Studios
2014-01-25 12:49 - 2014-01-25 12:47 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU(1).msi
2014-01-25 12:40 - 2014-01-25 12:38 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU(1).exe
2014-01-25 12:37 - 2014-01-25 12:36 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU.msi
2014-01-25 12:35 - 2014-01-25 12:33 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU.exe
2014-01-25 12:11 - 2014-01-25 12:11 - 00000000 ____D () C:\Archivos de programa
2014-01-25 12:08 - 2014-01-25 12:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado's SKYLANE C182Q FSX
2014-01-25 12:06 - 2014-01-25 12:03 - 355589403 _____ () C:\Users\Fabian\Downloads\AS_APPROACHING-INNSBRUCK_FSX_V120.rar
2014-01-25 12:03 - 2014-01-25 12:03 - 46117489 _____ () C:\Users\Fabian\Downloads\FSX GAP2 Muster-Onsabruck.rar
2014-01-25 12:03 - 2014-01-25 12:02 - 39368702 _____ () C:\Users\Fabian\Downloads\Carenado PA28RT 201 Arrow IV.rar
2014-01-25 12:03 - 2014-01-25 12:01 - 167328894 _____ () C:\Users\Fabian\Downloads\Carenado CT206 HD FSX_Prepar3d.rar
2014-01-25 12:02 - 2014-01-25 12:01 - 59539491 _____ () C:\Users\Fabian\Downloads\Carenado - AC11 Commander 114.rar
2014-01-25 12:01 - 2014-01-25 12:01 - 27942161 _____ () C:\Users\Fabian\Downloads\Cessna 182Q Skylane FSX.rar
2014-01-25 08:30 - 2014-01-25 08:30 - 00002204 _____ () C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-25 08:30 - 2013-10-26 20:56 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-25 08:30 - 2013-10-26 20:54 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2014-01-25 08:16 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-25 08:04 - 2013-12-14 13:48 - 00470976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 23:39 - 2014-01-24 23:35 - 64334583 _____ () C:\Users\Fabian\Downloads\Citaro-G-Sound.zip
2014-01-24 21:10 - 2012-08-30 11:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 20:55 - 2014-01-24 20:55 - 00000222 _____ () C:\Users\Fabian\Desktop\OMSI 2.url
2014-01-24 20:55 - 2013-11-01 16:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-24 20:34 - 2014-01-24 20:34 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-01-24 20:33 - 2013-08-05 21:56 - 00000000 ____D () C:\FSXTMP
2014-01-24 19:25 - 2014-01-24 19:25 - 14851912 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.zip
2014-01-24 15:57 - 2013-10-26 18:43 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3660341198-1247186543-1459392912-1002
2014-01-24 15:37 - 2014-01-24 15:36 - 73578015 _____ () C:\Users\Fabian\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-01-24 15:28 - 2014-01-24 15:28 - 06072408 _____ (TeamViewer GmbH) C:\Users\Fabian\Downloads\TeamViewer_Setup_de-ckc.exe
2014-01-24 15:28 - 2013-10-26 20:49 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-23 22:39 - 2014-01-23 22:39 - 00280744 _____ () C:\WINDOWS\Minidump\012314-68999-01.dmp
2014-01-23 22:39 - 2014-01-23 22:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-23 22:38 - 2014-01-23 22:38 - 611501992 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-23 17:53 - 2013-12-02 21:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-23 13:33 - 2014-01-23 13:33 - 00041504 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-01-22 18:08 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-22 18:08 - 2013-10-24 21:26 - 00000000 ____D () C:\Users\Fabian\Documents\ArmA 2
2014-01-22 17:23 - 2014-01-22 17:23 - 00000221 _____ () C:\Users\Fabian\Desktop\Arma 2.url
2014-01-22 15:17 - 2014-01-04 10:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\.minecraft
2014-01-21 19:20 - 2014-01-21 19:20 - 00000000 ____D () C:\ProgramData\OMSI AM
2014-01-21 19:14 - 2014-01-21 19:14 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup.zip
2014-01-21 19:14 - 2014-01-21 19:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\OMSI AM
2014-01-21 17:08 - 2014-01-21 17:08 - 103852119 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.zip
2014-01-21 16:54 - 2014-01-21 16:54 - 01382800 _____ () C:\Users\Fabian\Downloads\VP-Galactic_Install.exe
2014-01-21 16:46 - 2014-01-21 16:46 - 00777576 _____ () C:\Users\Fabian\Downloads\VP-SciFi_Install.exe
2014-01-21 16:27 - 2014-01-21 16:27 - 02970992 _____ () C:\Users\Fabian\Downloads\MorphVOXJunior_Install-1.exe
2014-01-21 14:57 - 2014-01-21 14:57 - 00278503 _____ () C:\Users\Fabian\Downloads\Community ENB.rar
2014-01-20 22:33 - 2014-01-20 22:33 - 01110476 _____ () C:\Users\Fabian\Downloads\7z920.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-20 22:24 - 2014-01-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-01-20 22:23 - 2014-01-20 22:23 - 05556306 _____ (Jared Breland ) C:\Users\Fabian\Downloads\uniextract161.exe
2014-01-20 18:09 - 2014-01-20 18:04 - 00000811 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-01-20 18:04 - 2014-01-20 18:04 - 00000000 ____D () C:\Aerosoft
2014-01-20 12:24 - 2014-01-20 12:24 - 00002599 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Pictures Download Manager.lnk
2014-01-20 12:24 - 2014-01-20 12:24 - 00002569 _____ () C:\Users\Fabian\Desktop\Sony Pictures Download Manager.lnk
2014-01-19 16:00 - 2014-01-19 15:48 - 00000000 ____D () C:\Users\Fabian\Desktop\voice_9987
2014-01-19 09:03 - 2014-01-19 09:03 - 00000000 ____D () C:\Users\Fabian\Desktop\jts3
2014-01-18 18:00 - 2012-08-03 23:23 - 00317370 _____ () C:\WINDOWS\PFRO.log
2014-01-18 16:16 - 2013-11-01 19:48 - 00000000 ____D () C:\Users\Fabian\Documents\My Games
2014-01-18 16:13 - 2014-01-18 16:13 - 00001322 _____ () C:\Users\Fabian\Desktop\Skiregion Simulator 2012 Demo.lnk
2014-01-18 16:13 - 2014-01-18 16:12 - 00000000 ____D () C:\Program Files (x86)\Skiregion Simulator 2012 Demo
2014-01-18 16:11 - 2014-01-18 16:10 - 158257304 _____ (GIANTS Software ) C:\Users\Fabian\Downloads\SkiRegionSimulator2012DemoDE.exe
2014-01-18 12:13 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-17 23:23 - 2013-10-30 11:18 - 00000000 ____D () C:\Users\Fabian\Downloads\Grand Theft Auto IV full game PC + Multiplayer ^^nosTEAM^^
2014-01-17 23:23 - 2013-09-03 15:34 - 00000000 ____D () C:\Users\Fabian\Downloads\accord-ember
2014-01-17 23:23 - 2013-09-02 19:40 - 00000000 ____D () C:\Users\Fabian\Downloads\Upload
2014-01-17 23:23 - 2013-09-02 19:40 - 00000000 ____D () C:\Users\Fabian\Downloads\Documentation
2014-01-17 23:23 - 2013-08-24 15:06 - 00000000 ____D () C:\Users\Fabian\Downloads\moyoo_sky_blue
2014-01-17 23:23 - 2013-08-23 18:28 - 00000000 ____D () C:\Users\Fabian\Downloads\Tor Browser
2014-01-17 16:07 - 2013-12-01 08:15 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-01-16 18:53 - 2014-01-16 18:53 - 00003408 _____ () C:\WINDOWS\System32\Tasks\aviraSWU
2014-01-16 18:53 - 2014-01-16 18:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Avira
2014-01-16 18:53 - 2014-01-16 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-01-16 18:22 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-15 20:39 - 2013-10-28 22:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 20:34 - 2013-10-28 22:51 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 18:35 - 2013-11-14 00:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Quest3D
2014-01-14 20:04 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\Documents\ShipSimExtremes Userdata
2014-01-14 20:01 - 2014-01-14 20:01 - 00001169 _____ () C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
2014-01-14 20:01 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ship Simulator Extremes
2014-01-14 19:50 - 2014-01-14 19:50 - 00000000 ____D () C:\Program Files (x86)\Vstep
2014-01-12 12:48 - 2014-01-12 12:29 - 00000000 ____D () C:\Program Files (x86)\Thrustmaster
2014-01-11 15:14 - 2013-08-02 18:12 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2014-01-11 14:44 - 2013-12-02 09:55 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-11 14:41 - 2014-01-04 14:31 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer
2014-01-11 14:38 - 2014-01-04 14:32 - 00003154 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2014-01-10 23:56 - 2014-01-10 23:56 - 00000000 ____D () C:\Users\Fabian\Documents\SH3
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Program Files (x86)\GameShadow
2014-01-10 23:52 - 2013-12-13 15:20 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-01-10 23:46 - 2014-01-10 23:45 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-01-10 23:04 - 2014-01-10 23:04 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Nexway
2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D () C:\Program Files\CPUID
2014-01-10 18:48 - 2013-10-26 18:49 - 00000338 _____ () C:\Users\Fabian\Desktop\Root.txt
2014-01-10 18:35 - 2014-01-10 18:35 - 00000000 ____D () C:\Games
2014-01-10 18:35 - 2013-10-28 13:35 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-10 18:35 - 2013-10-28 13:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-01-09 09:02 - 2013-11-13 23:28 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-13 23:28 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-07 23:42 - 2014-01-29 15:16 - 2962227200 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.img
2014-01-06 18:42 - 2013-10-26 18:31 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Packages
2014-01-06 18:39 - 2014-01-06 18:39 - 00000000 ____D () C:\ProgramData\HP
2014-01-06 18:28 - 2014-01-06 18:28 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 18:27 - 2014-01-06 18:27 - 00087704 _____ () C:\WINDOWS\cadkasdeinst01.exe
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Schule\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Gast\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\fbwuser\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Administrator\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-01-06 12:58 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 12:48 - 2014-01-06 12:48 - 00001353 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Craften Terminal.lnk
2014-01-06 12:30 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Craften.de
2014-01-04 16:53 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\FileZilla
2014-01-04 14:33 - 2014-01-04 14:33 - 00003032 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdater_UPDATES
2014-01-04 14:32 - 2014-01-04 14:32 - 00003040 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer_UPDATES
2014-01-04 14:32 - 2014-01-04 14:32 - 00002884 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer_DEFAULT
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\WinZip
2014-01-04 14:31 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Nico Mak Computing
2014-01-03 18:56 - 2014-01-03 18:55 - 00675988 _____ () C:\Users\Fabian\Desktop\Minecraft.exe
2014-01-03 11:58 - 2013-08-08 10:16 - 00000000 ____D () C:\Users\Fabian\Documents\Flight Simulator X Files
2014-01-02 09:33 - 2013-12-30 19:29 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-01-02 09:31 - 2013-10-26 18:35 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\APNSetup.exe
C:\Users\Fabian\AppData\Local\Temp\AskPIP_FF_.exe
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\BTSync.exe
C:\Users\Fabian\AppData\Local\Temp\conduitinstaller.exe
C:\Users\Fabian\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Fabian\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\Fabian\AppData\Local\Temp\EBU3E24.EXE
C:\Users\Fabian\AppData\Local\Temp\EBU47A6.DLL
C:\Users\Fabian\AppData\Local\Temp\EBU5D96.EXE
C:\Users\Fabian\AppData\Local\Temp\EBU6276.DLL
C:\Users\Fabian\AppData\Local\Temp\Extract.exe
C:\Users\Fabian\AppData\Local\Temp\irsetup.exe
C:\Users\Fabian\AppData\Local\Temp\nsw475A.tmp.exe
C:\Users\Fabian\AppData\Local\Temp\QuickStores_Unlocker.exe
C:\Users\Fabian\AppData\Local\Temp\safeguard.exe
C:\Users\Fabian\AppData\Local\Temp\sfamcc00001.dll
C:\Users\Fabian\AppData\Local\Temp\sfextra.dll
C:\Users\Fabian\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Fabian\AppData\Local\Temp\SP63340.exe
C:\Users\Fabian\AppData\Local\Temp\SP63752.exe
C:\Users\Schule\AppData\Local\Temp\OfficeSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 15:06
==================== End Of Log ============================
Und hier ist das Addition Teil :Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2014 03
Ran by Fabian at 2014-02-01 15:27:44
Running from C:\Users\Fabian\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (x32 Version: - )
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.05) - Deutsch (x32 Version: 11.0.05 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (x32 Version: 11.6.5.635 - Adobe Systems, Inc.)
Aerosoft's - Aerosoft Launcher (x32 Version: 1.2.0.3 - Aerosoft)
Akamai NetSession Interface (HKCU Version: - Akamai Technologies, Inc)
AMD Accelerated Video Transcoding (Version: 12.5.100.20808 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.0808.1024.16666 - Ihr Firmenname) Hidden
AMD Quick Stream (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0808.1024.16666 - Ihr Firmenname) Hidden
ArcSoft TotalMedia 3.5 (x32 Version: 3.5.28.388 - ArcSoft)
Arma 2 (x32 Version: - Bohemia Interactive)
Ashampoo WinOptimizer 2013 v.1.0.0 (x32 Version: 1.00.00 - Ashampoo GmbH & Co. KG)
Ask Toolbar (x32 Version: 12.10.0.18 - APN, LLC) <==== ATTENTION
Audacity 2.0.5 (x32 Version: 2.0.5 - Audacity Team)
Austrian Truck Simulator 1.31 (x32 Version: 1.31 - SCS Software)
Avira Free Antivirus (x32 Version: 14.0.2.344 - Avira)
Avira Savings Advisor (x32 Version: 1.5.14 - Avira)
Battlefield Heroes (x32 Version: - EA Digital illusions)
BattlEye Uninstall (x32 Version: - )
BlueStacks App Player (x32 Version: 0.8.2.3018 - BlueStack Systems, Inc.)
BlueStacks Notification Center (x32 Version: 0.8.2.3018 - BlueStack Systems, Inc.)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise: The Ultimate Box (x32 Version: 1.1.0.0 - Electronic Arts)
Bus-Simulator 2012 (x32 Version: - astragon)
Carenado CT206H HD SERIES FSX/P3D (x32 Version: 1.00.00.00 - Carenado)
Carenado's SKYLANE C182Q FSX (HKCU Version: - )
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0808.1023.16666 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0808.1024.16666 - Advanced Micro Devices, Inc.) Hidden
Comic Sound Pack (x32 Version: 2.1.1 - Screaming Bee)
concept/design Video Jukebox (x32 Version: 1.3.0.0 - concept/design GmbH)
Connected Music powered by Universal Music Group version 1.0 (x32 Version: 1.0 - Snowite)
Core Temp 1.0 RC6 (Version: 1.0 - Alcpu)
CPUID CPU-Z 1.68 (Version: - )
CyberGhost 5 (Version: - CyberGhost S.R.L.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1.5407 - CyberLink Corp.) Hidden
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.)
CyberLink Media Suite 10 (x32 Version: 10.0.4.2928 - CyberLink Corp.) Hidden
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.)
CyberLink PhotoDirector (x32 Version: 2.0.1.3119 - CyberLink Corp.) Hidden
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.1.1926 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.)
CyberLink PowerDirector 10 (x32 Version: 10.0.1.1925 - CyberLink Corp.) Hidden
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.)
CyberLink PowerDVD (x32 Version: 10.0.6.4319 - CyberLink Corp.) Hidden
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 3.5.4.5527 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DesignCAD 22 (x32 Version: 22.0.0 - IMSIDesign)
E-Jets v2 World Airliners 1 (v1.0b021) (HKCU Version: - )
E-Jets v2 World Airliners 2 (v1.1b024) (HKCU Version: - )
Energy Star (Version: 1.0.8 - Hewlett-Packard)
Euro Truck Simulator 2 (x32 Version: 1.7.1 - SCS Software)
FeelThere E-Jets v.2 (HKCU Version: - )
FormatFactory 3.2.0.1 (x32 Version: 3.2.0.1 - Free Time)
FRANZIS onlineTV 8 (x32 Version: 8.5.0.10 - FRANZIS Verlag GmbH)
Fraps (remove only) (x32 Version: - )
Free Audio Converter version 5.0.30.1029 (x32 Version: 5.0.30.1029 - DVDVideoSoft Ltd.)
FSCloud version 2.x alpha (x32 Version: 2.x alpha - FSCloud.net)
FSX - Airbus A300-600ST Beluga (x32 Version: - Thomas Ruth)
FSX - Bede-Homebuild BD-5J Experimental (x32 Version: - XXX)
FSX - Boeing KC-135R Stratotanker (x32 Version: - Premier Aircraft Design)
FSX - Bombardier CL-604 v2 (x32 Version: - Premier Aircraft Design)
FSX - Cessna Citation X (x32 Version: - Alejandro Rojas)
FSX - Concorde (x32 Version: - Libardo Guzman)
FSX - Dassault Mirage 2000N (x32 Version: - Danny Garnier)
FSX - Lockheed F-117 Nighthawk (x32 Version: - Danny Garnier)
FSX - North American Rockwell OV-10A (x32 Version: - Danny Garnier)
FSX - Piaggio PD-808 (x32 Version: - Mario Noriega)
FSX - Raytheon Hawker HS-125-850 (x32 Version: - Alejandro Rojas)
FSX - Space Shuttle Atlantis (x32 Version: - Bruce Fitzgerald)
Galactic Voices (x32 Version: 1.3.1 - Screaming Bee)
Gameforge Live 1.9.0 "Legend" (x32 Version: 1.9.0 - Gameforge)
GameShadow (x32 Version: 1.91.0000 - Aardwork Software Ltd)
Garry's Mod (x32 Version: - Garry)
Global War on Terror Death Strike (x32 Version: 1.00.0000 - IncaGold)
Google Chrome (x32 Version: 32.0.1700.102 - Google Inc.)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hotspot Shield Toolbar for IE (x32 Version: 6.17.1.25 - Hotspot Shield) <==== ATTENTION
HP 3D DriveGuard (Version: 4.2.5.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (x32 Version: v1.0 - Meridian Audio Ltd)
HP CoolSense (x32 Version: 2.10.3 - Hewlett-Packard Company)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7 - Hewlett-Packard) Hidden
HP Documentation (x32 Version: 1.1.0.0 - Hewlett-Packard)
HP Postscript Converter (Version: 3.1.3554 - Hewlett-Packard) Hidden
HP Quick Launch (x32 Version: 3.0.3 - Hewlett-Packard Company)
HP Recovery Manager (x32 Version: 7.00 - Hewlett-Packard) Hidden
HP Registration Service (Version: 1.0.5976.4186 - Hewlett-Packard)
HP Software Framework (x32 Version: 4.6.8.1 - Hewlett-Packard Company)
HP Support Assistant (x32 Version: 7.0.32.44 - Hewlett-Packard Company)
HP Utility Center (x32 Version: 1.0.7 - Hewlett-Packard)
HP Wireless Button Driver (x32 Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (x32 Version: 1.0.6417.0 - IDT)
Incomedia WebSite X5 v10 - Home (x32 Version: 10.1.0.39 - Incomedia s.r.l.)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LogMeIn Hamachi (x32 Version: 2.2.0.114 - LogMeIn, Inc.)
LogMeIn Hamachi (x32 Version: 2.2.0.114 - LogMeIn, Inc.) Hidden
MAGIX Foto & Grafik Designer 7 SE (Version: 7.1.2.26041 - MAGIX AG) Hidden
MAGIX Foto & Grafik Designer 7 SE (x32 Version: 7.1.2.26041 - MAGIX AG)
March of War (x32 Version: - ISOTX)
McAfee Security Scan Plus (x32 Version: 3.0.285.6 - McAfee, Inc.)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Flight (x32 Version: 1.0.0005.129 - Microsoft Studios)
Microsoft Flight (x32 Version: 1.0.0005.129 - Microsoft Studios) Hidden
Microsoft Flight Simulator SimConnect Client v10.0.61259.0 (x32 Version: 10.0.61259.0 - Microsoft Corporation)
Microsoft Flight Simulator X (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 1 (x32 Version: 10.0.61355.0 - Microsoft Game Studios) Hidden
Microsoft Flight Simulator X Service Pack 2 (x32 Version: 10.0.61472.0 - Microsoft Game Studios)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (x32 Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Office 365 Home Premium - de-de (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Minecraft 1.6.1 (x32 Version: - )
MorphVOX Pro (x32 Version: 4.4.9 - Screaming Bee)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 Parser and SDK (x32 Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (x32 Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0 - Microsoft Corporation)
MTA:SA v1.3.1 (x32 Version: v1.3.1 - Multi Theft Auto)
No More Room in Hell (x32 Version: - No More Room in Hell Team)
NVIDIA PhysX (x32 Version: 9.10.0513 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
OMSI 2 (x32 Version: - MR-Software GbR)
OMSI Addon Manager Version 1.2.4 (x32 Version: 1.2.4 - Jan Kiesewalter)
OpenOffice 4.0.1 (x32 Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.4 (Version: 4.3.4 - Oracle Corporation)
Orange Mobiles Internet (x32 Version: 1.0.0.1 - ZTE Corporation)
Origin (x32 Version: 9.3.11.2762 - Electronic Arts, Inc.)
Paint.NET v3.5.11 (Version: 3.61.0 - dotPDN LLC)
PDF Editor 4 (x32 Version: - )
PDF24 Creator 6.0.1 (x32 Version: - PDF24.org)
Pilatus PC-7SAF v.2 Swiss Airforce FSX (Version: - Tim Piglet Conrad)
Pilot Assistant (x32 Version: 1.37.1 - FSopen.co.uk)
PIPER PA-28RT 201 ARROW IV FS2004 (x32 Version: - )
PMDG 737 8900 NGX (x32 Version: 1.00.3219 - PMDG Simulations, LLC.)
PowerISO (x32 Version: 5.8 - Power Software Ltd)
PunkBuster Services (x32 Version: 0.990 - Even Balance, Inc.)
Qualcomm Atheros Bluetooth Suite (64) (Version: 8.0.0.206 - Ihr Firmenname)
Qualcomm Atheros Driver Installation Program (x32 Version: 10.0 - Qualcomm Atheros)
QuickStores-Toolbar 1.1.0 (x32 Version: 1.1.0 - AB-Tools.com) <==== ATTENTION
REALTEK DTV USB DEVICE (x32 Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (x32 Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (x32 Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
San Andreas Mod Installer (x32 Version: 1.1 - cpmusick)
Sci-Fi Voice Pack (x32 Version: 1.3.1 - Screaming Bee)
Ship Simulator Extremes (x32 Version: - )
Silent Hunter III (x32 Version: 1.4.0000 - Ubisoft)
Silent Hunter III (x32 Version: 1.4.0000 - Ubisoft) Hidden
Skiregion Simulator 2012 Demo (x32 Version: 1.0 - GIANTS Software)
Skype™ 6.11 (x32 Version: 6.11.102 - Skype Technologies S.A.)
Softonic toolbar on IE and Chrome (x32 Version: 1.8.21.14 - Softonic) <==== ATTENTION
Sony Mobile Update Engine (x32 Version: 2.13.14.201312091927 - Sony Mobile Communications AB)
Sony PC Companion 2.10.181 (x32 Version: 2.10.181 - Sony)
Sony Pictures Download Manager (HKCU Version: - redeem.sonypicturesstore.com)
SpeedFan (remove only) (x32 Version: - )
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Sunnymedia (x32 Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (Version: 16.2.10.12 - Synaptics Incorporated)
TAP-Windows 9.9.2 (Version: 9.9.2 - )
Team Fortress 2 (x32 Version: - Valve)
TeamSpeak 3 Client (Version: 3.0.13 - TeamSpeak Systems GmbH)
TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer)
Thrustmaster Calibration Tool (x32 Version: 1.03.0000 - Thrustmaster)
Thrustmaster FFB Driver (x32 Version: 2.FFD.2009 - Thrustmaster)
TigerVNC v1.3.0 (20130704) (x32 Version: 1.3.0 - TigerVNC project)
TightVNC (Version: 2.7.10.0 - GlavSoft LLC.)
tools-linux (x32 Version: 9.6.1.1379776 - VMware, Inc.) Hidden
Train Simulator 2014 (x32 Version: - RailSimulator.com)
UK Truck Simulator 1.11 (x32 Version: 1.11 - )
Universal Extractor 1.6.1 (x32 Version: 1.6.1 - Jared Breland)
Unlocker 1.9.1-x64 (Version: 1.9.1 - Cedrick Collomb)
VMware Player (Version: 6.0.1 - VMware, Inc.) Hidden
VMware Player (x32 Version: 6.0.1 - VMware, Inc)
War Thunder (x32 Version: - Gaijin Entertainment)
WebSparkle (Version: 2013.12.07.011955 - WebSparkle)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 5.00 (64-bit) (Version: 5.00.0 - win.rar GmbH)
WinSCP 5.1.7 (x32 Version: 5.1.7 - Martin Prikryl)
Wise Care 365 Version 2.92 (x32 Version: 2.92 - WiseCleaner.com, Inc.)
World of Tanks (x32 Version: - Wargaming.net)
XYplorer 13.40 (x32 Version: 13.40 - Donald Lessau)
==================== Restore Points =========================
22-01-2014 17:02:40 DirectX wurde installiert
23-01-2014 17:54:03 Removed MorphVOX Junior
24-01-2014 19:11:23 Konfiguriert Microsoft Flight Simulator X
26-01-2014 08:16:51 MorphVOX Pro wird installiert
==================== Hosts content: ==========================
2012-07-26 06:26 - 2012-07-26 06:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {02819432-CA60-43A1-950F-D6FB2E0968AE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {06087343-7B33-4D3B-B4CA-DC11C4022F51} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1F95E748-B6B1-4403-909A-19DD2AC1A8C3} - System32\Tasks\WinZipDriverUpdaterRunAtStartup => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
Task: {21118A5A-1ABA-4053-B4A5-3A9E7450FD73} - System32\Tasks\{72956BF5-69D4-4FE9-89FD-7AD85FF0BAAA} => Firefox.exe hxxp://ui.skype.com/ui/0/6.11.0.102/de/abandoninstall?page=tsProgressBar
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3034C8B9-49E7-441E-B76E-69D05BD9467D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {3088735F-3B0D-46AF-B79F-02931703CC8D} - System32\Tasks\Registry Optimizer_DEFAULT => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {30B963C1-9637-42D4-AEBE-8A60229C2DCC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe
Task: {3539C6E9-BA7E-4AB2-A6C0-A9C2748B8A53} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {480028AA-01D6-4FCD-B6B6-BBF9F25501D3} - System32\Tasks\{439DF00E-08F1-4ACC-9DE8-5BBB0BA5286E} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-11-14] (Skype Technologies S.A.)
Task: {5C158AAE-82D0-4928-A14C-B77F36660345} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2012-07-13] (Hewlett-Packard)
Task: {72EFDC41-3C53-4F2D-AE57-A64B213C103B} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {741AECF4-46E8-4392-B19F-756A13D6A275} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION
Task: {93BD7753-ADA9-4246-A708-49BE6919C4DC} - System32\Tasks\Microsoft\Windows\Setup\Windows Upgrade Notification Task => C:\WINDOWS\system32\NotificationUI.exe [2013-08-16] (Microsoft Corporation)
Task: {99FD9982-A167-4DE0-997B-DE8EE1A438C3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26] (Google Inc.)
Task: {9A93284F-B689-4FCA-B51C-EEF501B2CD68} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\SymErr.exe
Task: {9D1B36B7-482B-427F-B9C7-1A940F5DCC11} - System32\Tasks\WinZipDriverUpdater_UPDATES => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {A87B39FC-142E-4B5B-BD63-9D33F8D69024} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.0.0.136\WSCStub.exe
Task: {AAAB1CE1-6C9B-42A8-8EF1-EF9D9CDFF76C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Tuneup => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {B0A589F8-6674-48D8-A2B6-5DC23A0F3840} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Critical Actions Pending => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {C049423C-8CF2-467F-AC1D-81B2050CDA8D} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-01-15] (Microsoft Corporation)
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {C8A4E008-2BFE-4E7A-80A9-5DC61E53CFA8} - System32\Tasks\Registry Optimizer_UPDATES => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {D3EF37D2-9CBC-42A7-9538-074BADFD4061} - System32\Tasks\aviraSWU => Cscript.exe "C:\Program Files (x86)\avira\Internet Explorer\swu.vbs"
Task: {DA3C5438-284C-46CF-B435-4FD31D7A5D6C} - System32\Tasks\Microsoft\Windows\SysResetLogSuccess => Rundll32.exe ResetEng.dll,RjvLogSuccessEntryPoint
Task: {DB04ECA8-99B2-4D51-B01A-F9BE43D43F8D} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {E43882BC-4A40-4346-AFD2-34F86FA47330} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-08-10] (Hewlett-Packard Company)
Task: {E812272F-EA2F-455F-8ECF-AEB75AF23337} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-25] (Adobe Systems Incorporated)
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {EBFAB5F8-4261-43F6-A683-712DB2F6B671} - System32\Tasks\Registry Optimizer => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: {FCE567AF-037E-49FC-853B-93812DE4531E} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_DEFAULT.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\Registry Optimizer_UPDATES.job => C:\Program Files (x86)\WinZip Registry Optimizer\Winzipro.exe
Task: C:\WINDOWS\Tasks\WinZipDriverUpdater_UPDATES.job => C:\Program Files (x86)\WinZip Driver Updater\winzipdu.exe
==================== Loaded Modules (whitelisted) =============
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2012-07-26 08:55 - 2012-07-26 08:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-08-19 20:55 - 2012-08-19 20:55 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-08-19 20:50 - 2012-08-19 20:50 - 00020992 _____ () C:\Program Files (x86)\Bluetooth Suite\L10n\de-DE\BtTray.de-DE.dll
2012-08-08 09:36 - 2012-08-08 09:36 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-08-08 09:22 - 2012-08-08 09:22 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-01-16 18:49 - 2013-12-18 09:32 - 00394808 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-10-18 12:46 - 2013-10-18 12:46 - 01260624 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
2013-08-02 12:41 - 2012-06-08 04:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-08 10:34 - 2012-06-08 10:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-30 19:28 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2013-12-30 19:28 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2013-12-30 19:28 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2013-12-20 19:22 - 2013-12-20 19:22 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-12-14 22:54 - 2013-12-14 22:54 - 03017840 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2013-12-14 22:54 - 2013-12-14 22:54 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2013-12-14 22:54 - 2013-12-14 22:54 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:6B0023F8
AlternateDataStreams: C:\Users\Fabian\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Fabian\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\Fabian\SkyDrive.old:ms-properties
AlternateDataStreams: C:\Users\Fabian\AppData\Roaming:NT
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Hamachi2Svc => ""="Service"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Could not start eventlog service, could not read events.
Der angeforderte Dienst wurde bereits gestartet.
Sie erhalten weitere Hilfe, wenn Sie NET HELPMSG 2182 eingeben.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3554.27 MB
Available physical RAM: 1824.88 MB
Total Pagefile: 7138.27 MB
Available Pagefile: 4950.35 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:408.01 GB) (Free:137.63 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:17.18 GB) (Free:2.13 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (Volume) (Fixed) (Total:39.46 GB) (Free:39.31 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 466 GB) (Disk ID: 4A123D18)
Partition: GPT Partition Type
==================== End Of Log ============================
|
|
02.02.2014, 07:02
| #4 | |
| /// the machine /// TB-Ausbilder | [WINDOWS 8] Komischer Chinesische Eintrag unter DiensteCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2014, 08:03
| #5 |
| | [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste Hier ist die Combofix.txt Code:
ATTFilter ComboFix 14-02-01.01 - Fabian 02.02.2014 7:32.1.2 - x64
Microsoft Windows 8 6.2.9200.0.1252.49.1031.18.3554.1742 [GMT 1:00]
ausgeführt von:: c:\users\Fabian\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\install.exe
c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\SoFTonic.dll
c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoFTonictlbr.dll
c:\users\Fabian\AppData\Local\Microsoft\Windows\INetCache\logo-gamesrocket-gold.png
c:\users\Fabian\AppData\Roaming\Roaming
c:\users\Fabian\AppData\Roaming\Roaming\Quest3D\ShipSimExtreme\channels.lst
c:\users\Fabian\Documents\~yt90CE.tmp
c:\windows\SysWow64\frapsvid.dll
c:\windows\Tasks\WinZipDriverUpdater_UPDATES.job
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-01-02 bis 2014-02-02 ))))))))))))))))))))))))))))))
.
.
2014-02-02 06:55 . 2014-02-02 06:55 -------- d-----w- c:\users\Gast\AppData\Local\temp
2014-02-02 06:55 . 2014-02-02 06:55 -------- d-----w- c:\users\fbwuser\AppData\Local\temp
2014-02-01 14:25 . 2014-02-01 14:28 -------- d-----w- C:\FRST
2014-01-29 14:30 . 2014-01-29 14:30 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-01-29 14:23 . 2014-01-29 14:23 -------- d-----w- c:\users\Fabian\AppData\Roaming\PowerISO
2014-01-29 13:58 . 2014-01-31 18:01 -------- d-----w- c:\users\Fabian\AppData\Local\VMware
2014-01-29 13:58 . 2014-01-31 17:59 -------- d-----w- c:\users\Fabian\AppData\Roaming\VMware
2014-01-29 13:54 . 2013-10-08 17:21 67664 ----a-w- c:\windows\system32\vsocklib.dll
2014-01-29 13:54 . 2013-10-08 17:21 63568 ----a-w- c:\windows\SysWow64\vsocklib.dll
2014-01-29 13:54 . 2013-10-08 17:21 73296 ----a-w- c:\windows\system32\drivers\vsock.sys
2014-01-29 13:54 . 2013-10-18 11:46 64080 ----a-w- c:\windows\system32\drivers\vmx86.sys
2014-01-29 13:53 . 2013-10-18 11:44 32848 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2014-01-29 13:52 . 2013-10-18 11:45 358480 ----a-w- c:\windows\SysWow64\vmnetdhcp.exe
2014-01-29 13:52 . 2013-10-18 11:45 437328 ----a-w- c:\windows\SysWow64\vmnat.exe
2014-01-29 13:52 . 2013-10-18 11:45 30800 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2014-01-29 13:51 . 2013-10-18 11:45 930384 ----a-w- c:\windows\system32\vnetlib64.dll
2014-01-29 13:51 . 2013-10-09 07:04 53816 ----a-w- c:\windows\system32\drivers\hcmon.sys
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files\Common Files\VMware
2014-01-29 13:50 . 2014-02-01 22:17 -------- d-----w- c:\programdata\VMware
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files (x86)\VMware
2014-01-29 13:50 . 2014-01-29 13:50 -------- d-----w- c:\program files (x86)\Common Files\VMware
2014-01-26 12:57 . 2014-01-26 12:57 -------- d-----w- c:\programdata\Tarma Installer
2014-01-25 15:22 . 2014-01-25 15:22 -------- d-----w- c:\program files (x86)\Common Files\Screaming Bee
2014-01-25 15:22 . 2014-01-25 15:24 -------- d-----w- c:\programdata\Screaming Bee
2014-01-25 11:11 . 2014-01-25 11:11 53505 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstall_CT206H.exe
2014-01-25 11:11 . 2014-01-25 11:11 -------- d-----w- C:\Archivos de programa
2014-01-25 11:08 . 2014-01-25 11:08 97078 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Uninstal.exe
2014-01-25 07:30 . 2014-01-25 07:30 -------- d-----w- c:\programdata\McAfee Security Scan
2014-01-25 07:30 . 2014-01-25 07:30 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2014-01-24 19:34 . 2014-01-24 19:34 -------- d-----w- c:\windows\PCHEALTH
2014-01-23 12:33 . 2014-01-23 12:33 41504 ---ha-w- c:\windows\system32\drivers\Hamdrv.sys
2014-01-22 17:08 . 2014-02-01 09:16 -------- d-----w- c:\users\Fabian\AppData\Local\ArmA 2
2014-01-21 18:20 . 2014-01-21 18:20 -------- d-----w- c:\programdata\OMSI AM
2014-01-21 18:14 . 2014-01-25 15:17 -------- d-----w- c:\program files (x86)\OMSI Addon Manager
2014-01-21 18:14 . 2014-01-21 18:14 -------- d-----w- c:\users\Fabian\AppData\Local\OMSI AM
2014-01-21 15:32 . 2014-01-25 15:24 -------- d-----w- c:\users\Fabian\AppData\Roaming\Screaming Bee
2014-01-21 15:29 . 2014-01-25 15:41 -------- d-----w- c:\program files (x86)\Screaming Bee
2014-01-20 21:33 . 2014-01-20 21:33 -------- d-----w- c:\program files (x86)\7-Zip
2014-01-20 21:24 . 2014-01-20 21:24 -------- d-----w- c:\program files (x86)\Universal Extractor
2014-01-20 17:04 . 2014-01-20 17:04 -------- d-----w- C:\Aerosoft
2014-01-18 15:12 . 2014-01-18 15:13 -------- d-----w- c:\program files (x86)\Skiregion Simulator 2012 Demo
2014-01-16 17:53 . 2014-01-16 17:53 -------- d-----w- c:\users\Fabian\AppData\Roaming\Avira
2014-01-16 17:49 . 2013-12-18 08:32 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-01-16 17:49 . 2013-12-18 08:32 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-01-16 17:49 . 2013-12-18 08:32 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-01-16 17:49 . 2014-01-16 17:53 -------- d-----w- c:\program files (x86)\Avira
2014-01-16 17:49 . 2014-01-16 17:49 -------- d-----w- c:\programdata\Avira
2014-01-14 19:04 . 2014-01-14 19:04 -------- d-----w- c:\users\Fabian\AppData\Roaming\Quest3D
2014-01-14 18:50 . 2014-01-14 18:50 -------- d-----w- c:\program files (x86)\Vstep
2014-01-12 11:48 . 2008-08-15 14:42 41984 ----a-w- c:\windows\system32\tmffbdrv.dll
2014-01-12 11:48 . 2008-08-15 08:30 276992 ----a-w- c:\windows\system32\tmffbcpl.dll
2014-01-12 11:48 . 2008-08-15 14:43 34304 ----a-w- c:\windows\SysWow64\tmffbdrv.dll
2014-01-12 11:18 . 2006-05-16 14:07 99840 ----a-w- c:\windows\system32\_IsRes.dll
2014-01-12 11:18 . 2007-01-20 03:44 208304 ----a-w- c:\windows\system32\isrt.dll
2014-01-10 22:52 . 2014-01-10 22:52 45056 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe1_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 45056 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GameShadow.exe_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 40960 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{D98C9637-93DA-44DB-B73A-B11A1192AB26}\GSDR.exe_D9316813509243FDA4C292F72F483E61.exe
2014-01-10 22:52 . 2014-01-10 22:52 -------- d-----w- c:\program files (x86)\GameShadow
2014-01-10 22:45 . 2014-01-10 22:46 -------- d-----w- c:\program files (x86)\Ubisoft
2014-01-10 22:04 . 2014-01-10 22:04 -------- d-----w- c:\users\Fabian\AppData\Local\Nexway
2014-01-10 20:11 . 2014-01-10 20:11 -------- d-----w- c:\program files\CPUID
2014-01-10 17:35 . 2014-01-10 17:35 -------- d-----w- C:\Games
2014-01-06 17:39 . 2014-01-06 17:39 -------- d-----w- c:\programdata\HP
2014-01-06 17:28 . 2014-01-06 17:28 -------- d-----w- c:\users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 17:27 . 2014-01-06 17:27 -------- d-----w- c:\program files (x86)\PDF Editor 4
2014-01-06 17:27 . 2014-01-06 17:27 87704 ----a-w- c:\windows\cadkasdeinst01.exe
2014-01-06 11:30 . 2014-01-06 11:58 -------- d-----w- c:\users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 11:30 . 2014-01-06 11:30 -------- d-----w- c:\users\Fabian\AppData\Local\Craften.de
2014-01-04 13:32 . 2014-01-04 13:32 -------- d-----w- c:\users\Fabian\AppData\Roaming\WinZip
2014-01-04 13:31 . 2014-01-04 13:31 -------- d-----w- c:\users\Fabian\AppData\Roaming\Nico Mak Computing
2014-01-04 13:31 . 2012-02-08 09:29 18760 ----a-w- c:\windows\system32\roboot64.exe
2014-01-04 13:31 . 2014-01-04 15:53 -------- d-----w- c:\users\Fabian\AppData\Roaming\FileZilla
2014-01-04 09:31 . 2014-01-22 14:17 -------- d-----w- c:\users\Fabian\AppData\Roaming\.minecraft
2014-01-03 10:51 . 2012-01-25 21:08 7680 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\TrafficInfo.dll
2014-01-03 10:51 . 2012-01-25 21:07 40960 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\GaugeSound.dll
2014-01-03 10:51 . 2012-01-25 21:07 155648 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\TCAS2v7.dll
2014-01-03 10:51 . 2012-01-25 21:08 8704 ------w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\concord\panel\FSSound.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-24 16:26 . 2014-01-24 16:26 246960 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10231.bin
2014-01-15 19:34 . 2013-10-28 21:51 86054176 ----a-w- c:\windows\system32\MRT.exe
2014-01-15 17:31 . 2013-11-13 23:05 566480 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-01-09 08:02 . 2013-11-13 22:28 78296 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-09 08:02 . 2013-11-13 22:28 694240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-12-30 08:03 . 2013-12-30 08:03 27760 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2013-12-30 08:03 . 2013-12-30 08:03 1721576 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2013-12-30 08:03 . 2013-12-30 08:03 14448 ----a-w- c:\windows\system32\drivers\ggflt.sys
2013-12-13 14:21 . 2013-12-13 14:21 65536 ----a-r- c:\users\Fabian\AppData\Roaming\Microsoft\Installer\{2AB0360C-AB63-423C-9C4A-7079110CD17F}\manual.PDF_2AB0360CAB63423C9C4A7079110CD17F.exe
2013-12-04 03:28 . 2014-01-16 17:44 10315576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{27B86A91-B536-4740-8051-053459C9455E}\mpengine.dll
2013-11-29 16:44 . 2013-12-08 20:28 252688 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-11-29 16:43 . 2013-12-08 20:27 126736 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-11-29 16:43 . 2013-11-29 16:43 154896 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2013-11-29 16:43 . 2013-11-29 16:43 140560 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2013-11-29 16:40 . 2013-11-29 16:40 204048 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2013-11-23 06:43 . 2013-12-11 14:54 420864 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-23 05:05 . 2013-12-11 14:54 368640 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-19 10:21 . 2013-11-05 22:40 267936 ------w- c:\windows\system32\MpSigStub.exe
2013-11-10 14:08 . 2013-10-27 09:35 50784 ----a-w- c:\programdata\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin
2013-11-06 23:18 . 2013-12-11 14:55 4036608 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2013-10-15 226592]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{A18A516C-AA41-46A9-92DB-60208917E442}]
2013-12-11 15:49 184400 ----a-w- c:\program files (x86)\Avira\Internet Explorer\avira32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
2013-10-15 07:01 226592 ----a-w- c:\program files (x86)\Hotspot_Shield\prxtbHots.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{c95a4e8e-816d-4655-8c79-d736da1adb6d}"= "c:\program files (x86)\Hotspot_Shield\prxtbHots.dll" [2013-10-15 226592]
.
[HKEY_CLASSES_ROOT\clsid\{c95a4e8e-816d-4655-8c79-d736da1adb6d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\users\Fabian\AppData\Roaming\uTorrent\uTorrent.exe" [2013-11-16 900440]
"BackgroundContainer"="c:\users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll" [2013-10-15 319264]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2014-01-27 1815976]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-11-29 3551576]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-11-14 20584608]
"CyberGhost"="c:\program files\CyberGhost 5\CyberGhost.EXE" [2014-01-16 358000]
"Akamai NetSession Interface"="c:\users\Fabian\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-05-29 449248]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-08 642216]
"CLVirtualDrive"="c:\program files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" [2012-07-26 491320]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-07-09 580512]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-08-26 1342008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2014-01-10 1778640]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2013-10-28 185896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-09-05 958576]
"UIExec"="c:\program files (x86)\Orange Mobiles Internet\UIExec.exe" [2012-07-25 157000]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2013-11-18 623376]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2013-10-23 377368]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-12-18 684600]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2014-01-23 3813200]
.
c:\users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OMSI Addon Manager.lnk - c:\program files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe -silent [2014-1-21 737280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-12-30 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 CGVPNCliService;CyberGhost VPN 5 Client Service;c:\program files\CyberGhost 5\Service.exe;c:\program files\CyberGhost 5\Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 ATHDFU;Qualcomm Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
R3 BthLEEnum;Treiber für energiearme Bluetooth-Geräte;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\System32\drivers\ggflt.sys;c:\windows\SYSNATIVE\drivers\ggflt.sys [x]
R3 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
R3 lehidmini;Bluetooth Low Energy Hid Device;c:\windows\System32\drivers\leath_hid.sys;c:\windows\SYSNATIVE\drivers\leath_hid.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\System32\drivers\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\drivers\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\System32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 SmbDrv;SmbDrv;c:\windows\System32\drivers\Smb_driver_AMDASF.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_AMDASF.sys [x]
R3 SmbDrvI;SmbDrvI;c:\windows\System32\drivers\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\drivers\Smb_driver_Intel.sys [x]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
R3 zte_cdc_acm;ZTE All CDC-ACM driver;c:\windows\system32\DRIVERS\zte_cdc_acm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_acm.sys [x]
R3 zte_cdc_ecm;zte_cdc_ecm;c:\windows\system32\DRIVERS\zte_cdc_ecm.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cdc_ecm.sys [x]
R3 zte_cpo;ZTE All Install;c:\windows\system32\DRIVERS\zte_cpo.sys;c:\windows\SYSNATIVE\DRIVERS\zte_cpo.sys [x]
R3 zte_ecm_enum;ZTE All DC Enumerator;c:\windows\System32\drivers\zte_ecm_enum.sys;c:\windows\SYSNATIVE\drivers\zte_ecm_enum.sys [x]
R3 zte_ecm_enum_filter;zte_ecm_enum_filter;c:\windows\System32\drivers\zte_ecm_enum_filter.sys;c:\windows\SYSNATIVE\drivers\zte_ecm_enum_filter.sys [x]
R4 ????????t;????4????t;???????????????????????????;??????????????????????????? [x]
S0 amd_sata;amd_sata;c:\windows\System32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\System32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\System32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 APNMCP;Ask Aktualisierungsdienst;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x]
S2 APXACC;AppEx Networks Accelerator LWF;c:\windows\system32\DRIVERS\appexDrv.sys;c:\windows\SYSNATIVE\DRIVERS\appexDrv.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 OfficeSvc;Microsoft Office-Dienst;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe;c:\program files\TightVNC\tvnserver.exe [x]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Orange Mobiles Internet\AssistantServices.exe;c:\program files (x86)\Orange Mobiles Internet\AssistantServices.exe [x]
S2 Update WebSparkle;Update WebSparkle;c:\program files (x86)\WebSparkle\updateWebSparkle.exe;c:\program files (x86)\WebSparkle\updateWebSparkle.exe [x]
S2 Util WebSparkle;Util WebSparkle;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe;c:\program files (x86)\WebSparkle\bin\utilWebSparkle.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW86.sys;c:\windows\SYSNATIVE\drivers\AtihdW86.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 RSP2STOR;Realtek PCIE CardReader Driver - P2;c:\windows\system32\DRIVERS\RtsP2Stor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsP2Stor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
S3 WirelessButtonDriver;HP Wireless Button Driver Service;c:\windows\System32\drivers\WirelessButtonDriver64.sys;c:\windows\SYSNATIVE\drivers\WirelessButtonDriver64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
apphost REG_MULTI_SZ apphostsvc
iissvcs REG_MULTI_SZ w3svc was
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-01-29 19:05 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-26 07:30]
.
2014-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 17:45]
.
2014-02-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-10-26 17:45]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-01-15 17:33 2331336 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-07-21 1425408]
"BtPreLoad"="c:\program files (x86)\Bluetooth Suite\BtPreLoad.exe" [2012-08-19 64640]
"tvncontrol"="c:\program files\TightVNC\tvnserver.exe" [2013-07-19 2179056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-01-14 21720]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
LSP: %windir%\system32\vsocklib.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/analytics/web/?et&authuser=0#realtime/rt-overview/a46668730w77731111p80356051/%3Ffilter.list%3D1%3D%3DAustria%3B%26mapMode.type%3DgeoChart/
FF - ExtSQL: 2013-12-07 02:20; firefox@websparkle.biz; c:\users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\extensions\firefox@websparkle.biz.xpi
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{E87806B5-E908-45FD-AF5E-957D83E58E68} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\bh\Softonic.dll
Toolbar-{5018CFD2-804D-4C99-9F81-25EAEA2769DE} - c:\program files (x86)\Softonic\Softonic\1.8.21.14\SoftonicTlbr.dll
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
Wow6432Node-HKLM-Run-ClockGen - c:\users\Fabian\Desktop\ClockGen.exe
Wow6432Node-HKLM-Run-IR_SERVER - c:\progra~2\Realtek\REALTE~2\IR_SERVER.exe
WebBrowser-{C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-BattlEye for A2 - c:\program files (x86)\Steam\steamapps\common\Arma 2BattlEye\UnInstallBE.exe
AddRemove-Minecraft 1.6.1 - c:\users\Fabian\AppData\Roaming\.minecraft\Uninstall.exe
AddRemove-{B8019B54-F9BE-490A-9619-6D06F18F129F} - c:\program files (x86)\InstallShield Installation Information\{B8019B54-F9BE-490A-9619-6D06F18F129F}\setup.exe
AddRemove-{EAEDE38E-4126-42B7-BC6D-93E3A2EC06E9}_is1 - c:\users\Fabian\Downloads\FSCloud\unins000.exe
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\CLVirtualDrive]
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\Fabian\Downloads\FSX_Acceleration.iso"
Binary file temp00 matches
"ImagePath"="\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys"
"ImagePath:"="c:\users\Fabian\Downloads\FSX_Acceleration.iso"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WiseBootAssistant ]
"ImagePath"="???????????????????????????"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0_45"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Classes\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.7.0"
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}"=hex:51,66,7a,6c,4c,1d,38,12,e0,4d,49,
cd,5f,cf,3b,03,f3,6f,94,76,df,44,9f,79
"{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}"=hex:51,66,7a,6c,4c,1d,38,12,fa,ba,fe,
14,ca,09,99,06,d1,80,b1,aa,66,b7,bd,1b
"{5018CFD2-804D-4C99-9F81-25EAEA2769DE}"=hex:51,66,7a,6c,4c,1d,38,12,bc,cc,0b,
54,7f,ce,f7,09,e0,97,66,aa,ef,79,2d,ca
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{A18A516C-AA41-46A9-92DB-60208917E442}"=hex:51,66,7a,6c,4c,1d,38,12,02,52,99,
a5,73,e4,c7,03,ed,cd,23,60,8c,49,a0,56
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,
b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{E76FD755-C1BA-4DCB-9F13-99BD91223ADE}"=hex:51,66,7a,6c,4c,1d,38,12,3b,d4,7c,
e3,88,8f,a5,08,e0,05,da,fd,94,7c,7e,ca
"{E87806B5-E908-45FD-AF5E-957D83E58E68}"=hex:51,66,7a,6c,4c,1d,38,12,db,05,6b,
ec,3a,a7,93,00,d0,48,d6,3d,86,bb,ca,7c
"{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}"=hex:51,66,7a,6c,4c,1d,38,12,ce,98,c3,
35,c7,5c,a0,09,c1,9c,6a,63,e2,38,41,ce
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:26,8a,27,f0,64,18,cf,01
.
[HKEY_USERS\.DefaultCsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,1d,b7,7f,a1,f7,7e,4a,8d,5b,64,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,03,1d,b7,7f,a1,f7,7e,4a,8d,5b,64,\
.
[HKEY_USERS\S-1-5-21-3660341198-1247186543-1459392912-1002CsiTool-CreateHive-{00000000-0000-0000-0000-000000000000}\Software\SecuROM\License information*]
"datasecu"=hex:59,e6,01,38,45,48,59,7a,fb,9a,ee,b0,8a,40,d6,57,37,3a,6e,cb,7d,
c3,d0,34,fa,7c,96,1d,1c,08,d6,d1,b3,e6,07,86,3c,41,56,3d,6d,ee,91,3d,7d,85,\
"rkeysecu"=hex:be,a1,50,6d,0e,f0,e7,5f,4f,22,b5,07,59,3c,fc,b5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WiseBootAssistant*]
"Type"=dword:00000110
"Start"=dword:00000004
"ErrorControl"=dword:00000001
"ImagePath"=expand:"???????????????????????????"
"DisplayName"="????4????t\""
"WOW64"=dword:00000001
"ObjectName"="LocalSystem"
.
Zeit der Fertigstellung: 2014-02-02 08:00:41
ComboFix-quarantined-files.txt 2014-02-02 07:00
.
Vor Suchlauf: 21 Verzeichnis(se), 157*904*760*832 Bytes frei
Nach Suchlauf: 29 Verzeichnis(se), 163*105*042*432 Bytes frei
.
- - End Of File - - 3DC05E4632D25E52B340AC4D58248FBA
5FB38429D5D77768867C76DCBDB35194
|
|
03.02.2014, 10:03
| #6 |
| /// the machine /// TB-Ausbilder | [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste |
|
03.02.2014, 15:24
| #7 |
| | [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste Vielen Dank, Das hier ist erstmal das von malwarebytes : Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.02.03.02 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16750 Fabian :: FABIPC [Administrator] 03.02.2014 10:17:08 mbam-log-2014-02-03 (10-17-08).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 795976 Laufzeit: 3 Stunde(n), 21 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 2 C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe (PUP.Optional.WebSparkle.A) -> 2248 -> Löschen bei Neustart. C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe (PUP.Optional.WebSparkle.A) -> 1096 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKLM\SYSTEM\CurrentControlSet\Services\Update WebSparkle (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SYSTEM\CurrentControlSet\Services\Util WebSparkle (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23} (PUP.Optional.BrowseFox.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\WebSparkle (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Conduit\FF (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\WebSparkle (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IECT1561552 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BackgroundContainer (PUP.Optional.Conduit) -> Daten: "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 8 C:\Program Files (x86)\WebSparkle (PUP.Optional.WebSparkle.A) -> Löschen bei Neustart. C:\Program Files (x86)\WebSparkle\bin (PUP.Optional.WebSparkle.A) -> Löschen bei Neustart. C:\Program Files (x86)\WebSparkle\bin\plugins (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Roaming\OpenCandy\592611DFE97142A89C62214B68626F2F (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Roaming\OpenCandy\9BFE30C8F90E47308A6B559131069ABF (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Conduit\IE (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Conduit\IE\CT1561552 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 27 C:\Program Files (x86)\WebSparkle\updateWebSparkle.exe (PUP.Optional.WebSparkle.A) -> Löschen bei Neustart. C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.exe (PUP.Optional.WebSparkle.A) -> Löschen bei Neustart. C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\BaiDu\hao123inst-saudi-forf.exe (PUP.Optional.Hao123.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Hotspot_Shield\Hotspot_ShieldToolbarHelper.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Local\Conduit\CT1561552\Hotspot_ShieldAutoUpdateHelper.exe (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\LocalLow\Hotspot_Shield\hk64tbHot0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\LocalLow\Hotspot_Shield\hktbHot0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\LocalLow\Hotspot_Shield\ldrtbHot0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\LocalLow\Hotspot_Shield\tbHot0.dll (PUP.Optional.Conduit) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.4.0.4_0\mgHelperGC.dll (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Fabian\AppData\Roaming\OpenCandy\E92BD989A7194DECA0579C7A943A2557\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Fabian\AppData\Roaming\VideoUpdater\videocodecs.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Fabian\AppData\Roaming\Winbooter\svchost.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\WebSparkle.ico (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\updateWebSparkle.InstallState (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\WebSparkleUninstall.exe (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\bin\sqlite3.dll (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\bin\utilWebSparkle.InstallState (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\bin\plugins\WebSparkle.FFUpdate.dll (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\bin\plugins\WebSparkle.GCUpdate.dll (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSparkle\bin\plugins\WebSparkle.IEUpdate.dll (PUP.Optional.WebSparkle.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Roaming\OpenCandy\592611DFE97142A89C62214B68626F2F\pokkiInstaller.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fabian\AppData\Roaming\OpenCandy\9BFE30C8F90E47308A6B559131069ABF\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Conduit\IE\CT1561552\configutaion.json (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Conduit\IE\CT1561552\SetupIcon.ico (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Conduit\IE\CT1561552\UninstallerUI.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) MfG Hier ist einmal die ADW Cleaner LOGDatei: Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 03/02/2014 um 14:50:06
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzername : Fabian - FABIPC
# Gestartet von : C:\Users\Fabian\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Registry Optimizer
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Hotspot_Shield
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\WINDOWS\assembly\GAC_MSIL\QuickStoresToolbar
Ordner Gelöscht : C:\WINDOWS\SysWOW64\Hotspot Shield
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Hotspot_Shield
Ordner Gelöscht : C:\Users\Fabian\AppData\LocalLow\Softonic
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Users\Fabian\AppData\Roaming\Softonic
Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Schule\AppData\LocalLow\Hotspot_Shield
Ordner Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\invalidprefs.js
Datei Gelöscht : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\nh3vajxj.default\searchplugins\ask-search.xml
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{87EAB409-97D7-4889-ACFA-C548FC6F3ECF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BFCEF399-5CBA-4424-9548-3E2A4D406E91}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F027D597-5438-4FFE-A21D-BA5B0DA8372A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C95A4E8E-816D-4655-8C79-D736DA1ADB6D}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\anchorfree
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Hotspot_Shield
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Hotspot_Shield
Schlüssel Gelöscht : HKLM\Software\InstallIQ
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16537
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\prefs.js ]
[ Datei : C:\Users\Schule\AppData\Roaming\Mozilla\Firefox\Profiles\nh3vajxj.default\prefs.js ]
-\\ Google Chrome v32.0.1700.102
[ Datei : C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [14107 octets] - [03/02/2014 14:48:25]
AdwCleaner[S0].txt - [12717 octets] - [03/02/2014 14:50:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [12778 octets] ##########
Hier ist die JRT LOG : Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 8 x64
Ran by Fabian on 03.02.2014 at 15:07:58,28
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\apntbmon
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3660341198-1247186543-1459392912-1002\Software\Microsoft\Internet Explorer\Main\\Start Page
Suspicious HKCU\..\Run entries found. Trojan:JS/Medfos.B?
Value Name Type Value Data
========================================================================================
BackgroundContainer REG_SZ "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{5E1F3188-CD42-4818-BF6C-F632977A29F1}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C25460F8-8591-4752-B757-1258CF467736}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{5E1F3188-CD42-4818-BF6C-F632977A29F1}
~~~ Files
Successfully deleted: [File] "C:\Users\Fabian\appdata\locallow\SkwConfig.bin"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Fabian\appdata\local\{2422671C-2DFD-4EF6-98F4-41E8BBCC3D87}
Successfully deleted: [Empty Folder] C:\Users\Fabian\appdata\local\{461D6637-6DDD-4724-A331-7393AD392989}
Successfully deleted: [Empty Folder] C:\Users\Fabian\appdata\local\{957EF13B-4012-42CD-AF3E-253C68327A5B}
~~~ FireFox
Emptied folder: C:\Users\Fabian\AppData\Roaming\mozilla\firefox\profiles\pd74uduu.default\minidumps [17 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2014 at 15:16:37,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MfG Hier ist nochmal eine neue FRST Log : FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Fabian (administrator) on FABIPC on 03-02-2014 15:20:58
Running from C:\Users\Fabian\Downloads
Windows 8 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(GlavSoft LLC.) C:\Program Files\TightVNC\tvnserver.exe
() C:\Program Files (x86)\Orange Mobiles Internet\AssistantServices.exe
(TigerVNC Project) C:\Program Files (x86)\TigerVNC\winvnc4.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
(Jan Kiesewalter) C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
() C:\Program Files (x86)\Orange Mobiles Internet\UIExec.exe
(Power Software Ltd) C:\Program Files\PowerISO\PWRISOVM.EXE
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(TeamSpeak Systems GmbH) C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-07-21] (IDT, Inc.)
HKLM\...\Run: [BtPreLoad] - C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-19] ()
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-24] (Synaptics Incorporated)
HKLM\...\Run: [tvncontrol] - C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-08-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491320 2012-07-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Quick Launch] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-09] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-09-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Orange Mobiles Internet\UIExec.exe [157000 2012-07-25] ()
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [623376 2013-11-18] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [PWRISOVM.EXE] - C:\Program Files\PowerISO\PWRISOVM.EXE [377368 2013-10-23] (Power Software Ltd)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3813200 2014-01-23] (LogMeIn Inc.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [uTorrent] - C:\Users\Fabian\AppData\Roaming\uTorrent\uTorrent.exe [900440 2013-11-16] (BitTorrent Inc.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1815976 2014-01-27] (Valve Corporation)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [EADM] - C:\Program Files (x86)\Origin\Origin.exe [3551576 2013-11-29] (Electronic Arts)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [CyberGhost] - C:\Program Files\CyberGhost 5\CyberGhost.EXE [358000 2014-01-16] (CyberGhost S.R.L.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Akamai NetSession Interface] - C:\Users\Fabian\AppData\Local\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [Sony PC Companion] - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [449248 2013-05-29] (Sony)
HKU\S-1-5-21-3660341198-1247186543-1459392912-1002\...\Run: [BackgroundContainer] - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Users\Fabian\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION
Startup: C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OMSI Addon Manager.lnk
ShortcutTarget: OMSI Addon Manager.lnk -> C:\Program Files (x86)\OMSI Addon Manager\OMSI Addon Manager.exe (Jan Kiesewalter)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPCON13/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCON13/1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKLM - {5E1F3188-CD42-4818-BF6C-F632977A29F1} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de3-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-29880-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 195.34.133.21 212.186.211.21
Tcpip\..\Interfaces\{0908D8C7-03B6-41E2-BD87-02A227E4E6C1}: [NameServer]151.236.6.156
FireFox:
========
FF ProfilePath: C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default
FF Homepage: https://www.google.com/analytics/web/?et&authuser=0#realtime/rt-overview/a46668730w77731111p80356051/%3Ffilter.list%3D1%3D%3DAustria%3B%26mapMode.type%3DgeoChart/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Savings Advisor - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\Extensions\ciuvo-extension@avira.de [2014-01-16]
FF Extension: WebSparkle - C:\Users\Fabian\AppData\Roaming\Mozilla\Firefox\Profiles\pd74uduu.default\Extensions\firefox@websparkle.biz.xpi [2013-12-07]
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: Search the web (Softonic)
CHR DefaultSearchURL: hxxp://www.google.com
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-26]
CHR Extension: (Google Drive) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-10-26]
CHR Extension: (YouTube) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-26]
CHR Extension: (Avira Sparberater) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb [2014-01-16]
CHR Extension: (Google-Suche) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-26]
CHR Extension: (Softonic Chrome Toolbar) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf [2013-11-19]
CHR Extension: (Norton Identity Protection) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-10-26]
CHR Extension: (Google Wallet) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-16]
CHR Extension: (Google Mail) - C:\Users\Fabian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-26]
CHR HKLM-x32\...\Chrome\Extension: [cojnmaaohncijldefpkpkkakjonfmgeb] - C:\Program Files (x86)\avira\Chrome\avira-1.5.14.crx [2013-12-11]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-08-08] (Advanced Micro Devices, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-01-11] (APN LLC.)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [398096 2013-11-18] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [385808 2013-11-18] (BlueStack Systems, Inc.)
S2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [64112 2014-01-16] (CyberGhost S.R.L)
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [377104 2013-12-13] (LogMeIn, Inc.)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [75136 2013-10-30] ()
R2 tvnserver; C:\Program Files\TightVNC\tvnserver.exe [2179056 2013-07-19] (GlavSoft LLC.)
R2 UI Assistant Service; C:\Program Files (x86)\Orange Mobiles Internet\AssistantServices.exe [274760 2012-07-25] ()
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 WinVNC4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [5737493 2013-07-04] (TigerVNC Project)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-08-19] (Atheros)
S4 楗敳潂瑯獁楳瑳湡t; 㩃停潲牧浡䘠汩獥⠠㡸⤶坜獩履楗敳䌠牡㘳尵潂瑯楔敭攮數 [x]
==================== Drivers (Whitelisted) ====================
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-18] (Advanced Micro Devices)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [77584 2013-11-18] (BlueStack Systems)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-19] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-26] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 Hamachi; C:\Windows\system32\DRIVERS\Hamdrv.sys [41504 2014-01-23] (LogMeIn Inc.)
S3 lehidmini; C:\Windows\System32\drivers\leath_hid.sys [39704 2012-08-19] (Atheros)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-03] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [43832 2012-08-24] (Synaptics Incorporated)
S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-09-17] (Anchorfree Inc.)
S3 tapoas; C:\Windows\system32\DRIVERS\tapoas.sys [30720 2010-08-03] (The OpenVPN Project)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-06-27] (Hewlett-Packard Development Company, L.P.)
S3 zte_cdc_acm; C:\Windows\system32\DRIVERS\zte_cdc_acm.sys [79872 2011-08-11] (ZTE)
S3 zte_cdc_ecm; C:\Windows\system32\DRIVERS\zte_cdc_ecm.sys [36864 2011-08-11] (ZTE)
S3 zte_cpo; C:\Windows\system32\DRIVERS\zte_cpo.sys [14336 2011-08-11] (ZTE)
S3 zte_ecm_enum; C:\Windows\System32\drivers\zte_ecm_enum.sys [56320 2011-08-11] (ZTE)
S3 zte_ecm_enum_filter; C:\Windows\System32\drivers\zte_ecm_enum_filter.sys [56320 2011-08-11] (ZTE)
S5 AppMgmt; C:\Windows\system32\svchost.exe [29696 2012-09-20] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 DfSdkS;
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [x]
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [x]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 15:20 - 2014-02-03 15:20 - 00000000 ____D () C:\Users\Fabian\Downloads\FRST-OlderVersion
2014-02-03 15:16 - 2014-02-03 15:16 - 00002965 _____ () C:\Users\Fabian\Desktop\JRT.txt
2014-02-03 15:07 - 2014-02-03 15:07 - 01037068 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2014-02-03 15:07 - 2014-02-03 15:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-03 14:55 - 2014-02-03 14:55 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 14:48 - 2014-02-03 14:50 - 00000000 ____D () C:\AdwCleaner
2014-02-03 14:47 - 2014-02-03 14:47 - 01166132 _____ () C:\Users\Fabian\Downloads\adwcleaner.exe
2014-02-03 13:02 - 2014-02-03 14:55 - 00003136 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2014-02-03 13:01 - 2014-02-03 13:01 - 00000606 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-03 13:00 - 2014-02-03 13:00 - 02624200 _____ () C:\Users\Fabian\Downloads\Fraps_v3.5.9_Build_15586.rar
2014-02-03 12:52 - 2014-02-03 12:52 - 02632904 _____ () C:\Users\Fabian\Downloads\F_v3.5.99.zip
2014-02-03 12:41 - 2014-02-03 12:41 - 00000000 ____D () C:\Users\Fabian\Documents\Camtasia Studio
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\ProgramData\TechSmith
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-03 12:29 - 2014-02-03 12:33 - 175040512 _____ () C:\Users\Fabian\Downloads\camtasiade.msi
2014-02-03 12:07 - 2010-04-04 12:42 - 00000155 _____ () C:\Users\Fabian\Desktop\readme.txt
2014-02-03 12:03 - 2011-08-23 11:29 - 358007328 _____ (Acresso Software Inc. ) C:\Users\Fabian\Desktop\AS_APPROACHING-INNSBRUCK_FSX_V120.exe
2014-02-03 11:13 - 2014-02-03 11:13 - 00074177 _____ () C:\Users\Fabian\Downloads\FRAPS19D.EXE
2014-02-03 10:14 - 2014-02-03 10:14 - 00001147 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 10:14 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-03 10:09 - 2014-02-03 10:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-02 23:03 - 2014-02-02 23:03 - 30022170 _____ () C:\Users\Fabian\Downloads\firefox-26.0.tar.bz2
2014-02-02 17:49 - 2014-02-03 13:26 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2014-02-02 17:19 - 2014-02-02 17:19 - 00000905 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-02 17:18 - 2014-02-02 17:18 - 23884615 _____ () C:\Users\Fabian\Downloads\vlc-2.1.2-win64.exe
2014-02-02 17:18 - 2014-02-02 17:18 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-02 17:15 - 2014-02-02 17:16 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\avidemux
2014-02-02 17:15 - 2014-02-02 17:15 - 00001075 _____ () C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2014-02-02 17:14 - 2014-02-02 17:15 - 00000000 ____D () C:\Program Files (x86)\Avidemux 2.6
2014-02-02 17:13 - 2014-02-02 17:13 - 17848828 _____ () C:\Users\Fabian\Downloads\avidemux_2.6.7_win32.exe
2014-02-02 15:40 - 2014-02-02 15:40 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\BANDISOFT
2014-02-02 15:39 - 2014-02-02 15:39 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-02 15:37 - 2014-02-02 16:05 - 1860451319 _____ () C:\Users\Fabian\Downloads\FEX2-Setup.exe
2014-02-02 15:37 - 2014-02-02 15:37 - 00000000 ____D () C:\Users\Fabian\Downloads\Crack
2014-02-02 15:37 - 2014-02-02 15:37 - 00000000 ____D () C:\Users\Fabian\Downloads\Bandicam v1.9.2.454 FULL+Keygen {Cyclonoid}
2014-02-02 15:31 - 2014-02-02 15:31 - 00013990 _____ () C:\Users\Fabian\Downloads\flt1chk4.dll
2014-02-02 14:57 - 2014-02-02 14:57 - 00001084 _____ () C:\Users\Fabian\Desktop\VNC-Viewer-5.1.0-Windows-64bit - Verknüpfung.lnk
2014-02-02 13:04 - 2014-02-02 15:57 - 00000308 _____ () C:\Users\Fabian\Downloads\DCrack Readme.txt
2014-02-02 12:27 - 2014-02-02 12:28 - 47097488 _____ () C:\Users\Fabian\Downloads\ts3_recording_14_02_02_6_19_23.wav
2014-02-02 09:42 - 2014-02-02 09:42 - 00000000 ____D () C:\Users\Fabian\AppData\Local\RealVNC
2014-02-02 09:41 - 2014-02-02 09:41 - 03215168 _____ (RealVNC Ltd) C:\Users\Fabian\Desktop\VNC-Viewer-5.1.0-Windows-64bit.exe
2014-02-02 09:24 - 2014-02-02 09:24 - 00662448 _____ (GlavSoft LLC.) C:\Users\Fabian\Downloads\tightvnc-2.0.4-setup.exe
2014-02-02 08:00 - 2014-02-02 08:00 - 00037394 _____ () C:\ComboFix.txt
2014-02-02 07:28 - 2011-06-26 07:45 - 00256000 _____ () C:\WINDOWS\PEV.exe
2014-02-02 07:28 - 2010-11-07 18:20 - 00208896 _____ () C:\WINDOWS\MBR.exe
2014-02-02 07:28 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\WINDOWS\NIRCMD.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\WINDOWS\SWREG.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\WINDOWS\SWSC.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00212480 _____ (SteelWerX) C:\WINDOWS\SWXCACLS.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00098816 _____ () C:\WINDOWS\sed.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00080412 _____ () C:\WINDOWS\grep.exe
2014-02-02 07:28 - 2000-08-31 01:00 - 00068096 _____ () C:\WINDOWS\zip.exe
2014-02-02 07:24 - 2014-02-02 08:00 - 00000000 ____D () C:\Qoobox
2014-02-02 07:23 - 2014-02-02 07:57 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-02 07:22 - 2014-02-02 07:22 - 05179159 ____R (Swearware) C:\Users\Fabian\Downloads\ComboFix.exe
2014-02-01 23:13 - 2014-02-01 23:13 - 02367488 _____ () C:\Users\Fabian\Downloads\tightvnc-2.7.10-setup-64bit.msi
2014-02-01 19:24 - 2014-02-03 11:14 - 00015872 ___SH () C:\Users\Fabian\Desktop\Thumbs.db
2014-02-01 15:27 - 2014-02-01 15:28 - 00030182 _____ () C:\Users\Fabian\Downloads\Addition.txt
2014-02-01 15:26 - 2014-02-03 15:20 - 00022049 _____ () C:\Users\Fabian\Downloads\FRST.txt
2014-02-01 15:25 - 2014-02-03 15:20 - 00000000 ____D () C:\FRST
2014-01-31 19:11 - 2014-01-31 19:17 - 741343232 _____ () C:\Users\Fabian\Downloads\ubuntu-12.04.3-desktop-i386.iso
2014-01-29 15:52 - 2014-01-31 19:01 - 00000000 ____D () C:\Users\Fabian\Downloads\Ubuntu1204
2014-01-29 15:34 - 2014-01-29 15:42 - 805796465 ____R () C:\Users\Fabian\Downloads\ubuntu1204.zip
2014-01-29 15:30 - 2014-01-29 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-29 15:23 - 2014-01-29 15:23 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\PowerISO
2014-01-29 15:21 - 2014-01-29 15:21 - 00000000 ____D () C:\Users\Fabian\Documents\Virtual Machines
2014-01-29 15:16 - 2014-01-07 23:42 - 2962227200 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.img
2014-01-29 15:02 - 2014-01-29 15:14 - 817931404 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.zip
2014-01-29 14:58 - 2014-02-03 12:15 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\VMware
2014-01-29 14:58 - 2014-01-31 19:01 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VMware
2014-01-29 14:50 - 2014-02-03 12:22 - 00000000 ____D () C:\ProgramData\VMware
2014-01-29 14:47 - 2014-01-29 14:48 - 98508144 _____ (VMware, Inc.) C:\Users\Fabian\Downloads\VMware-player-6.0.1-1379776.exe
2014-01-28 20:28 - 2014-01-28 20:28 - 106322704 _____ (Oracle Corporation) C:\Users\Fabian\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-01-27 17:27 - 2014-01-27 17:27 - 00819176 _____ (Google Inc.) C:\Users\Fabian\Downloads\ChromeSetup.exe
2014-01-27 16:36 - 2014-01-27 16:36 - 48399371 _____ () C:\Users\Fabian\Downloads\FSX FlyTampa - St. Maarten.zip
2014-01-26 13:57 - 2014-01-26 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2014-01-26 13:49 - 2014-01-26 13:59 - 31415966 _____ () C:\Users\Fabian\Downloads\a380aiba380x.zip
2014-01-26 13:48 - 2014-01-26 13:56 - 41742644 _____ () C:\Users\Fabian\Downloads\pilatus_pc-7saf_v.2_swiss_airforce_fsx.zip
2014-01-26 13:39 - 2014-02-03 15:20 - 02080256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2014-01-26 09:15 - 2014-01-26 09:16 - 05874040 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de(1).exe
2014-01-25 16:41 - 2014-01-25 16:41 - 00650600 _____ () C:\Users\Fabian\Downloads\SP-Comic_Install.exe
2014-01-25 16:22 - 2014-01-25 16:24 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-01-25 16:21 - 2014-01-25 16:21 - 05930360 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de.exe
2014-01-25 16:19 - 2014-01-25 16:19 - 00228366 _____ () C:\Users\Fabian\Downloads\IBIS_droid_plugin_v1.0.ams
2014-01-25 16:16 - 2014-01-25 16:16 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup(1).zip
2014-01-25 12:47 - 2014-01-25 12:49 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU(1).msi
2014-01-25 12:38 - 2014-01-25 12:40 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU(1).exe
2014-01-25 12:36 - 2014-01-25 12:37 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU.msi
2014-01-25 12:33 - 2014-01-25 12:35 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU.exe
2014-01-25 12:11 - 2014-01-25 12:11 - 00000000 ____D () C:\Archivos de programa
2014-01-25 12:08 - 2014-01-25 12:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado's SKYLANE C182Q FSX
2014-01-25 12:03 - 2014-02-03 11:18 - 355589403 _____ () C:\Users\Fabian\Downloads\AS_APPROACHING-INNSBRUCK_FSX_V120.rar
2014-01-25 12:03 - 2014-02-03 11:16 - 46117489 _____ () C:\Users\Fabian\Downloads\FSX GAP2 Muster-Onsabruck.rar
2014-01-25 12:02 - 2014-01-25 12:03 - 39368702 _____ () C:\Users\Fabian\Downloads\Carenado PA28RT 201 Arrow IV.rar
2014-01-25 12:01 - 2014-01-25 12:03 - 167328894 _____ () C:\Users\Fabian\Downloads\Carenado CT206 HD FSX_Prepar3d.rar
2014-01-25 12:01 - 2014-01-25 12:02 - 59539491 _____ () C:\Users\Fabian\Downloads\Carenado - AC11 Commander 114.rar
2014-01-25 12:01 - 2014-01-25 12:01 - 27942161 _____ () C:\Users\Fabian\Downloads\Cessna 182Q Skylane FSX.rar
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-24 23:35 - 2014-01-24 23:39 - 64334583 _____ () C:\Users\Fabian\Downloads\Citaro-G-Sound.zip
2014-01-24 21:17 - 2014-01-31 19:38 - 00000000 ____D () C:\Users\Fabian\Documents\Flight Simulator X-Dateien
2014-01-24 20:55 - 2014-01-24 20:55 - 00000222 _____ () C:\Users\Fabian\Desktop\OMSI 2.url
2014-01-24 20:34 - 2014-01-24 20:34 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-01-24 19:33 - 2014-01-27 17:13 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa
2014-01-24 19:31 - 2010-06-26 15:42 - 00000226 _____ () C:\Users\Fabian\Downloads\Leia-me.txt
2014-01-24 19:31 - 2010-06-26 15:31 - 103859111 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.exe
2014-01-24 19:26 - 2011-10-26 13:54 - 14859848 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.ptp
2014-01-24 19:25 - 2014-01-24 19:25 - 14851912 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.zip
2014-01-24 15:36 - 2014-01-24 15:37 - 73578015 _____ () C:\Users\Fabian\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-01-24 15:28 - 2014-01-24 15:28 - 06072408 _____ (TeamViewer GmbH) C:\Users\Fabian\Downloads\TeamViewer_Setup_de-ckc.exe
2014-01-23 22:39 - 2014-01-23 22:39 - 00280744 _____ () C:\WINDOWS\Minidump\012314-68999-01.dmp
2014-01-23 22:39 - 2014-01-23 22:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-23 22:38 - 2014-01-23 22:38 - 611501992 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-23 13:33 - 2014-01-23 13:33 - 00041504 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-01-22 18:08 - 2014-02-01 10:16 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ArmA 2
2014-01-22 18:08 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-22 17:23 - 2014-01-22 17:23 - 00000221 _____ () C:\Users\Fabian\Desktop\Arma 2.url
2014-01-21 19:20 - 2014-01-21 19:20 - 00000000 ____D () C:\ProgramData\OMSI AM
2014-01-21 19:14 - 2014-01-25 16:17 - 00000000 ____D () C:\Program Files (x86)\OMSI Addon Manager
2014-01-21 19:14 - 2014-01-21 19:14 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup.zip
2014-01-21 19:14 - 2014-01-21 19:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\OMSI AM
2014-01-21 17:08 - 2014-01-21 17:08 - 103852119 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.zip
2014-01-21 16:54 - 2014-01-21 16:54 - 01382800 _____ () C:\Users\Fabian\Downloads\VP-Galactic_Install.exe
2014-01-21 16:46 - 2014-01-21 16:46 - 00777576 _____ () C:\Users\Fabian\Downloads\VP-SciFi_Install.exe
2014-01-21 16:32 - 2014-01-25 16:24 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Screaming Bee
2014-01-21 16:29 - 2014-01-25 16:41 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-01-21 16:27 - 2014-01-21 16:27 - 02970992 _____ () C:\Users\Fabian\Downloads\MorphVOXJunior_Install-1.exe
2014-01-21 14:57 - 2014-01-21 14:57 - 00278503 _____ () C:\Users\Fabian\Downloads\Community ENB.rar
2014-01-20 22:33 - 2014-01-20 22:33 - 01110476 _____ () C:\Users\Fabian\Downloads\7z920.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-20 22:24 - 2014-01-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-01-20 22:23 - 2014-01-20 22:23 - 05556306 _____ (Jared Breland ) C:\Users\Fabian\Downloads\uniextract161.exe
2014-01-20 20:12 - 2014-01-30 17:14 - 00134656 ___SH () C:\Users\Fabian\Downloads\Thumbs.db
2014-01-20 18:04 - 2014-01-20 18:09 - 00000811 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-01-20 18:04 - 2014-01-20 18:04 - 00000000 ____D () C:\Aerosoft
2014-01-20 12:24 - 2014-01-20 12:24 - 00002599 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Pictures Download Manager.lnk
2014-01-20 12:24 - 2014-01-20 12:24 - 00002569 _____ () C:\Users\Fabian\Desktop\Sony Pictures Download Manager.lnk
2014-01-19 10:28 - 2013-12-22 12:34 - 326440960 _____ () C:\Users\Fabian\Desktop\r1_k2333_voice_9987_15499
2014-01-19 09:51 - 2013-12-22 12:35 - 261312559 _____ () C:\Users\Fabian\Desktop\r1_k2333_voice_9987_15499.tar
2014-01-18 16:10 - 2014-01-18 16:11 - 158257304 _____ (GIANTS Software ) C:\Users\Fabian\Downloads\SkiRegionSimulator2012DemoDE.exe
2014-01-16 18:53 - 2014-01-16 18:53 - 00003408 _____ () C:\WINDOWS\System32\Tasks\aviraSWU
2014-01-16 18:53 - 2014-01-16 18:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Avira
2014-01-16 18:49 - 2014-01-16 18:53 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-01-16 18:49 - 2013-12-18 09:32 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2014-01-16 18:49 - 2013-12-18 09:32 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2014-01-16 18:49 - 2013-12-18 09:32 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2014-01-15 18:19 - 2013-12-07 07:37 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-01-15 18:19 - 2013-12-07 07:37 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:19 - 2013-12-07 06:15 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-01-15 18:19 - 2013-12-07 06:15 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-15 18:19 - 2013-10-31 06:56 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2014-01-15 18:19 - 2013-10-31 06:56 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2014-01-15 18:19 - 2013-10-31 05:01 - 00550400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2014-01-15 18:19 - 2013-10-31 04:42 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mpsdrv.sys
2014-01-15 18:19 - 2013-10-28 06:50 - 00588288 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-01-15 18:19 - 2013-10-28 05:05 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-01-15 18:19 - 2013-10-13 21:49 - 00100696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2014-01-15 18:19 - 2013-08-27 06:21 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-01-15 18:19 - 2013-08-27 06:19 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-01-15 18:19 - 2013-08-26 23:29 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-01-15 18:19 - 2013-08-26 23:28 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Quest3D
2014-01-14 20:01 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\Documents\ShipSimExtremes Userdata
2014-01-14 20:01 - 2014-01-14 20:01 - 00001169 _____ () C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
2014-01-14 20:01 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ship Simulator Extremes
2014-01-14 19:50 - 2014-01-14 19:50 - 00000000 ____D () C:\Program Files (x86)\Vstep
2014-01-12 12:48 - 2008-08-15 15:43 - 00034304 _____ (Thrustmaster) C:\WINDOWS\SysWOW64\tmffbdrv.dll
2014-01-12 12:48 - 2008-08-15 15:42 - 00041984 _____ (Thrustmaster) C:\WINDOWS\system32\tmffbdrv.dll
2014-01-12 12:48 - 2008-08-15 09:30 - 00276992 _____ (Thrustmaster) C:\WINDOWS\system32\tmffbcpl.dll
2014-01-12 12:48 - 2008-08-15 09:30 - 00241664 _____ (Thrustmaster) C:\WINDOWS\SysWOW64\tmffbcpl.dll
2014-01-12 12:36 - 2005-01-28 11:49 - 00106496 _____ (Guillemot Corporation) C:\WINDOWS\SysWOW64\GUStrLib.dll
2014-01-12 12:36 - 2003-03-19 00:20 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFC71.dll
2014-01-12 12:29 - 2014-01-12 12:48 - 00000000 ____D () C:\Program Files (x86)\Thrustmaster
2014-01-12 12:18 - 2007-01-20 04:44 - 00208304 _____ (Macrovision Corporation) C:\WINDOWS\system32\isrt.dll
2014-01-12 12:18 - 2006-05-16 15:07 - 00099840 _____ (Macrovision Corporation) C:\WINDOWS\system32\_IsRes.dll
2014-01-10 23:56 - 2014-01-10 23:56 - 00000000 ____D () C:\Users\Fabian\Documents\SH3
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Program Files (x86)\GameShadow
2014-01-10 23:45 - 2014-01-10 23:46 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-01-10 23:04 - 2014-01-10 23:04 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Nexway
2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D () C:\Program Files\CPUID
2014-01-10 18:35 - 2014-01-10 18:35 - 00000000 ____D () C:\Games
2014-01-06 18:39 - 2014-01-06 18:39 - 00000000 ____D () C:\ProgramData\HP
2014-01-06 18:28 - 2014-01-06 18:28 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 18:27 - 2014-01-06 18:27 - 00087704 _____ () C:\WINDOWS\cadkasdeinst01.exe
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Schule\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Gast\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\fbwuser\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Administrator\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-01-06 12:48 - 2014-01-06 12:48 - 00001353 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Craften Terminal.lnk
2014-01-06 12:30 - 2014-01-06 12:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 12:30 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Craften.de
2014-01-04 14:33 - 2014-01-04 14:33 - 00003032 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdater_UPDATES
2014-01-04 14:32 - 2014-01-11 14:38 - 00003154 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\WinZip
2014-01-04 14:31 - 2014-01-11 14:41 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer
2014-01-04 14:31 - 2014-01-04 16:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\FileZilla
2014-01-04 14:31 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Nico Mak Computing
2014-01-04 10:31 - 2014-02-03 11:54 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\.minecraft
==================== One Month Modified Files and Folders =======
2014-02-03 15:21 - 2014-02-01 15:26 - 00022049 _____ () C:\Users\Fabian\Downloads\FRST.txt
2014-02-03 15:20 - 2014-02-03 15:20 - 00000000 ____D () C:\Users\Fabian\Downloads\FRST-OlderVersion
2014-02-03 15:20 - 2014-02-01 15:25 - 00000000 ____D () C:\FRST
2014-02-03 15:20 - 2014-01-26 13:39 - 02080256 _____ (Farbar) C:\Users\Fabian\Downloads\FRST64.exe
2014-02-03 15:20 - 2013-10-26 19:02 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\TS3Client
2014-02-03 15:16 - 2014-02-03 15:16 - 00002965 _____ () C:\Users\Fabian\Desktop\JRT.txt
2014-02-03 15:09 - 2013-10-26 20:56 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-02-03 15:07 - 2014-02-03 15:07 - 01037068 _____ (Thisisu) C:\Users\Fabian\Downloads\JRT.exe
2014-02-03 15:07 - 2014-02-03 15:07 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-02-03 15:06 - 2013-10-26 18:29 - 01114915 _____ () C:\WINDOWS\WindowsUpdate.log
2014-02-03 15:05 - 2013-10-26 18:45 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-03 15:00 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-02-03 14:55 - 2014-02-03 14:55 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-02-03 14:55 - 2014-02-03 13:02 - 00003136 _____ () C:\WINDOWS\System32\Tasks\FRAPS
2014-02-03 14:55 - 2013-10-26 13:08 - 00000000 ____D () C:\Fraps
2014-02-03 14:53 - 2013-12-30 17:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\LogMeIn Hamachi
2014-02-03 14:52 - 2013-10-26 18:45 - 00001120 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 14:52 - 2012-07-26 08:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-02-03 14:51 - 2012-07-26 06:26 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-02-03 14:50 - 2014-02-03 14:48 - 00000000 ____D () C:\AdwCleaner
2014-02-03 14:47 - 2014-02-03 14:47 - 01166132 _____ () C:\Users\Fabian\Downloads\adwcleaner.exe
2014-02-03 14:38 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-03 14:36 - 2012-08-03 23:23 - 00327028 _____ () C:\WINDOWS\PFRO.log
2014-02-03 14:23 - 2013-10-26 18:43 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3660341198-1247186543-1459392912-1002
2014-02-03 13:26 - 2014-02-02 17:49 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\vlc
2014-02-03 13:20 - 2013-11-29 19:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Skype
2014-02-03 13:01 - 2014-02-03 13:01 - 00000606 _____ () C:\Users\Public\Desktop\Fraps.lnk
2014-02-03 13:00 - 2014-02-03 13:00 - 02624200 _____ () C:\Users\Fabian\Downloads\Fraps_v3.5.9_Build_15586.rar
2014-02-03 12:52 - 2014-02-03 12:52 - 02632904 _____ () C:\Users\Fabian\Downloads\F_v3.5.99.zip
2014-02-03 12:50 - 2012-08-30 11:46 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-03 12:43 - 2014-02-03 12:39 - 00000000 ____D () C:\ProgramData\TechSmith
2014-02-03 12:43 - 2013-10-26 18:11 - 00000000 ____D () C:\Users\Fabian
2014-02-03 12:41 - 2014-02-03 12:41 - 00000000 ____D () C:\Users\Fabian\Documents\Camtasia Studio
2014-02-03 12:39 - 2014-02-03 12:39 - 00000000 ____D () C:\Program Files (x86)\TechSmith
2014-02-03 12:33 - 2014-02-03 12:29 - 175040512 _____ () C:\Users\Fabian\Downloads\camtasiade.msi
2014-02-03 12:28 - 2013-12-04 09:21 - 00000000 ____D () C:\Program Files (x86)\Microsoft Games
2014-02-03 12:27 - 2013-11-25 20:45 - 00000000 ____D () C:\Program Files (x86)\SunnymediaClient
2014-02-03 12:22 - 2014-01-29 14:50 - 00000000 ____D () C:\ProgramData\VMware
2014-02-03 12:22 - 2012-08-30 21:00 - 00840126 _____ () C:\WINDOWS\system32\perfh007.dat
2014-02-03 12:22 - 2012-08-30 21:00 - 00192632 _____ () C:\WINDOWS\system32\perfc007.dat
2014-02-03 12:15 - 2014-01-29 14:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\VMware
2014-02-03 12:07 - 2013-11-01 19:48 - 00000000 ____D () C:\Users\Fabian\Documents\My Games
2014-02-03 11:54 - 2014-01-04 10:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\.minecraft
2014-02-03 11:51 - 2013-10-26 18:48 - 00000600 _____ () C:\Users\Fabian\AppData\Roaming\winscp.rnd
2014-02-03 11:18 - 2014-01-25 12:03 - 355589403 _____ () C:\Users\Fabian\Downloads\AS_APPROACHING-INNSBRUCK_FSX_V120.rar
2014-02-03 11:16 - 2014-01-25 12:03 - 46117489 _____ () C:\Users\Fabian\Downloads\FSX GAP2 Muster-Onsabruck.rar
2014-02-03 11:14 - 2014-02-01 19:24 - 00015872 ___SH () C:\Users\Fabian\Desktop\Thumbs.db
2014-02-03 11:13 - 2014-02-03 11:13 - 00074177 _____ () C:\Users\Fabian\Downloads\FRAPS19D.EXE
2014-02-03 10:14 - 2014-02-03 10:14 - 00001147 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Malwarebytes
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-03 10:14 - 2014-02-03 10:14 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-03 10:09 - 2014-02-03 10:09 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Fabian\Downloads\mbam-setup-1.75.0.1300.exe
2014-02-03 10:03 - 2013-08-26 12:45 - 00002190 ____H () C:\Users\Fabian\Documents\Default.rdp
2014-02-02 23:44 - 2013-10-26 19:21 - 00000600 _____ () C:\Users\Fabian\AppData\Local\PUTTY.RND
2014-02-02 23:03 - 2014-02-02 23:03 - 30022170 _____ () C:\Users\Fabian\Downloads\firefox-26.0.tar.bz2
2014-02-02 17:19 - 2014-02-02 17:19 - 00000905 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-02-02 17:18 - 2014-02-02 17:18 - 23884615 _____ () C:\Users\Fabian\Downloads\vlc-2.1.2-win64.exe
2014-02-02 17:18 - 2014-02-02 17:18 - 00000000 ____D () C:\Program Files\VideoLAN
2014-02-02 17:16 - 2014-02-02 17:15 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\avidemux
2014-02-02 17:15 - 2014-02-02 17:15 - 00001075 _____ () C:\Users\Public\Desktop\Avidemux 2.6 (32-bit).lnk
2014-02-02 17:15 - 2014-02-02 17:14 - 00000000 ____D () C:\Program Files (x86)\Avidemux 2.6
2014-02-02 17:13 - 2014-02-02 17:13 - 17848828 _____ () C:\Users\Fabian\Downloads\avidemux_2.6.7_win32.exe
2014-02-02 16:05 - 2014-02-02 15:37 - 1860451319 _____ () C:\Users\Fabian\Downloads\FEX2-Setup.exe
2014-02-02 16:04 - 2013-10-30 11:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\uTorrent
2014-02-02 15:57 - 2014-02-02 13:04 - 00000308 _____ () C:\Users\Fabian\Downloads\DCrack Readme.txt
2014-02-02 15:44 - 2013-10-26 20:17 - 00000000 ____D () C:\Users\Fabian\AppData\Local\CrashDumps
2014-02-02 15:40 - 2014-02-02 15:40 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\BANDISOFT
2014-02-02 15:39 - 2014-02-02 15:39 - 00000000 ____D () C:\Program Files (x86)\BandiMPEG1
2014-02-02 15:37 - 2014-02-02 15:37 - 00000000 ____D () C:\Users\Fabian\Downloads\Crack
2014-02-02 15:37 - 2014-02-02 15:37 - 00000000 ____D () C:\Users\Fabian\Downloads\Bandicam v1.9.2.454 FULL+Keygen {Cyclonoid}
2014-02-02 15:31 - 2014-02-02 15:31 - 00013990 _____ () C:\Users\Fabian\Downloads\flt1chk4.dll
2014-02-02 14:57 - 2014-02-02 14:57 - 00001084 _____ () C:\Users\Fabian\Desktop\VNC-Viewer-5.1.0-Windows-64bit - Verknüpfung.lnk
2014-02-02 12:28 - 2014-02-02 12:27 - 47097488 _____ () C:\Users\Fabian\Downloads\ts3_recording_14_02_02_6_19_23.wav
2014-02-02 09:42 - 2014-02-02 09:42 - 00000000 ____D () C:\Users\Fabian\AppData\Local\RealVNC
2014-02-02 09:41 - 2014-02-02 09:41 - 03215168 _____ (RealVNC Ltd) C:\Users\Fabian\Desktop\VNC-Viewer-5.1.0-Windows-64bit.exe
2014-02-02 09:24 - 2014-02-02 09:24 - 00662448 _____ (GlavSoft LLC.) C:\Users\Fabian\Downloads\tightvnc-2.0.4-setup.exe
2014-02-02 08:00 - 2014-02-02 08:00 - 00037394 _____ () C:\ComboFix.txt
2014-02-02 08:00 - 2014-02-02 07:24 - 00000000 ____D () C:\Qoobox
2014-02-02 07:57 - 2014-02-02 07:23 - 00000000 ____D () C:\WINDOWS\erdnt
2014-02-02 07:55 - 2012-07-26 06:26 - 00000215 _____ () C:\WINDOWS\system.ini
2014-02-02 07:22 - 2014-02-02 07:22 - 05179159 ____R (Swearware) C:\Users\Fabian\Downloads\ComboFix.exe
2014-02-01 23:13 - 2014-02-01 23:13 - 02367488 _____ () C:\Users\Fabian\Downloads\tightvnc-2.7.10-setup-64bit.msi
2014-02-01 23:13 - 2013-11-13 22:52 - 00000000 ____D () C:\Program Files\TightVNC
2014-02-01 15:28 - 2014-02-01 15:27 - 00030182 _____ () C:\Users\Fabian\Downloads\Addition.txt
2014-02-01 13:24 - 2013-11-01 16:42 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-02-01 10:16 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Local\ArmA 2
2014-01-31 21:26 - 2013-08-04 19:05 - 00000000 ____D () C:\Users\Fabian\.VirtualBox
2014-01-31 19:38 - 2014-01-24 21:17 - 00000000 ____D () C:\Users\Fabian\Documents\Flight Simulator X-Dateien
2014-01-31 19:18 - 2013-08-04 19:06 - 00000000 ____D () C:\Users\Fabian\VirtualBox VMs
2014-01-31 19:17 - 2014-01-31 19:11 - 741343232 _____ () C:\Users\Fabian\Downloads\ubuntu-12.04.3-desktop-i386.iso
2014-01-31 19:01 - 2014-01-29 15:52 - 00000000 ____D () C:\Users\Fabian\Downloads\Ubuntu1204
2014-01-31 19:01 - 2014-01-29 14:58 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VMware
2014-01-30 17:14 - 2014-01-20 20:12 - 00134656 ___SH () C:\Users\Fabian\Downloads\Thumbs.db
2014-01-29 15:42 - 2014-01-29 15:34 - 805796465 ____R () C:\Users\Fabian\Downloads\ubuntu1204.zip
2014-01-29 15:30 - 2014-01-29 15:30 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2014-01-29 15:23 - 2014-01-29 15:23 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\PowerISO
2014-01-29 15:21 - 2014-01-29 15:21 - 00000000 ____D () C:\Users\Fabian\Documents\Virtual Machines
2014-01-29 15:14 - 2014-01-29 15:02 - 817931404 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.zip
2014-01-29 14:51 - 2012-08-03 23:40 - 02005988 _____ () C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2014-01-29 14:48 - 2014-01-29 14:47 - 98508144 _____ (VMware, Inc.) C:\Users\Fabian\Downloads\VMware-player-6.0.1-1379776.exe
2014-01-28 20:31 - 2012-07-26 08:28 - 01976542 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-01-28 20:30 - 2013-10-26 18:31 - 00000000 ____D () C:\Users\Fabian\AppData\Local\VirtualStore
2014-01-28 20:28 - 2014-01-28 20:28 - 106322704 _____ (Oracle Corporation) C:\Users\Fabian\Downloads\VirtualBox-4.3.6-91406-Win.exe
2014-01-27 17:27 - 2014-01-27 17:27 - 00819176 _____ (Google Inc.) C:\Users\Fabian\Downloads\ChromeSetup.exe
2014-01-27 17:13 - 2014-01-24 19:33 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FlyTampa
2014-01-27 16:36 - 2014-01-27 16:36 - 48399371 _____ () C:\Users\Fabian\Downloads\FSX FlyTampa - St. Maarten.zip
2014-01-26 21:31 - 2013-12-15 22:08 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
2014-01-26 21:31 - 2013-12-15 22:07 - 00000000 _____ () C:\WINDOWS\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-01-26 13:59 - 2014-01-26 13:49 - 31415966 _____ () C:\Users\Fabian\Downloads\a380aiba380x.zip
2014-01-26 13:57 - 2014-01-26 13:57 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rikoooo Add-ons
2014-01-26 13:56 - 2014-01-26 13:48 - 41742644 _____ () C:\Users\Fabian\Downloads\pilatus_pc-7saf_v.2_swiss_airforce_fsx.zip
2014-01-26 09:16 - 2014-01-26 09:15 - 05874040 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de(1).exe
2014-01-25 16:41 - 2014-01-25 16:41 - 00650600 _____ () C:\Users\Fabian\Downloads\SP-Comic_Install.exe
2014-01-25 16:41 - 2014-01-21 16:29 - 00000000 ____D () C:\Program Files (x86)\Screaming Bee
2014-01-25 16:24 - 2014-01-25 16:22 - 00000000 ____D () C:\ProgramData\Screaming Bee
2014-01-25 16:24 - 2014-01-21 16:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Screaming Bee
2014-01-25 16:22 - 2012-07-26 08:21 - 00049771 _____ () C:\WINDOWS\setupact.log
2014-01-25 16:21 - 2014-01-25 16:21 - 05930360 _____ () C:\Users\Fabian\Downloads\MorphVOXPro4_Install-1.de.exe
2014-01-25 16:19 - 2014-01-25 16:19 - 00228366 _____ () C:\Users\Fabian\Downloads\IBIS_droid_plugin_v1.0.ams
2014-01-25 16:17 - 2014-01-21 19:14 - 00000000 ____D () C:\Program Files (x86)\OMSI Addon Manager
2014-01-25 16:17 - 2013-10-26 18:35 - 00000000 ___RD () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-25 16:16 - 2014-01-25 16:16 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup(1).zip
2014-01-25 12:58 - 2012-08-30 11:56 - 00286005 _____ () C:\WINDOWS\DirectX.log
2014-01-25 12:52 - 2013-12-13 20:00 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Microsoft Game Studios
2014-01-25 12:49 - 2014-01-25 12:47 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU(1).msi
2014-01-25 12:40 - 2014-01-25 12:38 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU(1).exe
2014-01-25 12:37 - 2014-01-25 12:36 - 174078464 _____ () C:\Users\Fabian\Downloads\fsx_sp2_DEU.msi
2014-01-25 12:35 - 2014-01-25 12:33 - 227341208 _____ (Microsoft Corporation) C:\Users\Fabian\Downloads\fsx_sp1_DEU.exe
2014-01-25 12:11 - 2014-01-25 12:11 - 00000000 ____D () C:\Archivos de programa
2014-01-25 12:08 - 2014-01-25 12:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Carenado's SKYLANE C182Q FSX
2014-01-25 12:03 - 2014-01-25 12:02 - 39368702 _____ () C:\Users\Fabian\Downloads\Carenado PA28RT 201 Arrow IV.rar
2014-01-25 12:03 - 2014-01-25 12:01 - 167328894 _____ () C:\Users\Fabian\Downloads\Carenado CT206 HD FSX_Prepar3d.rar
2014-01-25 12:02 - 2014-01-25 12:01 - 59539491 _____ () C:\Users\Fabian\Downloads\Carenado - AC11 Commander 114.rar
2014-01-25 12:01 - 2014-01-25 12:01 - 27942161 _____ () C:\Users\Fabian\Downloads\Cessna 182Q Skylane FSX.rar
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-01-25 08:30 - 2014-01-25 08:30 - 00000000 ____D () C:\Program Files (x86)\McAfee Security Scan
2014-01-25 08:30 - 2013-10-26 20:56 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-01-25 08:30 - 2013-10-26 20:54 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Adobe
2014-01-25 08:16 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-01-25 08:04 - 2013-12-14 13:48 - 00470976 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-01-24 23:39 - 2014-01-24 23:35 - 64334583 _____ () C:\Users\Fabian\Downloads\Citaro-G-Sound.zip
2014-01-24 20:55 - 2014-01-24 20:55 - 00000222 _____ () C:\Users\Fabian\Desktop\OMSI 2.url
2014-01-24 20:55 - 2013-11-01 16:58 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-01-24 20:34 - 2014-01-24 20:34 - 00000000 ____D () C:\WINDOWS\PCHEALTH
2014-01-24 20:33 - 2013-08-05 21:56 - 00000000 ____D () C:\FSXTMP
2014-01-24 19:25 - 2014-01-24 19:25 - 14851912 _____ () C:\Users\Fabian\Downloads\PMDG_737NGX_800WL_OS1.zip
2014-01-24 15:37 - 2014-01-24 15:36 - 73578015 _____ () C:\Users\Fabian\Downloads\Omsi2.ru_Mercedes_o530G.7z
2014-01-24 15:28 - 2014-01-24 15:28 - 06072408 _____ (TeamViewer GmbH) C:\Users\Fabian\Downloads\TeamViewer_Setup_de-ckc.exe
2014-01-24 15:28 - 2013-10-26 20:49 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2014-01-23 22:39 - 2014-01-23 22:39 - 00280744 _____ () C:\WINDOWS\Minidump\012314-68999-01.dmp
2014-01-23 22:39 - 2014-01-23 22:39 - 00000000 ____D () C:\WINDOWS\Minidump
2014-01-23 22:38 - 2014-01-23 22:38 - 611501992 _____ () C:\WINDOWS\MEMORY.DMP
2014-01-23 17:53 - 2013-12-02 21:02 - 00000000 ____D () C:\ProgramData\BlueStacksSetup
2014-01-23 13:33 - 2014-01-23 13:33 - 00041504 ____H (LogMeIn Inc.) C:\WINDOWS\system32\Drivers\Hamdrv.sys
2014-01-22 18:08 - 2014-01-22 18:08 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
2014-01-22 18:08 - 2013-10-24 21:26 - 00000000 ____D () C:\Users\Fabian\Documents\ArmA 2
2014-01-22 17:23 - 2014-01-22 17:23 - 00000221 _____ () C:\Users\Fabian\Desktop\Arma 2.url
2014-01-21 19:20 - 2014-01-21 19:20 - 00000000 ____D () C:\ProgramData\OMSI AM
2014-01-21 19:14 - 2014-01-21 19:14 - 00749962 _____ () C:\Users\Fabian\Downloads\OMSI_AM_1.2.4_Setup.zip
2014-01-21 19:14 - 2014-01-21 19:14 - 00000000 ____D () C:\Users\Fabian\AppData\Local\OMSI AM
2014-01-21 17:08 - 2014-01-21 17:08 - 103852119 _____ () C:\Users\Fabian\Downloads\FSX - FlyTampa Vienna.zip
2014-01-21 16:54 - 2014-01-21 16:54 - 01382800 _____ () C:\Users\Fabian\Downloads\VP-Galactic_Install.exe
2014-01-21 16:46 - 2014-01-21 16:46 - 00777576 _____ () C:\Users\Fabian\Downloads\VP-SciFi_Install.exe
2014-01-21 16:27 - 2014-01-21 16:27 - 02970992 _____ () C:\Users\Fabian\Downloads\MorphVOXJunior_Install-1.exe
2014-01-21 14:57 - 2014-01-21 14:57 - 00278503 _____ () C:\Users\Fabian\Downloads\Community ENB.rar
2014-01-20 22:33 - 2014-01-20 22:33 - 01110476 _____ () C:\Users\Fabian\Downloads\7z920.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-01-20 22:24 - 2014-01-20 22:24 - 00000000 ____D () C:\Program Files (x86)\Universal Extractor
2014-01-20 22:23 - 2014-01-20 22:23 - 05556306 _____ (Jared Breland ) C:\Users\Fabian\Downloads\uniextract161.exe
2014-01-20 18:09 - 2014-01-20 18:04 - 00000811 _____ () C:\Users\Public\Desktop\Aerosoft Launcher.lnk
2014-01-20 18:04 - 2014-01-20 18:04 - 00000000 ____D () C:\Aerosoft
2014-01-20 12:24 - 2014-01-20 12:24 - 00002599 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sony Pictures Download Manager.lnk
2014-01-20 12:24 - 2014-01-20 12:24 - 00002569 _____ () C:\Users\Fabian\Desktop\Sony Pictures Download Manager.lnk
2014-01-18 16:11 - 2014-01-18 16:10 - 158257304 _____ (GIANTS Software ) C:\Users\Fabian\Downloads\SkiRegionSimulator2012DemoDE.exe
2014-01-18 12:13 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\rescache
2014-01-17 23:23 - 2013-10-30 11:18 - 00000000 ____D () C:\Users\Fabian\Downloads\Grand Theft Auto IV full game PC + Multiplayer ^^nosTEAM^^
2014-01-17 23:23 - 2013-09-03 15:34 - 00000000 ____D () C:\Users\Fabian\Downloads\accord-ember
2014-01-17 23:23 - 2013-09-02 19:40 - 00000000 ____D () C:\Users\Fabian\Downloads\Upload
2014-01-17 23:23 - 2013-09-02 19:40 - 00000000 ____D () C:\Users\Fabian\Downloads\Documentation
2014-01-17 23:23 - 2013-08-24 15:06 - 00000000 ____D () C:\Users\Fabian\Downloads\moyoo_sky_blue
2014-01-17 23:23 - 2013-08-23 18:28 - 00000000 ____D () C:\Users\Fabian\Downloads\Tor Browser
2014-01-17 16:07 - 2013-12-01 08:15 - 00000000 ____D () C:\Program Files\CyberGhost 5
2014-01-16 18:53 - 2014-01-16 18:53 - 00003408 _____ () C:\WINDOWS\System32\Tasks\aviraSWU
2014-01-16 18:53 - 2014-01-16 18:53 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Avira
2014-01-16 18:53 - 2014-01-16 18:49 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-01-16 18:49 - 2014-01-16 18:49 - 00000000 ____D () C:\ProgramData\Avira
2014-01-16 18:22 - 2012-07-26 09:12 - 00000000 ____D () C:\WINDOWS\WinStore
2014-01-15 20:39 - 2013-10-28 22:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-01-15 20:34 - 2013-10-28 22:51 - 86054176 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-01-15 18:35 - 2013-11-14 00:00 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-01-14 20:04 - 2014-01-14 20:04 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Quest3D
2014-01-14 20:04 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\Documents\ShipSimExtremes Userdata
2014-01-14 20:01 - 2014-01-14 20:01 - 00001169 _____ () C:\Users\Public\Desktop\Ship Simulator Extremes.lnk
2014-01-14 20:01 - 2014-01-14 20:01 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ship Simulator Extremes
2014-01-14 19:50 - 2014-01-14 19:50 - 00000000 ____D () C:\Program Files (x86)\Vstep
2014-01-12 12:48 - 2014-01-12 12:29 - 00000000 ____D () C:\Program Files (x86)\Thrustmaster
2014-01-11 15:14 - 2013-08-02 18:12 - 00000000 ____D () C:\Users\Fabian\Documents\Bluetooth Folder
2014-01-11 14:44 - 2013-12-02 09:55 - 00000000 ____D () C:\ProgramData\Ashampoo
2014-01-11 14:41 - 2014-01-04 14:31 - 00003136 _____ () C:\WINDOWS\System32\Tasks\Registry Optimizer
2014-01-11 14:38 - 2014-01-04 14:32 - 00003154 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdaterRunAtStartup
2014-01-10 23:56 - 2014-01-10 23:56 - 00000000 ____D () C:\Users\Fabian\Documents\SH3
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
2014-01-10 23:52 - 2014-01-10 23:52 - 00000000 ____D () C:\Program Files (x86)\GameShadow
2014-01-10 23:52 - 2013-12-13 15:20 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-01-10 23:46 - 2014-01-10 23:45 - 00000000 ____D () C:\Program Files (x86)\Ubisoft
2014-01-10 23:04 - 2014-01-10 23:04 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Nexway
2014-01-10 21:11 - 2014-01-10 21:11 - 00000000 ____D () C:\Program Files\CPUID
2014-01-10 18:48 - 2013-10-26 18:49 - 00000338 _____ () C:\Users\Fabian\Desktop\Root.txt
2014-01-10 18:35 - 2014-01-10 18:35 - 00000000 ____D () C:\Games
2014-01-10 18:35 - 2013-10-28 13:35 - 00000000 ___HD () C:\WINDOWS\msdownld.tmp
2014-01-10 18:35 - 2013-10-28 13:35 - 00000000 ____D () C:\WINDOWS\SysWOW64\directx
2014-01-09 09:02 - 2013-11-13 23:28 - 00694240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-01-09 09:02 - 2013-11-13 23:28 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-07 23:42 - 2014-01-29 15:16 - 2962227200 _____ () C:\Users\Fabian\Downloads\2014-01-07-wheezy-raspbian.img
2014-01-06 18:42 - 2013-10-26 18:31 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Packages
2014-01-06 18:39 - 2014-01-06 18:39 - 00000000 ____D () C:\ProgramData\HP
2014-01-06 18:28 - 2014-01-06 18:28 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\CAD-KAS
2014-01-06 18:27 - 2014-01-06 18:27 - 00087704 _____ () C:\WINDOWS\cadkasdeinst01.exe
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Schule\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Gast\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\fbwuser\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00001068 _____ () C:\Users\Administrator\Desktop\PDF Editor 4.0.lnk
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF Editor 4.0
2014-01-06 18:27 - 2014-01-06 18:27 - 00000000 ____D () C:\Program Files (x86)\PDF Editor 4
2014-01-06 12:58 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Craften Terminal
2014-01-06 12:48 - 2014-01-06 12:48 - 00001353 _____ () C:\Users\Fabian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Craften Terminal.lnk
2014-01-06 12:30 - 2014-01-06 12:30 - 00000000 ____D () C:\Users\Fabian\AppData\Local\Craften.de
2014-01-04 16:53 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\FileZilla
2014-01-04 14:33 - 2014-01-04 14:33 - 00003032 _____ () C:\WINDOWS\System32\Tasks\WinZipDriverUpdater_UPDATES
2014-01-04 14:32 - 2014-01-04 14:32 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\WinZip
2014-01-04 14:31 - 2014-01-04 14:31 - 00000000 ____D () C:\Users\Fabian\AppData\Roaming\Nico Mak Computing
Some content of TEMP:
====================
C:\Users\Fabian\AppData\Local\Temp\avgnt.exe
C:\Users\Fabian\AppData\Local\Temp\bdfilters.dll
C:\Users\Fabian\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-27 15:06
==================== End Of Log ============================
--- --- --- |
|
04.02.2014, 10:23
| #8 |
| /// the machine /// TB-Ausbilder | [WINDOWS 8] Komischer Chinesische Eintrag unter DiensteESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu [WINDOWS 8] Komischer Chinesische Eintrag unter Dienste |
| avira, beschädigt, bildschirm, booten, check, dateien, dienst, einfach, forum, gelöscht, guten, neustarten, nichts, prozess, pup.optional.babylon.a, pup.optional.browsefox.a, pup.optional.conduit, pup.optional.conduit.a, pup.optional.hao123.a, pup.optional.opencandy, pup.optional.sweetim, pup.optional.websparkle.a, taskmanager, windows, zufällig |
![[WINDOWS 8] Komischer Chinesische Eintrag unter Dienste](iconimages/plagegeister-aller-art-deren-bekaempfung/windows-8-komischer-chinesische-eintrag-dienste_ltr.gif)
Linear-Darstellung
