| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Audiowerbung auf dem PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.03.2014, 11:28
| #1 |
 |  Audiowerbung auf dem PC Guten Tag Seit einigen Tagen habe ich das Problem, dass mein PC von irgendwoher im Hintergrund Audiowerbung abspielt. Kurios ist, dass ich mir in dieser Zeit lediglich die Spielerweiterung "Nehrim" von chip.de, sowie einige Videos heruntergeladen habe (Nichts illegales). Nachdem ich diese Werbung zum ersten Mal bemerkte habe ich Antivir sowie Malwarebytes durchlaufen lassen, danach war einige Zeit lang Ruhe, heute ging es leider wieder los. Hier meine Logs: FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by Christoph (administrator) on CHRISTOPH-PC on 28-03-2014 10:54:22 Running from C:\Users\Christoph\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\Windows\SysWOW64\PnkBstrA.exe (www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe () C:\Program Files (x86)\puush\puush.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe () C:\Program Files\Rainmeter\Rainmeter.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe (Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\javaw.exe (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\SeaPort.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (BitTorrent Inc.) C:\Users\Christoph\AppData\Roaming\uTorrent\uTorrent.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe (Microsoft Corporation) C:\Windows\SysWOW64\NOTEPAD.EXE (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe () C:\Users\Christoph\Downloads\Defogger.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-07-19] (Intel Corporation) HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.) HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2013-09-03] () HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [OscarEditor] - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] () HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2013-09-03] () HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation) HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OscarEditor] - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] () HKU\S-1-5-21-2001810455-1053792824-432003306-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.) HKU\S-1-5-21-2001810455-1053792824-432003306-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {824614af-cc37-11e1-bcaa-806e6f6e6963} - E:\Autorun.exe Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe () ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x388C895E4C60CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de SearchScopes: HKLM - DefaultScope value is missing. BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default FF DefaultSearchEngine: ICQ Search FF SelectedSearchEngine: ICQ Search FF Homepage: hxxp://www.google.de/ FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q= FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.) FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\searchplugins\searchplugins-backup FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: ProxTube - Unblock YouTube - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\ich@maltegoetz.de [2013-12-13] FF Extension: ProxTube - Unblock YouTube - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-06] FF Extension: DownloadHelper - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25] FF Extension: MEGA EXTENSION - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\firefox@mega.co.nz.xpi [2013-03-13] FF Extension: Adblock Plus - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-07] FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03] Chrome: ======= CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06] CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06] CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06] CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06] CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06] CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06] ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG) R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation) R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-06] () S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware) R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com) R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.) R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-13] (DT Soft Ltd) S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2013-01-30] (Huawei Technologies Co., Ltd.) R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-07-19] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-03-28] (Malwarebytes Corporation) S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X] S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-28 10:54 - 2014-03-28 10:54 - 00022998 _____ () C:\Users\Christoph\Downloads\FRST.txt 2014-03-28 10:53 - 2014-03-28 10:54 - 00000000 ____D () C:\FRST 2014-03-28 10:51 - 2014-03-28 10:52 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log 2014-03-28 10:51 - 2014-03-28 10:51 - 00000168 _____ () C:\Users\Christoph\defogger_reenable 2014-03-28 10:43 - 2014-03-28 10:44 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe 2014-03-28 10:41 - 2014-03-28 10:43 - 02157056 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe 2014-03-28 10:41 - 2014-03-28 10:41 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2014-03-28 10:38 - 2014-03-28 10:38 - 00001813 _____ () C:\Users\Christoph\Desktop\Mal.txt 2014-03-27 18:05 - 2014-03-27 21:53 - 454987666 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_12_[720p][9e4f4294].mkv 2014-03-27 14:14 - 2014-03-27 14:14 - 00000221 _____ () C:\Users\Christoph\Desktop\Magicka.url 2014-03-26 04:39 - 2014-03-26 09:03 - 735157995 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_12_[a17f0e3c].mkv 2014-03-26 03:08 - 2014-03-26 04:39 - 253799293 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_13_[2518B9C6].mp4 2014-03-26 01:56 - 2014-03-26 03:08 - 201105522 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_12_[5357AC14].mp4 2014-03-25 22:01 - 2014-03-26 01:56 - 236882537 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_11_[7ECA1CA8].mp4 2014-03-25 20:41 - 2014-03-25 22:01 - 203367690 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_10_[FC0C71B7].mp4 2014-03-25 19:17 - 2014-03-25 20:41 - 219208547 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_09_[71F3361F].mp4 2014-03-25 15:42 - 2014-03-25 19:17 - 265050854 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_08_[074D56D2].mp4 2014-03-25 14:31 - 2014-03-25 15:41 - 191508102 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_07_[3B9AFFC9].mp4 2014-03-25 13:14 - 2014-03-28 10:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-25 13:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-25 13:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-25 13:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-25 11:16 - 2014-03-25 11:22 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-25 10:09 - 2014-03-25 14:31 - 238123516 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_06_[328BC4DF].mp4 2014-03-25 00:12 - 2014-03-25 00:18 - 00000000 ____D () C:\AdwCleaner 2014-03-25 00:10 - 2014-03-25 00:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Christoph\Downloads\AdwCleaner - CHIP-Downloader.exe 2014-03-24 22:03 - 2014-03-25 10:09 - 194149829 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_05_[686977F1].mp4 2014-03-24 20:48 - 2014-03-24 22:03 - 189423856 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_04_[EA1BF988].mp4 2014-03-24 19:24 - 2014-03-24 20:48 - 224877582 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_03_[1E541C1D].mp4 2014-03-24 17:01 - 2014-03-24 19:24 - 195657590 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_02_[FF094504].mp4 2014-03-24 14:44 - 2014-03-24 17:01 - 250931047 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_01_[F0D58754].mp4 2014-03-24 12:17 - 2014-03-24 12:17 - 00046825 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel 2014-03-23 23:15 - 2014-03-24 14:44 - 1273190400 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_The_Movie.avi 2014-03-23 21:55 - 2014-03-24 15:56 - 217112576 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_02.avi 2014-03-23 20:03 - 2014-03-23 21:55 - 218476544 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_01.avi 2014-03-23 18:45 - 2014-03-23 20:03 - 211025925 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_13_Ger-Sub[64747C0A].avi 2014-03-23 16:22 - 2014-03-23 18:45 - 211675141 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_12_Ger-Sub[65BBE987].avi 2014-03-23 15:06 - 2014-03-23 16:22 - 210181495 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_11_Ger-Sub_E31D39A3_.mkv 2014-03-23 14:38 - 2014-03-23 14:38 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Risen 2014-03-23 11:50 - 2014-03-23 13:57 - 280598684 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_25_[720p][aac].mp4 2014-03-22 22:34 - 2014-03-23 15:06 - 209102853 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_10_Ger-Sub[EF3440FF].avi 2014-03-22 21:05 - 2014-03-22 22:34 - 212486149 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_09_Ger-Sub[0CAA284C].avi 2014-03-22 19:50 - 2014-03-22 21:05 - 202090501 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_08_Ger-Sub[71769945].avi 2014-03-22 18:35 - 2014-03-22 19:50 - 203929605 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_07_Ger-Sub_9F1B97EF_.avi 2014-03-22 17:12 - 2014-03-22 18:35 - 211075077 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_06_Ger-Sub[FAB14844].avi 2014-03-22 16:13 - 2014-03-22 16:13 - 00000620 _____ () C:\Users\Christoph\Desktop\Nehrim - Am Rande des Schicksals.lnk 2014-03-22 15:48 - 2014-03-22 16:06 - 00000493 _____ () C:\Users\Public\Desktop\Oblivion.lnk 2014-03-22 13:12 - 2014-03-22 17:12 - 209088517 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_05_Ger-Sub[EDF10BC7].avi 2014-03-22 11:24 - 2014-03-22 13:12 - 191328261 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_04_Ger-Sub[9ABBE0ED].avi 2014-03-22 02:09 - 2014-03-22 16:42 - 205623301 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_03_Ger-Sub[9B519BEE].avi 2014-03-21 18:19 - 2014-03-22 02:09 - 221575173 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_02_Ger-Sub[A2980A99].avi 2014-03-21 18:19 - 2014-03-21 19:53 - 244226053 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_-_01v2__94EBC1BD_.avi 2014-03-21 11:00 - 2014-03-21 11:00 - 00016125 _____ () C:\Users\Christoph\Downloads\Kopie.zip 2014-03-21 10:15 - 2014-03-21 14:38 - 526754744 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_11_[720p][cf50756d].mkv 2014-03-20 11:08 - 2014-03-21 08:10 - 1703282558 _____ () C:\Users\Christoph\Downloads\[DsunS]Yuusha_ni_Narenakatta_Ore_wa_Shibushibu_Shuushoku_o_Ketsui_Shimashita_13_OVA_[BD_10BIt_H264_1080p_FLAC].mkv 2014-03-20 09:00 - 2014-03-20 18:34 - 766018021 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_11_[58f8ca61].mkv 2014-03-18 13:54 - 2014-03-14 00:01 - 147036817 _____ () C:\Users\Christoph\Downloads\[ASL]_Horie_Yui_-_Golden_Time_OP2_ED2_-_The_Worlds_End_Haneikyouteki_ni_Aishite_yo_[MP3]_[w_Scans].rar 2014-03-18 13:54 - 2014-03-11 20:08 - 00000000 ____D () C:\Users\Christoph\Downloads\[ASL] Horie Yui - Golden Time OP2 ED2 - The♥World's♥End/Han'eikyouteki ni Aishite yo♥ [MP3] [w Scans] 2014-03-18 13:51 - 2014-03-18 13:54 - 151435608 _____ () C:\Users\Christoph\Downloads\2014-03-13_-1165283954.rar 2014-03-17 21:19 - 2014-03-17 21:33 - 577782138 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_10_[3fa13be1].mkv 2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Red Alert 3 Uprising 2014-03-16 19:32 - 2014-03-16 20:00 - 335176241 _____ () C:\Users\Christoph\Downloads\[toki-d]_wake_up,_girls__-_10_[720p][b192ab89].mkv 2014-03-16 19:31 - 2014-03-16 19:32 - 54222701 _____ () C:\Users\Christoph\Downloads\√Bestamvsofalltime ▪ Young and Beautiful(720p_H.264-AAC).mp4 2014-03-16 12:21 - 2014-03-16 12:35 - 265292463 _____ () C:\Users\Christoph\Downloads\[kaylith]_sakura_trick_-_10_[720p][bcff3bda].mkv 2014-03-16 11:28 - 2014-03-16 12:21 - 291200146 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_24_[720p][aac].mp4 2014-03-15 12:01 - 2014-03-15 12:11 - 434981341 _____ () C:\Users\Christoph\Downloads\[refrain_subs]_little_busters__ex_-_02_(720p_hi10p)_[61d08e60].mkv 2014-03-15 03:51 - 2014-03-13 19:26 - 499201971 _____ () C:\Users\Christoph\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_Shitai!_Ren_-_10_[720p][4FBADEFB].mkv 2014-03-15 03:47 - 2014-03-15 03:51 - 197709554 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part2.rar 2014-03-15 03:41 - 2014-03-15 03:47 - 316669952 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part1.rar 2014-03-15 03:34 - 2014-03-15 03:40 - 298596310 _____ () C:\Users\Christoph\Downloads\[fff]_golden_time_-_22_[74001b2b].mkv 2014-03-15 03:14 - 2014-03-15 03:34 - 511932670 _____ () C:\Users\Christoph\Downloads\[GK]Nagi no Asukara - 23(720p_10bit)[536FE96D].mkv 2014-03-15 02:34 - 2014-03-15 02:40 - 1743468800 _____ (SureAI ) C:\Users\Christoph\Downloads\NehrimInstall_1.5.0.5_DE.exe 2014-03-15 01:40 - 2014-03-15 02:34 - 00000057 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (6).txt 2014-03-15 00:24 - 2014-03-15 00:25 - 02687491 _____ () C:\Users\Christoph\Downloads\jp.gamegift.apk 2014-03-13 10:08 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 10:08 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 10:08 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 10:08 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 10:08 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 10:08 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 10:08 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 10:08 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 10:08 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 10:08 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 10:08 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 10:08 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 10:08 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 10:08 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 10:08 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 10:08 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 10:08 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 10:08 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 10:08 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 10:08 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 10:08 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 10:08 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 10:08 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 10:08 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 10:08 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 10:08 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 10:08 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 10:08 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 10:08 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 10:08 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 10:08 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 10:08 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 10:08 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 10:08 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 10:08 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 10:08 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 10:08 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 10:08 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 10:08 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 10:08 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 07:21 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 07:21 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 07:09 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 07:09 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-13 07:01 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 07:01 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 06:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 06:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-12 18:51 - 2014-03-12 18:51 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (5).txt 2014-03-11 13:01 - 2014-03-11 13:01 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (4).txt 2014-03-06 14:39 - 2014-03-06 15:06 - 00000093 _____ () C:\Users\Christoph\Desktop\User.txt 2014-03-03 21:24 - 2014-03-04 15:04 - 00001504 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (3).txt 2014-02-28 01:01 - 2014-02-28 01:01 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Skype ==================== One Month Modified Files and Folders ======= 2014-03-28 10:54 - 2014-03-28 10:54 - 00022998 _____ () C:\Users\Christoph\Downloads\FRST.txt 2014-03-28 10:54 - 2014-03-28 10:53 - 00000000 ____D () C:\FRST 2014-03-28 10:54 - 2012-11-22 23:35 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\NetSpeedMonitor 2014-03-28 10:53 - 2012-12-01 00:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype 2014-03-28 10:52 - 2014-03-28 10:51 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log 2014-03-28 10:52 - 2013-02-21 18:41 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\uTorrent 2014-03-28 10:51 - 2014-03-28 10:51 - 00000168 _____ () C:\Users\Christoph\defogger_reenable 2014-03-28 10:51 - 2012-07-12 17:31 - 00000000 ____D () C:\Users\Christoph 2014-03-28 10:44 - 2014-03-28 10:43 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe 2014-03-28 10:43 - 2014-03-28 10:41 - 02157056 _____ (Farbar) C:\Users\Christoph\Downloads\FRST64.exe 2014-03-28 10:41 - 2014-03-28 10:41 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe 2014-03-28 10:38 - 2014-03-28 10:38 - 00001813 _____ () C:\Users\Christoph\Desktop\Mal.txt 2014-03-28 10:36 - 2014-03-25 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-28 10:35 - 2012-07-16 11:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-28 09:49 - 2012-07-12 16:42 - 01550994 _____ () C:\Windows\WindowsUpdate.log 2014-03-27 21:53 - 2014-03-27 18:05 - 454987666 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_12_[720p][9e4f4294].mkv 2014-03-27 18:11 - 2013-02-23 23:55 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Aegisub 2014-03-27 18:11 - 2012-08-07 19:16 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc 2014-03-27 17:47 - 2012-07-30 12:00 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2014-03-27 14:14 - 2014-03-27 14:14 - 00000221 _____ () C:\Users\Christoph\Desktop\Magicka.url 2014-03-27 14:14 - 2013-05-06 22:06 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2014-03-27 09:32 - 2012-08-07 15:31 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Winamp 2014-03-27 04:58 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-27 04:58 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-26 22:11 - 2013-05-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Steam 2014-03-26 09:03 - 2014-03-26 04:39 - 735157995 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_12_[a17f0e3c].mkv 2014-03-26 04:39 - 2014-03-26 03:08 - 253799293 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_13_[2518B9C6].mp4 2014-03-26 03:08 - 2014-03-26 01:56 - 201105522 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_12_[5357AC14].mp4 2014-03-26 01:56 - 2014-03-25 22:01 - 236882537 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_11_[7ECA1CA8].mp4 2014-03-25 23:12 - 2011-04-12 08:43 - 04859988 _____ () C:\Windows\system32\perfh007.dat 2014-03-25 23:12 - 2011-04-12 08:43 - 01635674 _____ () C:\Windows\system32\perfc007.dat 2014-03-25 23:12 - 2009-07-14 06:13 - 00006500 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-25 23:07 - 2013-12-25 11:55 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat 2014-03-25 23:06 - 2012-07-30 12:00 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2014-03-25 23:06 - 2012-07-16 10:02 - 00000000 ____D () C:\ProgramData\NVIDIA 2014-03-25 23:06 - 2010-11-21 04:47 - 00354812 _____ () C:\Windows\PFRO.log 2014-03-25 23:06 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-25 23:06 - 2009-07-14 05:51 - 00102941 _____ () C:\Windows\setupact.log 2014-03-25 22:01 - 2014-03-25 20:41 - 203367690 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_10_[FC0C71B7].mp4 2014-03-25 20:41 - 2014-03-25 19:17 - 219208547 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_09_[71F3361F].mp4 2014-03-25 19:17 - 2014-03-25 15:42 - 265050854 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_08_[074D56D2].mp4 2014-03-25 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss 2014-03-25 15:41 - 2014-03-25 14:31 - 191508102 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_07_[3B9AFFC9].mp4 2014-03-25 14:31 - 2014-03-25 10:09 - 238123516 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_06_[328BC4DF].mp4 2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-25 11:22 - 2014-03-25 11:16 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-25 10:09 - 2014-03-24 22:03 - 194149829 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_05_[686977F1].mp4 2014-03-25 00:18 - 2014-03-25 00:12 - 00000000 ____D () C:\AdwCleaner 2014-03-25 00:10 - 2014-03-25 00:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Christoph\Downloads\AdwCleaner - CHIP-Downloader.exe 2014-03-24 22:03 - 2014-03-24 20:48 - 189423856 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_04_[EA1BF988].mp4 2014-03-24 20:48 - 2014-03-24 19:24 - 224877582 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_03_[1E541C1D].mp4 2014-03-24 19:24 - 2014-03-24 17:01 - 195657590 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_02_[FF094504].mp4 2014-03-24 17:01 - 2014-03-24 14:44 - 250931047 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_01_[F0D58754].mp4 2014-03-24 15:56 - 2014-03-23 21:55 - 217112576 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_02.avi 2014-03-24 14:44 - 2014-03-23 23:15 - 1273190400 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_The_Movie.avi 2014-03-24 12:17 - 2014-03-24 12:17 - 00046825 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel 2014-03-24 12:17 - 2012-08-07 19:22 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8 2014-03-23 21:55 - 2014-03-23 20:03 - 218476544 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_01.avi 2014-03-23 20:03 - 2014-03-23 18:45 - 211025925 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_13_Ger-Sub[64747C0A].avi 2014-03-23 18:45 - 2014-03-23 16:22 - 211675141 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_12_Ger-Sub[65BBE987].avi 2014-03-23 16:22 - 2014-03-23 15:06 - 210181495 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_11_Ger-Sub_E31D39A3_.mkv 2014-03-23 15:06 - 2014-03-22 22:34 - 209102853 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_10_Ger-Sub[EF3440FF].avi 2014-03-23 14:38 - 2014-03-23 14:38 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Risen 2014-03-23 14:38 - 2012-07-12 17:28 - 00613348 _____ () C:\Windows\DirectX.log 2014-03-23 13:57 - 2014-03-23 11:50 - 280598684 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_25_[720p][aac].mp4 2014-03-22 22:34 - 2014-03-22 21:05 - 212486149 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_09_Ger-Sub[0CAA284C].avi 2014-03-22 21:05 - 2014-03-22 19:50 - 202090501 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_08_Ger-Sub[71769945].avi 2014-03-22 19:50 - 2014-03-22 18:35 - 203929605 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_07_Ger-Sub_9F1B97EF_.avi 2014-03-22 18:35 - 2014-03-22 17:12 - 211075077 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_06_Ger-Sub[FAB14844].avi 2014-03-22 17:12 - 2014-03-22 13:12 - 209088517 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_05_Ger-Sub[EDF10BC7].avi 2014-03-22 16:42 - 2014-03-22 02:09 - 205623301 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_03_Ger-Sub[9B519BEE].avi 2014-03-22 16:13 - 2014-03-22 16:13 - 00000620 _____ () C:\Users\Christoph\Desktop\Nehrim - Am Rande des Schicksals.lnk 2014-03-22 16:13 - 2012-08-12 11:37 - 00000000 ____D () C:\Users\Christoph\Documents\My Games 2014-03-22 16:06 - 2014-03-22 15:48 - 00000493 _____ () C:\Users\Public\Desktop\Oblivion.lnk 2014-03-22 15:48 - 2012-07-12 17:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-03-22 13:12 - 2014-03-22 11:24 - 191328261 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_04_Ger-Sub[9ABBE0ED].avi 2014-03-22 02:09 - 2014-03-21 18:19 - 221575173 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_02_Ger-Sub[A2980A99].avi 2014-03-21 19:53 - 2014-03-21 18:19 - 244226053 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_-_01v2__94EBC1BD_.avi 2014-03-21 14:38 - 2014-03-21 10:15 - 526754744 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_11_[720p][cf50756d].mkv 2014-03-21 11:00 - 2014-03-21 11:00 - 00016125 _____ () C:\Users\Christoph\Downloads\Kopie.zip 2014-03-21 08:10 - 2014-03-20 11:08 - 1703282558 _____ () C:\Users\Christoph\Downloads\[DsunS]Yuusha_ni_Narenakatta_Ore_wa_Shibushibu_Shuushoku_o_Ketsui_Shimashita_13_OVA_[BD_10BIt_H264_1080p_FLAC].mkv 2014-03-21 00:51 - 2014-02-18 01:27 - 00000685 _____ () C:\Users\Christoph\Desktop\Tofu.txt 2014-03-20 18:34 - 2014-03-20 09:00 - 766018021 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_11_[58f8ca61].mkv 2014-03-18 13:54 - 2014-03-18 13:51 - 151435608 _____ () C:\Users\Christoph\Downloads\2014-03-13_-1165283954.rar 2014-03-18 08:48 - 2013-09-04 02:55 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 08:47 - 2012-07-30 13:23 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-17 21:33 - 2014-03-17 21:19 - 577782138 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_10_[3fa13be1].mkv 2014-03-17 06:51 - 2012-10-28 22:17 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-03-16 23:30 - 2012-08-07 21:41 - 00000000 ____D () C:\Users\Christoph\dwhelper 2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Red Alert 3 Uprising 2014-03-16 20:58 - 2012-08-21 08:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games 2014-03-16 20:00 - 2014-03-16 19:32 - 335176241 _____ () C:\Users\Christoph\Downloads\[toki-d]_wake_up,_girls__-_10_[720p][b192ab89].mkv 2014-03-16 19:32 - 2014-03-16 19:31 - 54222701 _____ () C:\Users\Christoph\Downloads\√Bestamvsofalltime ▪ Young and Beautiful(720p_H.264-AAC).mp4 2014-03-16 12:35 - 2014-03-16 12:21 - 265292463 _____ () C:\Users\Christoph\Downloads\[kaylith]_sakura_trick_-_10_[720p][bcff3bda].mkv 2014-03-16 12:21 - 2014-03-16 11:28 - 291200146 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_24_[720p][aac].mp4 2014-03-15 12:11 - 2014-03-15 12:01 - 434981341 _____ () C:\Users\Christoph\Downloads\[refrain_subs]_little_busters__ex_-_02_(720p_hi10p)_[61d08e60].mkv 2014-03-15 03:51 - 2014-03-15 03:47 - 197709554 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part2.rar 2014-03-15 03:47 - 2014-03-15 03:41 - 316669952 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part1.rar 2014-03-15 03:40 - 2014-03-15 03:34 - 298596310 _____ () C:\Users\Christoph\Downloads\[fff]_golden_time_-_22_[74001b2b].mkv 2014-03-15 03:34 - 2014-03-15 03:14 - 511932670 _____ () C:\Users\Christoph\Downloads\[GK]Nagi no Asukara - 23(720p_10bit)[536FE96D].mkv 2014-03-15 02:40 - 2014-03-15 02:34 - 1743468800 _____ (SureAI ) C:\Users\Christoph\Downloads\NehrimInstall_1.5.0.5_DE.exe 2014-03-15 02:34 - 2014-03-15 01:40 - 00000057 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (6).txt 2014-03-15 00:25 - 2014-03-15 00:24 - 02687491 _____ () C:\Users\Christoph\Downloads\jp.gamegift.apk 2014-03-14 01:48 - 2009-07-14 05:45 - 00273288 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 01:47 - 2012-10-19 08:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 01:47 - 2012-10-19 08:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-14 00:01 - 2014-03-18 13:54 - 147036817 _____ () C:\Users\Christoph\Downloads\[ASL]_Horie_Yui_-_Golden_Time_OP2_ED2_-_The_Worlds_End_Haneikyouteki_ni_Aishite_yo_[MP3]_[w_Scans].rar 2014-03-13 19:26 - 2014-03-15 03:51 - 499201971 _____ () C:\Users\Christoph\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_Shitai!_Ren_-_10_[720p][4FBADEFB].mkv 2014-03-12 18:51 - 2014-03-12 18:51 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (5).txt 2014-03-11 20:39 - 2012-07-16 11:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-11 20:39 - 2012-07-16 11:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 20:39 - 2012-07-16 11:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-03-11 20:08 - 2014-03-18 13:54 - 00000000 ____D () C:\Users\Christoph\Downloads\[ASL] Horie Yui - Golden Time OP2 ED2 - The♥World's♥End/Han'eikyouteki ni Aishite yo♥ [MP3] [w Scans] 2014-03-11 13:01 - 2014-03-11 13:01 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (4).txt 2014-03-11 02:20 - 2012-12-01 00:29 - 00000000 ___RD () C:\Program Files (x86)\Skype 2014-03-10 02:19 - 2014-03-10 00:46 - 244303904 _____ () C:\Users\Christoph\Downloads\[EROBEAT]_Imako_System_-_01_[LQ][x264][7DC0DFF6].mp4 2014-03-06 15:06 - 2014-03-06 14:39 - 00000093 _____ () C:\Users\Christoph\Desktop\User.txt 2014-03-05 09:26 - 2014-03-25 13:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-25 13:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-25 13:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-04 15:04 - 2014-03-03 21:24 - 00001504 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (3).txt 2014-03-01 07:05 - 2014-03-13 10:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-13 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-13 10:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-13 10:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-13 10:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-13 10:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-13 10:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-13 10:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-13 10:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-13 10:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-13 10:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-13 10:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-13 10:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-13 10:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-13 10:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-13 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-13 10:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-13 10:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-13 10:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-13 10:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 10:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-13 10:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 10:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-13 10:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-13 10:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-13 10:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-13 10:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-13 10:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-13 10:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-13 10:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-13 10:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-13 10:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-13 10:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 10:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 10:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-13 10:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-13 10:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-13 10:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-13 10:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-13 10:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 01:01 - 2014-02-28 01:01 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Skype 2014-02-28 01:01 - 2012-12-01 00:29 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk 2014-02-28 01:01 - 2012-12-01 00:28 - 00000000 ____D () C:\ProgramData\Skype Some content of TEMP: ==================== C:\Users\Christoph\AppData\Local\Temp\avgnt.exe C:\Users\Christoph\AppData\Local\Temp\drm_dyndata_7380015.dll C:\Users\Christoph\AppData\Local\Temp\EAD1860.exe C:\Users\Christoph\AppData\Local\Temp\EAD6576.exe C:\Users\Christoph\AppData\Local\Temp\EADC189.exe C:\Users\Christoph\AppData\Local\Temp\EADD622.exe C:\Users\Christoph\AppData\Local\Temp\EADF16F.exe C:\Users\Christoph\AppData\Local\Temp\Quarantine.exe C:\Users\Christoph\AppData\Local\Temp\SDuninst.exe C:\Users\Christoph\AppData\Local\Temp\SkypeSetup.exe C:\Users\Christoph\AppData\Local\Temp\sonarinst.exe C:\Users\Christoph\AppData\Local\Temp\UninstallEADM.dll C:\Users\Christoph\AppData\Local\Temp\vlc-2.0.6-win32.exe C:\Users\Christoph\AppData\Local\Temp\vlc-2.0.8-win32.exe C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.1-win32.exe C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.2-win32.exe C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.3-win32.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-03-20 01:43 ==================== End Of Log ============================ Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Christoph at 2014-03-28 10:54:38
Running from C:\Users\Christoph\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
FLIGHT DIARY (x32 Version: 1.00.0000 - WILLPLUS) Hidden
“Œ•û”ñ‘z“V‘¥ Ver1.10aƒAƒbƒvƒf[ƒg (HKLM-x32\...\{8E5CFA2B-8CC5-4C8D-88CB-C4A1D4AD9790}_is1) (Version: - ‰©¨ƒtƒƒ“ƒeƒBƒA)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29126 - BitTorrent Inc.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader X (10.1.7) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.7 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.8.638 - Adobe Systems, Inc.)
Aegisub 3.0.2 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 3.0.2 - Aegisub Team)
Alan Wake (HKLM-x32\...\Steam App 108710) (Version: - Remedy Entertainment)
Alan Wake's American Nightmare (HKLM-x32\...\Steam App 202750) (Version: - Remedy Entertainment)
Amazon MP3-Downloader 1.0.17 (HKLM-x32\...\Amazon MP3-Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
ATLAS Translation Standard V14.0 Trial Version (HKLM-x32\...\{6652750B-AA69-49B7-9D09-C0A28B6FFC9F}) (Version: 14.00.2000 - FUJITSU LIMITED)
Audacity 2.0.2 (HKLM-x32\...\Audacity_is1) (Version: 2.0.2 - Audacity Team)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Avidemux 2.6 (32-bit) (HKLM-x32\...\Avidemux 2.6) (Version: 2.6.0.8179 - )
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Belkin Connect Wireless USB Adapter (HKLM-x32\...\InstallShield_{08B73C99-D071-488F-8861-5DDA897C510D}) (Version: 1.0.0.3 - Belkin)
Belkin Connect Wireless USB Adapter (x32 Version: 1.0.0.3 - Belkin) Hidden
Binary Domain (HKLM-x32\...\Steam App 203750) (Version: - Sega)
Bing Bar (HKLM-x32\...\{FF6DD716-7B10-4269-9F19-FFB07AC4CD95}) (Version: 7.3.124.0 - Microsoft Corporation)
Burnout Paradise: The Ultimate Box (HKLM-x32\...\Steam App 24740) (Version: - Criterion Games)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
Chaos auf Deponia (HKLM-x32\...\Deponia 2) (Version: 1.1 - Daedalic Entertainment)
Command and Conquer: Red Alert 3 - Uprising (HKLM-x32\...\Steam App 24800) (Version: - EA Los Angeles)
Crayon Physics Deluxe version 55 (HKLM-x32\...\{4CA1E8E2-B2A9-40C1-8EC4-BBCB23BAAA19}_is1) (Version: 55 - Kloonigames, Ltd)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.4.0314 - DT Soft Ltd)
Darksiders II (HKLM-x32\...\Steam App 50650) (Version: - Vigil Games)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Driver San Francisco (HKLM-x32\...\Driver San Francisco) (Version: 1.4.0.0 - Ubisoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.0 - Dropbox, Inc.)
EAX4 Unified Redist (HKLM-x32\...\{89661B04-C646-4412-B6D3-5E19F02F1F37}) (Version: 4.001 - Creative Labs)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Eufloria HD (HKLM-x32\...\EufloriaHD) (Version: - )
EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc)
Exif-Viewer 2.51 (HKLM-x32\...\Exif-Viewer) (Version: 2.51 - Ralf Bibinger)
Fraps (HKLM-x32\...\Fraps) (Version: - )
Free YouTube to MP3 Converter version 3.11.37.1212 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.37.1212 - DVDVideoSoft Ltd.)
GIMP 2.8.0 (HKLM\...\GIMP-2_is1) (Version: 2.8.0 - The GIMP Team)
HF pAppLoc version 1.0 (HKLM-x32\...\{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1) (Version: 1.0 - Inquisitor)
High-Definition Video Playback (x32 Version: 11.1.11500.4.273 - Nero AG) Hidden
IF MY HEART HAD WINGS (HKCU\...\{5A0D1CE9-01BE-47E7-A019-45D5970AC1DA}) (Version: 1.00.0000 - MoeNovel)
IF MY HEART HAD WINGS (x32 Version: 1.00.0000 - MoeNovel) Hidden
ILLUSION @ふぉーむメイト (HKLM-x32\...\{2510CF9A-3D92-4D1E-9124-080F53F4E293}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン (HKLM-x32\...\{C109AF5B-69D0-4C93-B360-F28D9FAB6084}) (Version: 1.00.0000 - ILLUSION)
ILLUSION ジンコウガクエン きゃらめいく (HKLM-x32\...\{502499DC-2EDB-45A2-8F7C-83E6E5DE067E}) (Version: 1.00.0000 - ILLUSION)
Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.35342 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.3.1427 - Intel Corporation)
Intel(R) OpenCL CPU Runtime (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2656 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.4.220 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{09536BA1-E498-4CC3-B834-D884A67D7E34}) (Version: 1.23.605.1 - Intel Corporation)
Japanese Fonts Support For Adobe Reader X (HKLM-x32\...\{AC76BA86-7AD7-5760-0000-A00000000003}) (Version: 10.0.0 - Adobe Systems Incorporated)
Java 7 Update 21 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417021FF}) (Version: 7.0.210 - Oracle)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217017FF}) (Version: 7.0.210 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Just Cause 1.00.0000 (HKLM-x32\...\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}) (Version: 1.00.0000 - Eidos)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Landwirtschafts-Simulator 2009 Gold (HKLM-x32\...\FarmingSimulator2009GoldDE_is1) (Version: - GIANTS Software)
Legend of Grimrock (HKLM-x32\...\Legend of Grimrock) (Version: - )
Logon Screen (HKLM\...\{1730D13B-7517-4321-A88B-64627CF67CDC}_is1) (Version: - Daniel Rebelo)
Machinarium (HKLM-x32\...\Machinarium) (Version: 23.10.09 - Amanita Design, s.r.o.)
Magicka (HKLM-x32\...\Steam App 42910) (Version: - Arrowhead Game Studios)
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Medal of Honor(TM) Single Player (HKLM-x32\...\Steam App 47790) (Version: - Electronic Arts)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}) (Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{4CB0307C-565E-4441-86BE-0DF2E4FB828C}) (Version: 3.5.50.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Windows Application Compatibility Database (HKLM\...\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb) (Version: - )
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}) (Version: 1.20.146.0 - Microsoft)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mouse Editor (HKLM-x32\...\InstallShield_{3A4218DE-B9DB-4AD5-9DB2-5853D3AA0335}) (Version: 12.08.0006 - Ihr Firmenname)
MOUSE Editor (x32 Version: 12.08.0006 - Ihr Firmenname) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
NehrimUninstaller (HKLM-x32\...\Nehrim - Am Rande des Schicksals_is1) (Version: 1.0.0 - SureAI)
Nero 11 Kwik Themes Basic (x32 Version: 11.0.11200.12.0 - Nero AG) Hidden
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero Core Components 11 (x32 Version: 11.0.16300.1.23 - Nero AG) Hidden
Nero Kwik Media (HKLM-x32\...\{22758D8F-E023-44ED-8647-3C6985ABF663}) (Version: 11.2.00900 - Nero AG)
Nero Kwik Media (x32 Version: 1.14.12000.23.100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 11.0.10300 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.11500.1.5 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11500.28.0 - Nero AG) Hidden
nero.prerequisites.msi (x32 Version: 11.0.20010 - Nero AG) Hidden
NetSpeedMonitor 2.5.4.0 x64 (HKLM\...\{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}) (Version: 2.5.4.0 - Florian Gilles)
NSIS Hisoutensoku English (HKLM-x32\...\Hisoutensoku English) (Version: - )
NVIDIA 3D Vision Controller-Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.18 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.18 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.18 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.18 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.1031 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2018 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 320.18 (Version: 320.18 - NVIDIA Corporation) Hidden
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Oblivion (HKLM-x32\...\{C66BF9FD-D367-4E13-8EB8-385FFEA20DB3}) (Version: 1.2.0416 - Bethesda Softworks)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
piaip AppLocale (HKLM-x32\...\{394BE3D9-7F57-4638-A8D1-1D88671913B7}) (Version: 1.0.0 - MS)
Project64 1.6 (HKLM-x32\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
Rainmeter (HKLM-x32\...\Rainmeter) (Version: 2.4 beta r1617 - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6631 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.48 - Piriform)
Red Faction: Armageddon (HKLM-x32\...\Steam App 55110) (Version: - Volition)
Remote Control Server (HKLM-x32\...\{755C6515-9FEA-490C-B15E-22BB6519E57E}) (Version: 2.0.1.60 - Steppschuh)
Risen (HKLM-x32\...\Steam App 40300) (Version: - Piranha – Bytes)
Risen 2 - Dark Waters (HKLM-x32\...\Steam App 40390) (Version: - Piranha Bytes)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version: - Volition)
Sam and Max - Season One 1.0 (HKLM-x32\...\Sam and Max - Season One) (Version: 1.0 - JoWooD Productions)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.15.0 - SAMSUNG Electronics Co., Ltd.)
SeaDogs (HKLM-x32\...\SeaDogs) (Version: - )
Serious Sam 2 (HKLM-x32\...\Steam App 204340) (Version: - Croteam)
Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version: - Croteam)
Serious Sam Classic: The First Encounter (HKLM-x32\...\Steam App 41050) (Version: - Croteam)
Serious Sam HD: The First Encounter (HKLM-x32\...\Steam App 41000) (Version: - Croteam)
Serious Sam HD: The Second Encounter (HKLM-x32\...\Steam App 41010) (Version: - Croteam)
ShadowExplorer 0.9 (HKLM-x32\...\ShadowExplorer_is1) (Version: 0.9.462.0 - ShadowExplorer.com)
Sierra Utilities (HKLM-x32\...\Sierra Utilities) (Version: - )
SiSoftware Sandra Lite 2013.SP3a (HKLM\...\{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1) (Version: 19.44.2013.5 - SiSoftware)
Skype Click to Call (HKLM-x32\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.1.15383.6004 - Microsoft Corporation)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Snow Sakura (HKLM-x32\...\Snow Sakura) (Version: - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPER © v2012.build.54 (Nov 18, 2012) Version v2012.build.54 (HKLM-x32\...\{8F311E92-C29F-4DF9-8259-B739A1831669}_is1) (Version: v2012.build.54 - eRightSoft)
Swiff Player 1.7.2 (HKLM-x32\...\Swiff Player_is1) (Version: 1.7.2 - GlobFX Technologies)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.13.1 - TeamSpeak Systems GmbH)
TeamViewer 8 (HKLM-x32\...\TeamViewer 8) (Version: 8.0.26038 - TeamViewer)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.0.2 (HKLM\...\VLC media player) (Version: 2.0.2 - VideoLAN)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VLC Setup Helper (HKLM-x32\...\VLC Setup Helper_is1) (Version: - )
Waking Mars (HKLM-x32\...\Waking Mars) (Version: - Tiger Style)
WD Drive Utilities (HKLM-x32\...\{B2BCCFEC-2623-40E5-9522-DEC488E6B730}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{507B1304-194A-4204-A9D9-9BAAF51EF760}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD Security (HKLM-x32\...\{8A7B24E8-864E-4794-95C4-17644D0991AA}) (Version: 1.0.6.3 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{A7C403DA-B8D9-4CA0-93D9-6C7F00772240}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{ba99df5b-3e46-419e-81e2-544352772fda}) (Version: 2.2.1.6 - Western Digital Technologies, Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Codec Pack 4.0.3 (HKLM-x32\...\Windows 7 - Codec Pack) (Version: 4.0.3 - Windows 7 Codec Pack)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Messenger Companion Core (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Within A Deep Forest (HKLM-x32\...\{736D1B73-18AC-4F51-B544-44FD149B7E0B}) (Version: 1.00.0000 - Within A Deep Forest)
Wrye Bash (HKLM-x32\...\Wrye Bash) (Version: 0.3.0.0 - Wrye & Wrye Bash Development Team)
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
YTD Video Downloader 3.9.3 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: - GreenTree Applications SRL)
カスタムメイド3D (HKLM-x32\...\カスタムメイド3D) (Version: - )
この大空に、翼をひろげて FLIGHT DIARY (HKCU\...\{0A3E9ABF-9365-4B44-BA12-1D156EFD9545}) (Version: 1.00.0000 - WILLPLUS)
==================== Restore Points =========================
28-03-2014 00:36:14 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2013-04-23 17:49 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {340EA12A-A4AF-45E2-9D23-3554F496B259} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {4F5AEA2B-B26F-425E-BE20-C24A714821DF} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2001810455-1053792824-432003306-1000
Task: {7CDA93DC-15A4-4BA0-A864-6422D9DE69BD} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25] (Intel Corporation)
Task: {980D356F-A979-449B-95FC-FF3C6A14AA97} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {CDE5011A-3CF9-4CD7-AF06-FC2B5313157A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
Task: C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
==================== Loaded Modules (whitelisted) =============
2012-07-12 19:00 - 2013-05-12 21:34 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-07-30 11:59 - 2012-02-21 11:29 - 00128280 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
2013-12-06 07:07 - 2013-12-06 07:07 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2012-01-10 13:41 - 2013-09-03 13:32 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2012-08-16 04:11 - 2012-08-16 04:11 - 03333632 _____ () C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
2012-09-02 13:08 - 2012-09-02 13:08 - 00041160 _____ () C:\Program Files\Rainmeter\Rainmeter.exe
2012-09-02 13:08 - 2012-09-02 13:08 - 00734408 _____ () C:\Program Files\Rainmeter\Rainmeter.dll
2014-03-28 10:41 - 2014-03-28 10:41 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2013-03-20 10:09 - 2013-03-20 10:04 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2010-12-02 10:56 - 2010-12-02 10:56 - 00815104 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\OSD_Text\OSD_Text.dll
2011-01-09 13:45 - 2011-01-09 13:45 - 00088064 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_MouseDeviceManager.dll
2012-06-14 08:59 - 2012-06-14 08:59 - 02414080 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\ScreenCapture\ScreenCapture.dll
2012-05-17 04:17 - 2012-05-17 04:17 - 01000448 _____ () C:\Program Files (x86)\MOUSE Editor\Data\MouseEditor\Forms\TrayIconWebAdvertisement\TrayIconWebAdvertisement.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00085504 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ZoomControl.dll
2010-09-20 07:18 - 2010-09-20 07:18 - 00054272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_ScrollbarControl.dll
2011-04-12 08:14 - 2011-04-12 08:14 - 00063488 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInRight.dll
2010-11-01 13:16 - 2010-11-01 13:16 - 00062976 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_AnalyzeGesturesInOne.dll
2012-04-27 04:40 - 2012-04-27 04:40 - 00118272 _____ () C:\Program Files (x86)\MOUSE Editor\DLL\DLL_Wheel4D.dll
2012-07-30 11:59 - 2012-02-21 11:09 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-02-14 09:26 - 2014-02-14 09:26 - 03578992 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-10 10:31 - 2013-12-12 23:19 - 00142848 _____ () C:\Program Files (x86)\Steam\libavresample-1.dll
2014-01-10 10:31 - 2013-11-05 02:12 - 00890592 _____ () C:\Program Files (x86)\Steam\libavutil-52.dll
2013-03-25 13:23 - 2014-02-11 03:34 - 00751616 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2013-04-19 12:10 - 2014-02-25 22:57 - 01135296 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2013-03-26 15:16 - 2014-01-11 00:33 - 20625832 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 01100800 _____ () C:\Program Files (x86)\Steam\bin\avcodec-53.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00124416 _____ () C:\Program Files (x86)\Steam\bin\avutil-51.dll
2012-12-11 08:51 - 2013-06-15 00:49 - 00192000 _____ () C:\Program Files (x86)\Steam\bin\avformat-53.dll
2014-03-11 20:39 - 2014-03-11 20:39 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/26/2014 10:11:39 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/26/2014 00:21:39 AM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/25/2014 11:08:23 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/25/2014 11:07:43 PM) (Source: Steam Client Service) (User: )
Description: Error: Failed to poke open firewall
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (03/25/2014 11:09:10 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (03/25/2014 11:09:10 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (03/25/2014 11:09:10 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (03/25/2014 11:09:10 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (03/25/2014 11:06:34 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 25.03.2014 um 23:04:58 unerwartet heruntergefahren.
Error: (03/25/2014 05:35:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (03/25/2014 05:35:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (03/25/2014 05:35:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 0x800700b7
Error: (03/25/2014 05:35:58 PM) (Source: WMPNetworkSvc) (User: )
Description: 00x800700b7hxxp://+:10243/WMPNSSv4/2811996591/
Error: (03/25/2014 01:47:20 PM) (Source: volsnap) (User: )
Description: Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume "C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
Microsoft Office Sessions:
=========================
Error: (03/26/2014 10:11:39 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/26/2014 00:21:39 AM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (03/25/2014 11:12:51 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (03/25/2014 11:08:23 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/25/2014 11:07:43 PM) (Source: Steam Client Service)(User: )
Description: Failed to poke open firewall
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (03/25/2014 05:39:23 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2013-04-28 16:55:52.076
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\CHRIST~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-28 16:55:52.056
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\CHRIST~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-28 16:55:51.877
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-28 16:55:51.857
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-23 18:48:58.776
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-23 18:48:58.760
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-15 09:39:54.478
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\CHRIST~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-15 09:39:54.458
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Users\CHRIST~1\AppData\Local\Temp\EverestDriver.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-15 09:39:53.925
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-04-15 09:39:53.905
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files (x86)\Lavalys\EVEREST Home Edition\kerneld.amd64" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 23%
Total physical RAM: 16347.01 MB
Available physical RAM: 12546.28 MB
Total Pagefile: 32692.2 MB
Available Pagefile: 28341.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:160 GB) (Free:38.69 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:771.51 GB) (Free:196.14 GB) NTFS
Drive f: (My Passport) (Fixed) (Total:931.48 GB) (Free:355.74 GB) NTFS
Drive g: (OOZORA_FD) (CDROM) (Total:3.74 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: DE2CC6FD)
Partition: GPT Partition Type.
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931 GB) (Disk ID: 7D8067A8)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter ---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff80003807000 45 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff8000380702f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1788] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000071fe1a22 2 bytes [FE, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000071fe1ad0 2 bytes [FE, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000071fe1b08 2 bytes [FE, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000071fe1bba 2 bytes [FE, 71]
.text C:\Windows\SysWOW64\PnkBstrA.exe[2496] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000071fe1bda 2 bytes [FE, 71]
.text C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe[3320] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3420] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe[4940] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5092] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 0000000077b7000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[5092] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 0000000077bff8ea 5 bytes JMP 0000000177bad5c1
.text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe[4288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[4804] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
.text C:\Users\Christoph\Downloads\Defogger.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077b31465 2 bytes [B3, 77]
.text C:\Users\Christoph\Downloads\Defogger.exe[2248] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000077b314bb 2 bytes [B3, 77]
.text ... * 2
---- EOF - GMER 2.1 ----
Code:
ATTFilter Status: Infiziert
Quarantäne-Objekt: 76512f4b.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.26
Virendefinitionsdatei: 7.11.72.116
Gefunden: ADWARE/InstallRex.A
Datum/Uhrzeit: 15.04.2013, 10:23
Typ: Datei
Quelle: C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\5e1377f6-317bf30e
Status: Infiziert
Quarantäne-Objekt: 42173a14.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.26
Virendefinitionsdatei: 7.11.72.116
Gefunden: JAVA/Jogek.apt
Datum/Uhrzeit: 15.04.2013, 10:23
Typ: Datei
Quelle: C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\bb9e8e3-671ee1ea
Status: Infiziert
Quarantäne-Objekt: 107060f9.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.26
Virendefinitionsdatei: 7.11.72.116
Gefunden: EXP/JAVA.Edilage.Gen
Datum/Uhrzeit: 15.04.2013, 10:23
Typ: Datei
Quelle: C:\Users\Christoph\AppData\Local\Mozilla\Firefox\Profiles\tclm7k0f.default\Cache\E\87\ED084d01
Status: Infiziert
Quarantäne-Objekt: 58625cbe.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.18
Virendefinitionsdatei: 7.11.66.122
Gefunden: JS/Blacole.GB.105
Datum/Uhrzeit: 24.03.2013, 10:31
Code:
ATTFilter File System: NTFS
User: Christoph
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320160
Time Elapsed: 13 min, 12 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 6
PUP.Optional.Somoto, C:\Users\Christoph\AppData\Local\Temp\LDdpSux_.exe.part, Quarantined, [5e18da2d90eb5ed864004dd77b895fa1],
PUP.Optional.Delta.A, C:\Users\Christoph\AppData\Local\Temp\is1070216317\DeltaTB.exe, Quarantined, [6214a95e5229da5ce575e01e946ca25e],
PUP.Optional.OpenCandy, C:\Users\Christoph\Downloads\winamp563_full_emusic-7plus_de-de.exe, Quarantined, [373f9f6889f248eeed3f70b5778d10f0],
PUP.Optional.DealioTB.A, C:\Users\Christoph\Downloads\windows.7.codec.pack.v4.0.3.setup.exe, Quarantined, [b7bfa2654239d66037da070a34d0c33d],
PUP.Optional.MyEmoticons.A, C:\Users\Christoph\Downloads\YTDSetup_3.9.3.exe, Quarantined, [6511dc2b7ffc6dc912dde26c857c3dc3],
PUP.FunMoods, C:\Users\Christoph\Downloads\agsetup183se.exe, Quarantined, [670f51b6f08b86b0b99c2e7ba85813ed],
Physical Sectors: 0
(No malicious items detected)
(end)
|
|
28.03.2014, 11:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Audiowerbung auf dem PC Adware/Junkware/Toolbars entfernen
__________________1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
28.03.2014, 12:15
| #3 |
| | Audiowerbung auf dem PC Eine neue Addition.txt wurde nicht erstellt.
__________________FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Christoph (administrator) on CHRISTOPH-PC on 28-03-2014 12:02:09
Running from C:\Users\Christoph\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BBSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(www.shadowexplorer.com) C:\Program Files (x86)\ShadowExplorer\sesvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Program Files (x86)\puush\puush.exe
() C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe
() C:\Program Files\Rainmeter\Rainmeter.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe
(Western Digital Technologies, Inc.) C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [XboxStat] - C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-10-01] (Microsoft Corporation)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-07-19] (Intel Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [309688 2012-10-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-28] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-02-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [WD Drive Unlocker] - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe [1694080 2013-07-10] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [WD Quick View] - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5537136 2013-11-02] (Western Digital Technologies, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [966072 2012-10-11] (Samsung)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [580096 2012-10-09] (Samsung Electronics)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [puush] - C:\Program Files (x86)\puush\puush.exe [567880 2013-09-03] ()
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [843208 2012-11-03] (Samsung)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [Steam] - C:\Program Files (x86)\Steam\Steam.exe [1821888 2014-02-25] (Valve Corporation)
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [EA Core] - "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [OscarEditor] - C:\Program Files (x86)\MOUSE Editor\MouseEditor.exe [3333632 2012-08-16] ()
HKU\S-1-5-21-2001810455-1053792824-432003306-1000\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x388C895E4C60CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.124.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - ATLAS Toolbar - {3C6301ED-0F78-4AF2-8150-D9C052361A8E} - C:\Program Files (x86)\ATLAS V14\ATLIECP.DLL (FUJITSU LIMITED)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default
FF DefaultSearchEngine: ICQ Search
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.google.com/search?btnI=I%27m+Feeling+Lucky&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll (Amazon.com, Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\searchplugins\searchplugins-backup
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-06]
FF Extension: DownloadHelper - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-25]
FF Extension: MEGA EXTENSION - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\firefox@mega.co.nz.xpi [2013-03-13]
FF Extension: Adblock Plus - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-08-07]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-03-03]
Chrome:
=======
CHR Extension: (Google Docs) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-12-06]
CHR Extension: (Google Drive) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-12-06]
CHR Extension: (YouTube) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-12-06]
CHR Extension: (Google-Suche) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-12-06]
CHR Extension: (Google Wallet) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-12-06]
CHR Extension: (Google Mail) - C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-12-06]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-02-20] (Avira Operations GmbH & Co. KG)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-12-06] ()
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP3a\RpcAgentSrv.exe [71832 2009-04-22] (SiSoftware)
R2 sesvc; C:\Program Files (x86)\ShadowExplorer\sesvc.exe [9216 2013-01-02] (www.shadowexplorer.com)
R2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1042808 2013-11-02] (Western Digital Technologies, Inc.)
R2 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [270704 2013-11-02] (Western Digital Technologies, Inc.)
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-17] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-10-13] (DT Soft Ltd)
S3 huawei_wwanecm; C:\Windows\System32\DRIVERS\ew_juwwanecm.sys [239104 2013-01-30] (Huawei Technologies Co., Ltd.)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-07-19] ()
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz135; \??\C:\Windows\TEMP\cpuz135\cpuz135_x64.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-28 12:02 - 2014-03-28 12:02 - 00019775 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-03-28 11:59 - 2014-03-28 11:59 - 00001472 _____ () C:\Users\Christoph\Desktop\JRT.txt
2014-03-28 11:55 - 2014-03-28 11:46 - 01038974 _____ (Thisisu) C:\Users\Christoph\Desktop\JRT.exe
2014-03-28 11:46 - 2014-03-28 11:47 - 01950720 _____ () C:\Users\Christoph\Downloads\adwcleaner.exe
2014-03-28 11:45 - 2014-03-28 11:46 - 01038974 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe
2014-03-28 11:09 - 2014-03-28 11:09 - 00007810 _____ () C:\Users\Christoph\Desktop\gmer.txt
2014-03-28 10:54 - 2014-03-28 10:54 - 00059479 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-03-28 10:54 - 2014-03-28 10:54 - 00040580 _____ () C:\Users\Christoph\Downloads\Addition.txt
2014-03-28 10:53 - 2014-03-28 12:02 - 00000000 ____D () C:\FRST
2014-03-28 10:51 - 2014-03-28 10:52 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log
2014-03-28 10:51 - 2014-03-28 10:51 - 00000168 _____ () C:\Users\Christoph\defogger_reenable
2014-03-28 10:43 - 2014-03-28 10:44 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe
2014-03-28 10:41 - 2014-03-28 10:43 - 02157056 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-03-28 10:41 - 2014-03-28 10:41 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-03-28 10:38 - 2014-03-28 10:38 - 00001813 _____ () C:\Users\Christoph\Desktop\Mal.txt
2014-03-27 18:05 - 2014-03-27 21:53 - 454987666 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_12_[720p][9e4f4294].mkv
2014-03-27 14:14 - 2014-03-27 14:14 - 00000221 _____ () C:\Users\Christoph\Desktop\Magicka.url
2014-03-26 04:39 - 2014-03-26 09:03 - 735157995 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_12_[a17f0e3c].mkv
2014-03-26 03:08 - 2014-03-26 04:39 - 253799293 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_13_[2518B9C6].mp4
2014-03-26 01:56 - 2014-03-26 03:08 - 201105522 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_12_[5357AC14].mp4
2014-03-25 22:01 - 2014-03-26 01:56 - 236882537 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_11_[7ECA1CA8].mp4
2014-03-25 20:41 - 2014-03-25 22:01 - 203367690 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_10_[FC0C71B7].mp4
2014-03-25 19:17 - 2014-03-25 20:41 - 219208547 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_09_[71F3361F].mp4
2014-03-25 15:42 - 2014-03-25 19:17 - 265050854 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_08_[074D56D2].mp4
2014-03-25 14:31 - 2014-03-25 15:41 - 191508102 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_07_[3B9AFFC9].mp4
2014-03-25 13:14 - 2014-03-28 10:36 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-25 13:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-25 13:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-25 13:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-25 11:16 - 2014-03-25 11:22 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 10:09 - 2014-03-25 14:31 - 238123516 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_06_[328BC4DF].mp4
2014-03-25 00:12 - 2014-03-28 11:52 - 00000000 ____D () C:\AdwCleaner
2014-03-25 00:10 - 2014-03-25 00:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Christoph\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-03-24 22:03 - 2014-03-25 10:09 - 194149829 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_05_[686977F1].mp4
2014-03-24 20:48 - 2014-03-24 22:03 - 189423856 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_04_[EA1BF988].mp4
2014-03-24 19:24 - 2014-03-24 20:48 - 224877582 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_03_[1E541C1D].mp4
2014-03-24 17:01 - 2014-03-24 19:24 - 195657590 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_02_[FF094504].mp4
2014-03-24 14:44 - 2014-03-24 17:01 - 250931047 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_01_[F0D58754].mp4
2014-03-24 12:17 - 2014-03-24 12:17 - 00046825 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel
2014-03-23 23:15 - 2014-03-24 14:44 - 1273190400 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_The_Movie.avi
2014-03-23 21:55 - 2014-03-24 15:56 - 217112576 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_02.avi
2014-03-23 20:03 - 2014-03-23 21:55 - 218476544 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_01.avi
2014-03-23 18:45 - 2014-03-23 20:03 - 211025925 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_13_Ger-Sub[64747C0A].avi
2014-03-23 16:22 - 2014-03-23 18:45 - 211675141 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_12_Ger-Sub[65BBE987].avi
2014-03-23 15:06 - 2014-03-23 16:22 - 210181495 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_11_Ger-Sub_E31D39A3_.mkv
2014-03-23 14:38 - 2014-03-23 14:38 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Risen
2014-03-23 11:50 - 2014-03-23 13:57 - 280598684 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_25_[720p][aac].mp4
2014-03-22 22:34 - 2014-03-23 15:06 - 209102853 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_10_Ger-Sub[EF3440FF].avi
2014-03-22 21:05 - 2014-03-22 22:34 - 212486149 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_09_Ger-Sub[0CAA284C].avi
2014-03-22 19:50 - 2014-03-22 21:05 - 202090501 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_08_Ger-Sub[71769945].avi
2014-03-22 18:35 - 2014-03-22 19:50 - 203929605 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_07_Ger-Sub_9F1B97EF_.avi
2014-03-22 17:12 - 2014-03-22 18:35 - 211075077 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_06_Ger-Sub[FAB14844].avi
2014-03-22 16:13 - 2014-03-22 16:13 - 00000620 _____ () C:\Users\Christoph\Desktop\Nehrim - Am Rande des Schicksals.lnk
2014-03-22 15:48 - 2014-03-22 16:06 - 00000493 _____ () C:\Users\Public\Desktop\Oblivion.lnk
2014-03-22 13:12 - 2014-03-22 17:12 - 209088517 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_05_Ger-Sub[EDF10BC7].avi
2014-03-22 11:24 - 2014-03-22 13:12 - 191328261 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_04_Ger-Sub[9ABBE0ED].avi
2014-03-22 02:09 - 2014-03-22 16:42 - 205623301 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_03_Ger-Sub[9B519BEE].avi
2014-03-21 18:19 - 2014-03-22 02:09 - 221575173 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_02_Ger-Sub[A2980A99].avi
2014-03-21 18:19 - 2014-03-21 19:53 - 244226053 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_-_01v2__94EBC1BD_.avi
2014-03-21 11:00 - 2014-03-21 11:00 - 00016125 _____ () C:\Users\Christoph\Downloads\Kopie.zip
2014-03-21 10:15 - 2014-03-21 14:38 - 526754744 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_11_[720p][cf50756d].mkv
2014-03-20 11:08 - 2014-03-21 08:10 - 1703282558 _____ () C:\Users\Christoph\Downloads\[DsunS]Yuusha_ni_Narenakatta_Ore_wa_Shibushibu_Shuushoku_o_Ketsui_Shimashita_13_OVA_[BD_10BIt_H264_1080p_FLAC].mkv
2014-03-20 09:00 - 2014-03-20 18:34 - 766018021 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_11_[58f8ca61].mkv
2014-03-18 13:54 - 2014-03-14 00:01 - 147036817 _____ () C:\Users\Christoph\Downloads\[ASL]_Horie_Yui_-_Golden_Time_OP2_ED2_-_The_Worlds_End_Haneikyouteki_ni_Aishite_yo_[MP3]_[w_Scans].rar
2014-03-18 13:54 - 2014-03-11 20:08 - 00000000 ____D () C:\Users\Christoph\Downloads\[ASL] Horie Yui - Golden Time OP2 ED2 - The♥World's♥End/Han'eikyouteki ni Aishite yo♥ [MP3] [w Scans]
2014-03-18 13:51 - 2014-03-18 13:54 - 151435608 _____ () C:\Users\Christoph\Downloads\2014-03-13_-1165283954.rar
2014-03-17 21:19 - 2014-03-17 21:33 - 577782138 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_10_[3fa13be1].mkv
2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Red Alert 3 Uprising
2014-03-16 19:32 - 2014-03-16 20:00 - 335176241 _____ () C:\Users\Christoph\Downloads\[toki-d]_wake_up,_girls__-_10_[720p][b192ab89].mkv
2014-03-16 19:31 - 2014-03-16 19:32 - 54222701 _____ () C:\Users\Christoph\Downloads\√Bestamvsofalltime ▪ Young and Beautiful(720p_H.264-AAC).mp4
2014-03-16 12:21 - 2014-03-16 12:35 - 265292463 _____ () C:\Users\Christoph\Downloads\[kaylith]_sakura_trick_-_10_[720p][bcff3bda].mkv
2014-03-16 11:28 - 2014-03-16 12:21 - 291200146 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_24_[720p][aac].mp4
2014-03-15 12:01 - 2014-03-15 12:11 - 434981341 _____ () C:\Users\Christoph\Downloads\[refrain_subs]_little_busters__ex_-_02_(720p_hi10p)_[61d08e60].mkv
2014-03-15 03:51 - 2014-03-13 19:26 - 499201971 _____ () C:\Users\Christoph\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_Shitai!_Ren_-_10_[720p][4FBADEFB].mkv
2014-03-15 03:47 - 2014-03-15 03:51 - 197709554 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part2.rar
2014-03-15 03:41 - 2014-03-15 03:47 - 316669952 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part1.rar
2014-03-15 03:34 - 2014-03-15 03:40 - 298596310 _____ () C:\Users\Christoph\Downloads\[fff]_golden_time_-_22_[74001b2b].mkv
2014-03-15 03:14 - 2014-03-15 03:34 - 511932670 _____ () C:\Users\Christoph\Downloads\[GK]Nagi no Asukara - 23(720p_10bit)[536FE96D].mkv
2014-03-15 02:34 - 2014-03-15 02:40 - 1743468800 _____ (SureAI ) C:\Users\Christoph\Downloads\NehrimInstall_1.5.0.5_DE.exe
2014-03-15 01:40 - 2014-03-15 02:34 - 00000057 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (6).txt
2014-03-15 00:24 - 2014-03-15 00:25 - 02687491 _____ () C:\Users\Christoph\Downloads\jp.gamegift.apk
2014-03-13 10:08 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-13 10:08 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-13 10:08 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-13 10:08 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-13 10:08 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-13 10:08 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-13 10:08 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-13 10:08 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-13 10:08 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-13 10:08 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-13 10:08 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-13 10:08 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-13 10:08 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 10:08 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-13 10:08 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-13 10:08 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 10:08 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-13 10:08 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-13 10:08 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 10:08 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-13 10:08 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 10:08 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 10:08 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 10:08 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-13 10:08 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 10:08 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-13 10:08 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-13 10:08 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-13 10:08 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-13 10:08 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 10:08 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 10:08 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-13 10:08 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 10:08 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-13 10:08 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 10:08 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-13 10:08 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 10:08 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 10:08 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-13 10:08 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-13 07:21 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 07:21 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-13 07:09 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 07:09 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 07:01 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 07:01 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 06:43 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 06:43 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 18:51 - 2014-03-12 18:51 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (5).txt
2014-03-11 13:01 - 2014-03-11 13:01 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (4).txt
2014-03-06 14:39 - 2014-03-06 15:06 - 00000093 _____ () C:\Users\Christoph\Desktop\User.txt
2014-03-03 21:24 - 2014-03-04 15:04 - 00001504 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (3).txt
2014-02-28 01:01 - 2014-02-28 01:01 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Skype
==================== One Month Modified Files and Folders =======
2014-03-28 12:02 - 2014-03-28 12:02 - 00019775 _____ () C:\Users\Christoph\Desktop\FRST.txt
2014-03-28 12:02 - 2014-03-28 10:53 - 00000000 ____D () C:\FRST
2014-03-28 12:02 - 2012-11-22 23:35 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\NetSpeedMonitor
2014-03-28 12:01 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 12:01 - 2009-07-14 05:45 - 00028944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 11:59 - 2014-03-28 11:59 - 00001472 _____ () C:\Users\Christoph\Desktop\JRT.txt
2014-03-28 11:59 - 2011-04-12 08:43 - 04874530 _____ () C:\Windows\system32\perfh007.dat
2014-03-28 11:59 - 2011-04-12 08:43 - 01640192 _____ () C:\Windows\system32\perfc007.dat
2014-03-28 11:59 - 2009-07-14 06:13 - 00006500 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-28 11:56 - 2013-04-23 23:13 - 00000000 ____D () C:\Windows\ERUNT
2014-03-28 11:56 - 2012-12-01 00:29 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Skype
2014-03-28 11:55 - 2013-05-04 09:08 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-03-28 11:53 - 2013-12-25 11:55 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-03-28 11:53 - 2012-07-30 12:00 - 00000828 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-03-28 11:53 - 2012-07-16 10:02 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 11:53 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-28 11:53 - 2009-07-14 05:51 - 00103053 _____ () C:\Windows\setupact.log
2014-03-28 11:52 - 2014-03-25 00:12 - 00000000 ____D () C:\AdwCleaner
2014-03-28 11:52 - 2012-07-12 16:42 - 01555470 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 11:47 - 2014-03-28 11:46 - 01950720 _____ () C:\Users\Christoph\Downloads\adwcleaner.exe
2014-03-28 11:46 - 2014-03-28 11:55 - 01038974 _____ (Thisisu) C:\Users\Christoph\Desktop\JRT.exe
2014-03-28 11:46 - 2014-03-28 11:45 - 01038974 _____ (Thisisu) C:\Users\Christoph\Downloads\JRT.exe
2014-03-28 11:35 - 2012-07-16 11:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-28 11:09 - 2014-03-28 11:09 - 00007810 _____ () C:\Users\Christoph\Desktop\gmer.txt
2014-03-28 10:56 - 2013-02-21 18:41 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\uTorrent
2014-03-28 10:54 - 2014-03-28 10:54 - 00059479 _____ () C:\Users\Christoph\Downloads\FRST.txt
2014-03-28 10:54 - 2014-03-28 10:54 - 00040580 _____ () C:\Users\Christoph\Downloads\Addition.txt
2014-03-28 10:52 - 2014-03-28 10:51 - 00000480 _____ () C:\Users\Christoph\Downloads\defogger_disable.log
2014-03-28 10:51 - 2014-03-28 10:51 - 00000168 _____ () C:\Users\Christoph\defogger_reenable
2014-03-28 10:51 - 2012-07-12 17:31 - 00000000 ____D () C:\Users\Christoph
2014-03-28 10:44 - 2014-03-28 10:43 - 00380416 _____ () C:\Users\Christoph\Downloads\Gmer-19357.exe
2014-03-28 10:43 - 2014-03-28 10:41 - 02157056 _____ (Farbar) C:\Users\Christoph\Desktop\FRST64.exe
2014-03-28 10:41 - 2014-03-28 10:41 - 00050477 _____ () C:\Users\Christoph\Downloads\Defogger.exe
2014-03-28 10:38 - 2014-03-28 10:38 - 00001813 _____ () C:\Users\Christoph\Desktop\Mal.txt
2014-03-28 10:36 - 2014-03-25 13:14 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 21:53 - 2014-03-27 18:05 - 454987666 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_12_[720p][9e4f4294].mkv
2014-03-27 18:11 - 2013-02-23 23:55 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Aegisub
2014-03-27 18:11 - 2012-08-07 19:16 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\vlc
2014-03-27 17:47 - 2012-07-30 12:00 - 00000830 _____ () C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-03-27 14:14 - 2014-03-27 14:14 - 00000221 _____ () C:\Users\Christoph\Desktop\Magicka.url
2014-03-27 14:14 - 2013-05-06 22:06 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2014-03-27 09:32 - 2012-08-07 15:31 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Winamp
2014-03-26 09:03 - 2014-03-26 04:39 - 735157995 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_12_[a17f0e3c].mkv
2014-03-26 04:39 - 2014-03-26 03:08 - 253799293 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_13_[2518B9C6].mp4
2014-03-26 03:08 - 2014-03-26 01:56 - 201105522 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_12_[5357AC14].mp4
2014-03-26 01:56 - 2014-03-25 22:01 - 236882537 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_11_[7ECA1CA8].mp4
2014-03-25 23:06 - 2010-11-21 04:47 - 00354812 _____ () C:\Windows\PFRO.log
2014-03-25 22:01 - 2014-03-25 20:41 - 203367690 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_10_[FC0C71B7].mp4
2014-03-25 20:41 - 2014-03-25 19:17 - 219208547 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_09_[71F3361F].mp4
2014-03-25 19:17 - 2014-03-25 15:42 - 265050854 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_08_[074D56D2].mp4
2014-03-25 17:32 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Vss
2014-03-25 15:41 - 2014-03-25 14:31 - 191508102 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_07_[3B9AFFC9].mp4
2014-03-25 14:31 - 2014-03-25 10:09 - 238123516 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_06_[328BC4DF].mp4
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-25 13:14 - 2014-03-25 13:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-03-25 11:22 - 2014-03-25 11:16 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\Christoph\Downloads\mbam-setup-2.0.0.1000.exe
2014-03-25 10:09 - 2014-03-24 22:03 - 194149829 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_05_[686977F1].mp4
2014-03-25 00:10 - 2014-03-25 00:10 - 00613200 _____ (Chip Digital GmbH) C:\Users\Christoph\Downloads\AdwCleaner - CHIP-Downloader.exe
2014-03-24 22:03 - 2014-03-24 20:48 - 189423856 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_04_[EA1BF988].mp4
2014-03-24 20:48 - 2014-03-24 19:24 - 224877582 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_03_[1E541C1D].mp4
2014-03-24 19:24 - 2014-03-24 17:01 - 195657590 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_02_[FF094504].mp4
2014-03-24 17:01 - 2014-03-24 14:44 - 250931047 _____ () C:\Users\Christoph\Downloads\[Shou]_Love_Live!_-_01_[F0D58754].mp4
2014-03-24 15:56 - 2014-03-23 21:55 - 217112576 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_02.avi
2014-03-24 14:44 - 2014-03-23 23:15 - 1273190400 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_The_Movie.avi
2014-03-24 12:17 - 2014-03-24 12:17 - 00046825 _____ () C:\Users\Christoph\AppData\Local\recently-used.xbel
2014-03-24 12:17 - 2012-08-07 19:22 - 00000000 ____D () C:\Users\Christoph\.gimp-2.8
2014-03-23 21:55 - 2014-03-23 20:03 - 218476544 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com__AIR_-_In_Summer_01.avi
2014-03-23 20:03 - 2014-03-23 18:45 - 211025925 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_13_Ger-Sub[64747C0A].avi
2014-03-23 18:45 - 2014-03-23 16:22 - 211675141 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_12_Ger-Sub[65BBE987].avi
2014-03-23 16:22 - 2014-03-23 15:06 - 210181495 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_11_Ger-Sub_E31D39A3_.mkv
2014-03-23 15:06 - 2014-03-22 22:34 - 209102853 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_10_Ger-Sub[EF3440FF].avi
2014-03-23 14:38 - 2014-03-23 14:38 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Risen
2014-03-23 14:38 - 2012-07-12 17:28 - 00613348 _____ () C:\Windows\DirectX.log
2014-03-23 13:57 - 2014-03-23 11:50 - 280598684 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_25_[720p][aac].mp4
2014-03-22 22:34 - 2014-03-22 21:05 - 212486149 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_09_Ger-Sub[0CAA284C].avi
2014-03-22 21:05 - 2014-03-22 19:50 - 202090501 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_08_Ger-Sub[71769945].avi
2014-03-22 19:50 - 2014-03-22 18:35 - 203929605 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_07_Ger-Sub_9F1B97EF_.avi
2014-03-22 18:35 - 2014-03-22 17:12 - 211075077 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_06_Ger-Sub[FAB14844].avi
2014-03-22 17:12 - 2014-03-22 13:12 - 209088517 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_05_Ger-Sub[EDF10BC7].avi
2014-03-22 16:42 - 2014-03-22 02:09 - 205623301 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_03_Ger-Sub[9B519BEE].avi
2014-03-22 16:13 - 2014-03-22 16:13 - 00000620 _____ () C:\Users\Christoph\Desktop\Nehrim - Am Rande des Schicksals.lnk
2014-03-22 16:13 - 2012-08-12 11:37 - 00000000 ____D () C:\Users\Christoph\Documents\My Games
2014-03-22 16:06 - 2014-03-22 15:48 - 00000493 _____ () C:\Users\Public\Desktop\Oblivion.lnk
2014-03-22 15:48 - 2012-07-12 17:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-03-22 13:12 - 2014-03-22 11:24 - 191328261 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_04_Ger-Sub[9ABBE0ED].avi
2014-03-22 02:09 - 2014-03-21 18:19 - 221575173 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_[TK]AIR_02_Ger-Sub[A2980A99].avi
2014-03-21 19:53 - 2014-03-21 18:19 - 244226053 _____ () C:\Users\Christoph\Downloads\www.eliteanimes.com_AIR_-_01v2__94EBC1BD_.avi
2014-03-21 14:38 - 2014-03-21 10:15 - 526754744 _____ () C:\Users\Christoph\Downloads\[ftw]_chuunibyou_demo_koi_ga_shitai__ren_-_11_[720p][cf50756d].mkv
2014-03-21 11:00 - 2014-03-21 11:00 - 00016125 _____ () C:\Users\Christoph\Downloads\Kopie.zip
2014-03-21 08:10 - 2014-03-20 11:08 - 1703282558 _____ () C:\Users\Christoph\Downloads\[DsunS]Yuusha_ni_Narenakatta_Ore_wa_Shibushibu_Shuushoku_o_Ketsui_Shimashita_13_OVA_[BD_10BIt_H264_1080p_FLAC].mkv
2014-03-21 00:51 - 2014-02-18 01:27 - 00000685 _____ () C:\Users\Christoph\Desktop\Tofu.txt
2014-03-20 18:34 - 2014-03-20 09:00 - 766018021 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_11_[58f8ca61].mkv
2014-03-18 13:54 - 2014-03-18 13:51 - 151435608 _____ () C:\Users\Christoph\Downloads\2014-03-13_-1165283954.rar
2014-03-18 08:48 - 2013-09-04 02:55 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-18 08:47 - 2012-07-30 13:23 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-17 21:33 - 2014-03-17 21:19 - 577782138 _____ () C:\Users\Christoph\Downloads\[fff]_witch_craft_works_-_10_[3fa13be1].mkv
2014-03-17 06:51 - 2012-10-28 22:17 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-03-16 23:30 - 2012-08-07 21:41 - 00000000 ____D () C:\Users\Christoph\dwhelper
2014-03-16 21:00 - 2014-03-16 21:00 - 00000000 ____D () C:\Users\Christoph\AppData\Roaming\Red Alert 3 Uprising
2014-03-16 20:58 - 2012-08-21 08:57 - 00000000 ____D () C:\Windows\System32\Tasks\Games
2014-03-16 20:00 - 2014-03-16 19:32 - 335176241 _____ () C:\Users\Christoph\Downloads\[toki-d]_wake_up,_girls__-_10_[720p][b192ab89].mkv
2014-03-16 19:32 - 2014-03-16 19:31 - 54222701 _____ () C:\Users\Christoph\Downloads\√Bestamvsofalltime ▪ Young and Beautiful(720p_H.264-AAC).mp4
2014-03-16 12:35 - 2014-03-16 12:21 - 265292463 _____ () C:\Users\Christoph\Downloads\[kaylith]_sakura_trick_-_10_[720p][bcff3bda].mkv
2014-03-16 12:21 - 2014-03-16 11:28 - 291200146 _____ () C:\Users\Christoph\Downloads\[deadfish]_log_horizon_-_24_[720p][aac].mp4
2014-03-15 12:11 - 2014-03-15 12:01 - 434981341 _____ () C:\Users\Christoph\Downloads\[refrain_subs]_little_busters__ex_-_02_(720p_hi10p)_[61d08e60].mkv
2014-03-15 03:51 - 2014-03-15 03:47 - 197709554 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part2.rar
2014-03-15 03:47 - 2014-03-15 03:41 - 316669952 _____ () C:\Users\Christoph\Downloads\2014-03-13_-821338226.part1.rar
2014-03-15 03:40 - 2014-03-15 03:34 - 298596310 _____ () C:\Users\Christoph\Downloads\[fff]_golden_time_-_22_[74001b2b].mkv
2014-03-15 03:34 - 2014-03-15 03:14 - 511932670 _____ () C:\Users\Christoph\Downloads\[GK]Nagi no Asukara - 23(720p_10bit)[536FE96D].mkv
2014-03-15 02:40 - 2014-03-15 02:34 - 1743468800 _____ (SureAI ) C:\Users\Christoph\Downloads\NehrimInstall_1.5.0.5_DE.exe
2014-03-15 02:34 - 2014-03-15 01:40 - 00000057 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (6).txt
2014-03-15 00:25 - 2014-03-15 00:24 - 02687491 _____ () C:\Users\Christoph\Downloads\jp.gamegift.apk
2014-03-14 01:48 - 2009-07-14 05:45 - 00273288 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 01:47 - 2012-10-19 08:33 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 01:47 - 2012-10-19 08:33 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-14 00:01 - 2014-03-18 13:54 - 147036817 _____ () C:\Users\Christoph\Downloads\[ASL]_Horie_Yui_-_Golden_Time_OP2_ED2_-_The_Worlds_End_Haneikyouteki_ni_Aishite_yo_[MP3]_[w_Scans].rar
2014-03-13 19:26 - 2014-03-15 03:51 - 499201971 _____ () C:\Users\Christoph\Downloads\[FTW]_Chuunibyou_demo_Koi_ga_Shitai!_Ren_-_10_[720p][4FBADEFB].mkv
2014-03-12 18:51 - 2014-03-12 18:51 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (5).txt
2014-03-11 20:39 - 2012-07-16 11:36 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 20:39 - 2012-07-16 11:36 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 20:39 - 2012-07-16 11:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-11 20:08 - 2014-03-18 13:54 - 00000000 ____D () C:\Users\Christoph\Downloads\[ASL] Horie Yui - Golden Time OP2 ED2 - The♥World's♥End/Han'eikyouteki ni Aishite yo♥ [MP3] [w Scans]
2014-03-11 13:01 - 2014-03-11 13:01 - 00000000 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (4).txt
2014-03-11 02:20 - 2012-12-01 00:29 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-10 02:19 - 2014-03-10 00:46 - 244303904 _____ () C:\Users\Christoph\Downloads\[EROBEAT]_Imako_System_-_01_[LQ][x264][7DC0DFF6].mp4
2014-03-06 15:06 - 2014-03-06 14:39 - 00000093 _____ () C:\Users\Christoph\Desktop\User.txt
2014-03-05 09:26 - 2014-03-25 13:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-05 09:26 - 2014-03-25 13:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-25 13:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-04 15:04 - 2014-03-03 21:24 - 00001504 _____ () C:\Users\Christoph\Desktop\Neues Textdokument (3).txt
2014-03-01 07:05 - 2014-03-13 10:08 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-01 06:17 - 2014-03-13 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-01 06:16 - 2014-03-13 10:08 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-01 05:58 - 2014-03-13 10:08 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-01 05:52 - 2014-03-13 10:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-01 05:51 - 2014-03-13 10:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-01 05:42 - 2014-03-13 10:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-01 05:40 - 2014-03-13 10:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-01 05:37 - 2014-03-13 10:08 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-01 05:33 - 2014-03-13 10:08 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-01 05:33 - 2014-03-13 10:08 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-01 05:32 - 2014-03-13 10:08 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-01 05:30 - 2014-03-13 10:08 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-01 05:23 - 2014-03-13 10:08 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-01 05:17 - 2014-03-13 10:08 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-01 05:11 - 2014-03-13 10:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-01 05:02 - 2014-03-13 10:08 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-01 04:54 - 2014-03-13 10:08 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-01 04:52 - 2014-03-13 10:08 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-01 04:51 - 2014-03-13 10:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-01 04:47 - 2014-03-13 10:08 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-01 04:43 - 2014-03-13 10:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-01 04:43 - 2014-03-13 10:08 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-01 04:42 - 2014-03-13 10:08 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-01 04:40 - 2014-03-13 10:08 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-01 04:38 - 2014-03-13 10:08 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-01 04:37 - 2014-03-13 10:08 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-01 04:35 - 2014-03-13 10:08 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-01 04:18 - 2014-03-13 10:08 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-01 04:16 - 2014-03-13 10:08 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-01 04:14 - 2014-03-13 10:08 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-01 04:10 - 2014-03-13 10:08 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-01 04:03 - 2014-03-13 10:08 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-01 04:00 - 2014-03-13 10:08 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-01 03:57 - 2014-03-13 10:08 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-01 03:38 - 2014-03-13 10:08 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-01 03:32 - 2014-03-13 10:08 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-01 03:27 - 2014-03-13 10:08 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-01 03:25 - 2014-03-13 10:08 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-01 03:25 - 2014-03-13 10:08 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 01:01 - 2014-02-28 01:01 - 00000000 ____D () C:\Users\Christoph\AppData\Local\Skype
2014-02-28 01:01 - 2012-12-01 00:29 - 00002699 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-02-28 01:01 - 2012-12-01 00:28 - 00000000 ____D () C:\ProgramData\Skype
Some content of TEMP:
====================
C:\Users\Christoph\AppData\Local\Temp\avgnt.exe
C:\Users\Christoph\AppData\Local\Temp\drm_dyndata_7380015.dll
C:\Users\Christoph\AppData\Local\Temp\EAD1860.exe
C:\Users\Christoph\AppData\Local\Temp\EAD6576.exe
C:\Users\Christoph\AppData\Local\Temp\EADC189.exe
C:\Users\Christoph\AppData\Local\Temp\EADD622.exe
C:\Users\Christoph\AppData\Local\Temp\EADF16F.exe
C:\Users\Christoph\AppData\Local\Temp\Quarantine.exe
C:\Users\Christoph\AppData\Local\Temp\SDuninst.exe
C:\Users\Christoph\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Christoph\AppData\Local\Temp\sonarinst.exe
C:\Users\Christoph\AppData\Local\Temp\UninstallEADM.dll
C:\Users\Christoph\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Christoph\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.1-win32.exe
C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.2-win32.exe
C:\Users\Christoph\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-20 01:43
==================== End Of Log ============================
--- --- --- ADW: Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 28/03/2014 um 11:52:32
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christoph - CHRISTOPH-PC
# Gestartet von : C:\Users\Christoph\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
-\\ Mozilla Firefox v27.0.1 (de)
[ Datei : C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\tclm7k0f.default\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [4240 octets] - [25/03/2014 00:13:00]
AdwCleaner[R1].txt - [1060 octets] - [28/03/2014 11:50:47]
AdwCleaner[S0].txt - [3974 octets] - [25/03/2014 00:18:34]
AdwCleaner[S1].txt - [983 octets] - [28/03/2014 11:52:32]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1042 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x64
Ran by Christoph on 28.03.2014 at 11:56:38,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Empty Folder] C:\Users\Christoph\appdata\local\{A0D5A7D8-62ED-4AF4-A090-6C7D6908DAF1}
Successfully deleted: [Empty Folder] C:\Users\Christoph\appdata\local\{A5699A81-31C0-4B21-9EB7-CB01196C6426}
~~~ FireFox
Successfully deleted the following from C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\tclm7k0f.default\prefs.js
user_pref("browser.newtabpage.pinned", "[{\"url\":\"hxxp://360-live.de/forum/\",\"title\":\"Startseite - 360-Live.de Forum\"},{\"url\":\"hxxp://www.animenewsnetwork.com/\",\"t
Emptied folder: C:\Users\Christoph\AppData\Roaming\mozilla\firefox\profiles\tclm7k0f.default\minidumps [430 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.03.2014 at 11:59:20,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
28.03.2014, 12:41
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Audiowerbung auf dem PC Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.03.2014, 00:54
| #5 |
| | Audiowerbung auf dem PC Die Scans sind soeben fertig geworden. Hier die Logfiles Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 28.03.2014 Scan Time: 13:05:52 Logfile: Mal.txt Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.03.28.04 Rootkit Database: v2014.03.27.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Christoph Scan Type: Threat Scan Result: Completed Objects Scanned: 320735 Time Elapsed: 7 min, 54 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=5a7356f44c13d14f9cc98ec6d2bae79b
# engine=17660
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-03-28 03:16:45
# local_time=2014-03-28 04:16:45 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 30321 166691110 23109 0
# compatibility_mode=5893 16776573 100 94 15170 147649655 0 0
# scanned=270481
# found=0
# cleaned=0
# scan_time=9930
Da ich eine sehr langsame Internetverbindung habe (ca. 48kb/s) wurde sie nur in "Stücken" abgespielt. In dieser Zeit habe ich die offenen Programme deaktiviert und die Werbung sowie unidentifizierter Download-Traffic laut NetSpeedMonitor hörte sofort auf. Folgende Programme wurden geschlossen: Firefox, uTorrent, Skype Kann es sein, dass sich dort etwas eingeschlichen hat? |
|
29.03.2014, 00:55
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Audiowerbung auf dem PC Erstell dir mal ein neues Profil und teste => http://support.mozilla.com/de/kb/Profile%20verwalten
__________________ --> Audiowerbung auf dem PC |
|
Linear-Darstellung
